Concept of Operations: Relating to the introduction of a Personally Controlled Electronic Health Record System
3.3.4 Authorised users
The PCEHR System entrusts a participating organisation to grant access to healthcare providers and other local users who need to access the PCEHR System. These users are referred to as ‘authorised users’. An authorised user may be any employee8 who has a legitimate need to access the PCEHR System as part of their role in healthcare delivery. When authorised users access the PCEHR System, they are only permitted to access the PCEHR of individuals they are involved in delivering healthcare services to. All access to the PCEHR System is audited.
The PCEHR System will only accept clinical documents from healthcare organisations where the author has a HPI-I. Other authorised users without a HPI-I cannot be listed as the author of a clinical document submitted to the PCEHR System from a healthcare organisation.
The PCEHR System entrusts the participating organisation to verify the identity of authorised users prior to allowing them access the PCEHR System. The participating organisation may undertake a separate check or leverage existing verification of identity procedures (such as processes used by the organisation’s Human Resources department).
Guidelines for authentication of users within clinical systems, the provider portal and contracted service providers are discussed further in Section 5.4.1.
8 As per the Healthcare Identifiers Act 2010, an ‘employee’ is either an individual who provides services for the entity under a contract for services or an individual whose services are made available to the entity (including services made available free of charge).