Allied Health Practice Cyber Security Health Check — Self-Assessment Tool

Your patients share their most personal health information with you. Are you protecting it?

Allied health practitioners hold clinical notes, treatment histories, mental health records, Medicare details, DVA information, and sensitive personal circumstances. AHPRA-registered practitioners have professional obligations to maintain patient confidentiality, and the Privacy Act demands you protect personal health information. A breach doesn't just trigger OAIC investigations and financial penalties — it exposes your patients' most private health details, can put your AHPRA registration at risk, and destroys the therapeutic trust that is essential to effective care.

This Health Check gives you a clear picture of where your practice stands — and a practical action plan to close the gaps. No IT background needed.

Built for practitioners and practice managers, not IT professionals:

Every question is written in plain, everyday English. Technical terms include built-in hover tooltips that explain them simply, and the companion user guide explains the intent behind every question so you always understand what's being asked and why.

When you're done, the tool generates a clear, easy-to-follow action plan tailored to your practice. Each recommendation tells you what the gap is, what to do about it, how urgent it is, and roughly how much time and money it will take — automatically sorted by priority. No guesswork, no generic advice — just practical steps based on your actual answers.

What's included:

1. Self-Assessment Tool (HTML file) An interactive assessment covering 12 key security areas across 67 questions, purpose-built for how allied health practices actually work:

→ Passwords & Access — Are practice management software, Medicare systems, and patient records properly secured? → Backups & Recovery — Could you recover patient data after ransomware or hardware failure? → Staff Awareness — Do your staff understand their security and privacy obligations? → Patient Data Protection — Are clinical notes, health records, and DVA information handled in line with the Privacy Act? → Incident Response — Do you know what to do if patient data is compromised? → Suppliers & Services — Are your IT providers, software vendors, and third-party platforms covered? → Plus six more domains covering updates, security software, device security, network protection, secure configuration, and leadership governance.

2. User Guide & Question Reference (Word document) A comprehensive companion guide including:

→ Step-by-step instructions for navigating the assessment and using all features → Tips for answering accurately — what "Yes" really means and how to think about evidence → How to interpret your results — understanding your score, readiness level, and priority actions → How to use the Word and Excel exports for compliance, insurance, and IT provider discussions → Full question reference guide — every question explained with "Why This Matters" context and "Evidence to Look For" indicators

What you get when you complete the assessment:

✔ Overall security score with a clear readiness rating ✔ Visual dashboard with category-by-category breakdown ✔ Prioritised action plan — personalised to your answers, sorted by urgency, with estimated time and cost ✔ Specific, actionable recommendations written in plain language ✔ Exportable Word report — ready to share with practice owners or insurers ✔ Exportable Excel workbook with incident response contacts and step-by-step checklist ✔ Australian-focused — references AHPRA, Medicare, DVA, My Health Record, OAIC, ACSC, Privacy Act, and Notifiable Data Breaches scheme

Who is this for?

• Solo practitioners wanting to protect their patients and their practice
• Practice owners and managers looking to benchmark their security posture
• Practices preparing for AHPRA compliance, professional audits, or cyber insurance applications
• Multi-disciplinary clinics wanting to demonstrate due diligence across all practitioners
• Anyone handling patient health data — regardless of technical ability

How it works:

Download both files — open the HTML file in any modern browser and keep the user guide handy. Answer the questions honestly, and the tool does the rest. No installation, no software, no cloud account required. Your data stays on your device.

Built by CyberAssure — practical cyber security tools for Australian businesses.