Information Technology Agreements and the Health Sector:

Information technology and data management has become a necessary part of patient care in Australia. As health information is highly personal, privacy and protection of that information is extremely important, and your information technology agreement will need to ensure appropriate privacy and security risk management strategies are in place.

Some of the issues which should be covered in your agreement with an IT provider include:

Management of personal or health information:

your agreement should set out how personal or health information will be managed.  This may include describing the processes for handling this information, and a commitment from the provider that the information will be managed in accordance with legislation;

Data security:

What data security requirements must your IT provider meet?  Are they sufficient to ensure your data is held securely? Do you know if your IT provider will use subcontractors – if yes, do you have to approve those subcontractors?  What requirements will those subcontracts need to comply with? Will any of your data be sent or stored overseas? What happens to your data at the end of the contract?

What happens if there is a data breach ?  Will your service provider notify you as soon as a breach occurs?  Who will notify the Information Commissioner (if that is required)? What steps is the service provider required to take to rectify the breach, retrieve and secure the data?  Will you have to pay an additional amount? Is the data breach a ground to terminate the agreement? Is the service provider required to ensure changes are made so that a breach does not occur again?  These are all issues which should be addressed in your agreement with your IT provider.

These are just come of the issues which you should consider when entering an agreement with an IT services provider to ensure your data is held securely and protected.  There are obviously many other things you should consider – payment terms, key performance indicators, uptime guarantees, and response times – to name just a few. If you are entering into a contract with an IT service provider,  speak to Sinclair + May about how to ensure your business is appropriately protected.

Go back