Generic Security Policy - Free Download | Page 7
4.1, 3597 votes
Please vote for this template if it helps you.
Generic Security Policy
Version 1.1 – 08/03/2005 Page 7 of 24
2 General Security Policy and Standards
To establish and maintain adequate and effective information security safeguards for users to
ensure that the confidentiality, integrity and operational availability of Practice and patient
information is not compromised.
Sensitive information must be safeguarded against unauthorised disclosure, modification,
access, use, destruction, or delay in service.
Each user has a duty and responsibility to other Practice staff members to comply with the
information protection policies and procedures detailed in this document.
2.2 Legal requirements
With specific reference to the Health Information Privacy Code 1994, Rule 5 – Storage and
Security of Health Information, the Practice has the role of responsible custodian of health
and patient information and will therefore promote and help protect the privacy of personal
2.3 Security policy reviews
The standard and quality of the information security controls implemented at this Practice will
be verified through periodic reviews to ensure compliance.
2.4 Sensitivity of information
Most health related information is collected in a situation of confidence and trust, is generally
highly sensitive and may include particularly sensitive personal details.
There are two main types of sensitive information:
• health information collected and controlled in accordance with the Health Information
Privacy Code 1994  or with other relevant health-related legislation, and
• any other information provided on the Practice computer system that is sensitive for other
reasons; such as commercial information, staff related information or any other
information which may be considered sensitive.
See also section 4.2, “Information classification”.