The Department of Health (the department) is responsible for managing and administering the Australian Government Hearing Services Program (the program).
As specified in the Service Provider Contract (the contract), program client records are owned by the Commonwealth. Contracted Service Providers (providers) must manage, store, transfer and dispose of program client records in accordance with the contract, program legislation, the Archives Act 1983, the Privacy Act 1988 and the Freedom of Information Act 1982.
Cloud storage allows for shared access to documents via the internet or a company network, but must still ensure the protection of client records. Under clause 17.5 of the contract, program client records must not be taken outside Australia without prior written approval from the Commonwealth. This includes storing client records on overseas servers.
The Australian Signals Directorate (the ASD) no longer certifies cloud service providers and all previous certifications are now void. Providers can continue to use their previously certified cloud services. Any new providers entering the program or existing providers wishing to change their cloud provider or start using cloud services must contact the Program at hearing@health.gov.au before storing client records on a new service.