Page:Healthcare Services Act 2020.pdf/34

34 (2) A licensee must—
 * (a) implement any prescribed safeguards to protect all records mentioned in subsection (1), and any computer system used to keep and maintain those records, against—
 * (i) accidental or unlawful loss, modification or destruction; and
 * (ii) unauthorised access, disclosure, copying, use or modification;
 * (b) monitor and periodically evaluate the safeguards in paragraph (a) to ensure that—
 * (i) the safeguards are effective; and
 * (ii) all individuals employed or authorised by the licensee who access or handle any record mentioned in subsection (1) comply with the safeguards; and
 * (c) take all appropriate steps to ensure that each individual employed or authorised by the licensee who accesses or handles any record mentioned in subsection (1) is aware of—
 * (i) the safeguards mentioned in paragraph (a); and
 * (ii) the individual’s role and responsibility in maintaining the confidentiality, integrity and availability of the records.

(3) A licensee must take reasonable care in the disposal or destruction of any record mentioned in subsection (1) so as to prevent unauthorised access to, or unauthorised disclosure or reproduction of, the record or any information in that record.

(4) A licensee must not, in purported compliance with a requirement under subsection (1), make a record of any matter or thing in such a way that the matter or thing is not recorded accurately or completely or the record is not up to date.

(5) A licensee that contravenes any requirement under this section shall be guilty of an offence and shall be liable on conviction to a fine