WA Primary Health Alliance (WAPHA) has achieved ISO 27001:2022 Certification, reflecting the organisation’s unwavering commitment to the highest standards of information security management.
This accomplishment confirms WAPHA has a system in place to manage risks related to the security of the data it holds, and that it respects all the best practices and principles enshrined in this International Standard. It was achieved by thorough risk assessments, strong access controls and monitoring mechanisms to manage cybersecurity threats.
It reinforces WAPHA’s proactivity and leadership in adopting best practice approaches across its activities, with other accreditations being the QIC Health and Community Services Standards and Rainbow Tick LGBTIQA+ Inclusion Standards.
As the operator of WA’s three Primary Health Networks (PHNs), WAPHA is the custodian of anonymised health data from the provision of primary care services. This is used for program planning, evaluation and to inform GPs about their service provision and the communities they serve. It also holds personal information on its own operations, such as employee records.
Additionally, WAPHA leads Primary Health Insights, a national data storage and analytics platform used by 30 PHNs and the Australian Institute of Health and Welfare. It securely hosts deidentified general practice and other primary health care data under strict data sharing agreements.
The certification audit acknowledges the Primary Health Insights platform, as well as the applications it supports, was built and is operated with the highest levels of data governance and security in mind.
WAPHA CEO, Bernie Kenny, said ISO 27001:2022 Certification is significant for everyone involved — from Primary Health Insights participants to general practices and WAPHA staff.
“Pleasingly, the organisation passed the rigorous audit with flying colours with no minor or major non-conformance indicators or opportunities for improvement identified across the 93 controls,” Mrs Kenny said.
The independent auditor commended WAPHA for being a benchmark organisation in its commitment and approach to information security.
“It serves as a robust validation of our organisation’s stringent security measures, at every level, and of the awareness and compliance across our entire team,” Mrs Kenny said.
“Privacy and data security are top priorities for PHN boards and CEOs, and the WAPHA Board and Executive take their responsibilities in this area extremely seriously.
“This certification shows our commitment to keeping data safe, both within WAPHA and across the national digital platforms we operate on behalf of the PHNs.”
ISO 27001 is a security framework created by the International Organization for Standardization that assesses a company’s ability to keep its data safe. To achieve certification, companies must complete an audit to verify that they comply with rigorous standards.