Australian primary care health check: Who is accountable for information security?

Rachel J. Mahncke, Patricia A.H. Williams

Research output: Contribution to conferencePaperpeer-review

1 Citation (Scopus)


Primary healthcare in Australia is vulnerable to a multitude of information security threats and insecure practices. This situation is increasingly important in the developing e-health environment. Information security is everyone's responsibility and it is extensively documented in international standards and best practice frameworks, that this responsibility should be part of formal job descriptions. This necessitates incorporation of security at a functional level for all staff. These responsibilities are integral to demonstrable accountability, together with an authority to take action. Indeed, whilst senior management will ultimately be held accountable, staff need to be aware of the potential issues, given the responsibility to be vigilant, and the authority to act when information security issues arise. This is pertinent within Australian primary healthcare where the accountability for information security is most often devolved to the role of the practice manager. This paper analyses information security accountability from an operational and strategic security capability viewpoint in terms of responsibility and authority. Further, it discusses this in regard to the associated information security governance perspective. In the trustful primary healthcare environment, the accountability for information security resides with operational level staff who have many competing aspects to their role. The paper suggests how to manage this layer of security without burdening the already busy practice manager.

Original languageEnglish
Number of pages7
Publication statusPublished - 1 Dec 2011
Event9th Australian Information Security Management Conference, AISM - Perth, WA, Australia
Duration: 5 Dec 20117 Dec 2011


Conference9th Australian Information Security Management Conference, AISM
CityPerth, WA


  • Accountability
  • CMM
  • General medical practice
  • Governance capability
  • Healthcare security
  • Information security governance


Dive into the research topics of 'Australian primary care health check: Who is accountable for information security?'. Together they form a unique fingerprint.

Cite this