Hearing Services Program Cloud Service Provider Checklist

Hearing Services Program (HSP) HSP Cloud Service Provider Checklist / IRAP Assessment - MANAGE IT Regulatory

Provider Factsheet - Management of Client Records

The Department of Health (the department) is responsible for managing and administering the Australian Government Hearing Services Program (the program).

As specified in the Service Provider Contract (the contract), program client records are owned by the Commonwealth. Contracted Service Providers (providers) must manage, store, transfer and dispose of program client records in accordance with the contract, program legislation, the Archives Act 1983, the Privacy Act 1988 and the Freedom of Information Act 1982.

Client personal and health information is deemed sensitive information under the Australian Privacy Principles (APP) and extra precautions are required in the management of this information.
  • Cloud Storage

    Cloud storage allows for shared access to documents via the internet or a company network, but must still ensure the protection of client records. Under clause 17.5 of the contract, program client records must not be taken outside Australia without prior written approval from the Commonwealth. This includes storing client records on overseas servers.

    The Australian Signals Directorate (the ASD) no longer certifies cloud service providers and all previous certifications are now void. Providers can continue to use their previously certified cloud services. Any new providers entering the program or existing providers wishing to change their cloud provider or start using cloud services must contact the Program at hearing@health.gov.au before storing client records on a new service.

    • Providers must not use unsecured cloud services, such as Google Drive, Google Docs, Dropbox etc, as these may be hosted overseas and do not have Privacy Act protections.
    • If providers wish to change cloud providers or start using a cloud service, the security of the service must be assessed. Only an independent Information Security Registered Assessors Program (IRAP) assessor can perform this assessment. Providers should request a copy of a current IRAP assessment of the cloud service before contacting the program.
    • Any agreement with a supplier of cloud storage services must include an agreement that the client records will be hosted on an Australian server, will not be disclosed outside Australia and that the records will be encrypted to at least the equivalent of Unclassified with a Dissemination Limiting Marker of Sensitive: Personal or Official with an Access‑Information Management Marker of Personal-Privacy.

    • Related Articles

    • HSP Data Compliance Survey Questions - MS Azure documents and survey overview

      Contracted Service Provider Notice Use of Cloud Services for storage of client records  (CSPN - 202014) The HSP Compliance survey is for clients currently using cloud services for the storage of client records. See below questions on the survey and ...
    • How to update Hearing Services Program Maintenance Agreement – 1 October 2023

      How to update Hearing Services Program Maintenance Agreement – 1 October 2023 Please refer to the attached Hearing Services Program maintenance agreement form.docx Navigate to Config > System > Document Comments Select Type HSP Maintenance Terms . ...
    • HSP E-Claiming Guide - Send / Receive Claims

      1.1 HSP E-Claim Export/Import Overview When a file is created to send to HSP it marks the claims as 'Pending' and locks it so it can’t be changed. When HSP returns the file, and it is imported to Manage the following happens: · The claim status is ...
    • HSP configuration

      HSP configuration module provides integration with Australian Government Hearing Services Program. It enables Manage users to prepare claims for the HSP portal and import claims processed by HSP. General On this tab, you can specify whether your ...
    • Manage Signature Capture

      The WACOM 430V/G signature capture device can be used to capture Patient signatures and save them digitally to an Invoice, Repair or HSP Claim. Printed Invoices, Repairs or HSP Claims will then display the Patient Signature. Next, clinics will need ...