❓ WA Parliament QoN regarding policies, disposal, and security of mobile devices within the Minister for Health's portfolio. Reveals varying practices across different health service providers and agencies.
AnsweredQoN 3191Legislative Assembly
Asked
12 June 2018
Member
Portfolio
Deputy Premier; Minister for Health; Mental Health
QuestionView source ↗
In respect of the Minister’s portfolio responsibilities for any of their departments, agencies, government trading enterprises or boards, I ask: (a) Are there any policies or procedures in place for restricting unauthorised access to mobile devices (mobile phones, tablets and laptops): (i) If so, what are they; and (ii) If not, why not; (b) How many mobile devices have been disposed of in the following financial years and what was their disposal method (i.e. at auction): (i) 2015-16; (ii) 2016-17; and (iii) 2017-18; and (c) Were any of the mobile devices in (b)(i)-(iii) used to store sensitive or confidential information: (i) If so, what type of sensitive or confidential information; and (ii) If so, what measures are put in place to ensure this information is not retained on the hard-drive of the device upon it's disposal?
AnswerView source ↗
Answered
16 August 2018
Response time
11 days
For the Department of Health and Health Service Providers I am advised:
(a) Yes.
(i) The ‘Information Security Policy’ and the ‘Acceptable Use of Information and Communications Technology Policy’ are mandatory policies that apply across the WA health system in regards to the use of mobile devices.
(ii) Not applicable.
(b)
Health Service
Year
(Amount Approx)
Disposal Method
Department of Health
2016/17
26
CUA WAS2016
Department of Health
2017/18
46
CUA WAS2016
Health Support Services
2016/17
6
CUA WAS2016
Health Support Services
2017/18
31
CUA WAS2016
Child & Adolescent Health Service
2015/16
20
Donation
Child & Adolescent Health Service
2016/17
20
Donation
Child & Adolescent Health Service
2017/18
20
Donation
East Metropolitan Health Service
2016/17
15
Suez Waste Management
East Metropolitan Health Service
2017/18
50
Suez Waste Management
North Metropolitan Health Service
2015/16
48
Donation
North Metropolitan Health Service
2016/17
48
Donation
North Metropolitan Health Service
2017/18
48
Donation
South Metropolitan Health Service
2015/16
62
Recycle company; CUA WAS2016
South Metropolitan Health Service
2016/17
42
Recycle company; CUA WAS2016
South Metropolitan Health Service
2017/18
76
Recycle company; CUA WAS2016
WA Country Health Service
2015/16
309
CUA WAS2016
WA Country Health Service
2016/17
378
CUA WAS2016
WA Country Health Service
2017/18
250
CUA WAS2016
(c) Yes
(i) WA Health Data including HR, Financial, Contractual and Clinical information.
(ii) For laptops and tablets, hard drives are removed from devices before they are disposed and then the hard drives are environmentally and securely destroyed via WA Government CUA approved vendors. For mobile phones these are reset to factory settings prior to disposal and mobiles that are damaged, un-repairable and cannot be accessed for deleting the information are physically destroyed as the preferred method of disposal.
Mental Health Commission advises:
(a) Yes
(i) Mental Health Commission, Mobile Devices Policy and Mental Health Commission, Information Security Policy.
(ii) Not applicable
(b)
(i) 2015-16 – Nil
(ii) 2016-17 - Nil
(iii) 2017-18 - 25
Items disposed under CUAWAS2016 Waste Disposal and Recycling Services – Category E – ICT Equipment Disposal (e-Waste).
(c) Yes
(i) Emails
(ii) Remove Exchange account. All e-waste was required to have the maximum 7-Pass Overwrite for each device.
Health & Disability Services Complaints Office (HaDSCO) advises:
(a) Yes
(i) HaDSCO has a Service Level Agreement with the Department of Health for the provision of Information Technology services and adopts the Department of Health’s ‘Information Security Policy’ and the ‘Acceptable Use of Information and Communications Technology Policy’ in regards to the use of mobile devices.
(ii) Not applicable
(b) Nil
(i – iii) Not applicable
(c) Nil
(i – ii) Not applicable
Healthway advises:
(a) Yes
(i) Healthway has a Mobile Device policy (D13/954).
(ii) Not applicable
(b) (i - ii) Nil
(iii) 7 mobile phones and 5 Tablets were disposed of via "Total Green Recycling" contract number WAS2016. 1 Tablet was purchased via a staff member; items being disposed were circulated to staff asking for EOI to purchase.
(c) The Mobile Device policy states that mobile devices are to be used to remotely connect to Healthway networks. All data is accessed and saved to those networks.
(i) Not applicable
(ii) Mobile devices were erased prior to disposal and "Total Green Recycling" were also requested to erase/sanitise all mobile devices.
Animal Resource Authority (ARA) advises:
(a) Yes
(i) An internal IT Network Security Agreement form is signed when new employees are being inducted, and includes the IT Policy for employee/s to read and understand. Off-site use of agency mobile devices by employees is recorded and monitored.
(ii) Not applicable
(b) Nil
(i – iii) Not applicable
(c) No
(i – ii) Not applicable
(a) Yes.
(i) The ‘Information Security Policy’ and the ‘Acceptable Use of Information and Communications Technology Policy’ are mandatory policies that apply across the WA health system in regards to the use of mobile devices.
(ii) Not applicable.
(b)
Health Service
Year
(Amount Approx)
Disposal Method
Department of Health
2016/17
26
CUA WAS2016
Department of Health
2017/18
46
CUA WAS2016
Health Support Services
2016/17
6
CUA WAS2016
Health Support Services
2017/18
31
CUA WAS2016
Child & Adolescent Health Service
2015/16
20
Donation
Child & Adolescent Health Service
2016/17
20
Donation
Child & Adolescent Health Service
2017/18
20
Donation
East Metropolitan Health Service
2016/17
15
Suez Waste Management
East Metropolitan Health Service
2017/18
50
Suez Waste Management
North Metropolitan Health Service
2015/16
48
Donation
North Metropolitan Health Service
2016/17
48
Donation
North Metropolitan Health Service
2017/18
48
Donation
South Metropolitan Health Service
2015/16
62
Recycle company; CUA WAS2016
South Metropolitan Health Service
2016/17
42
Recycle company; CUA WAS2016
South Metropolitan Health Service
2017/18
76
Recycle company; CUA WAS2016
WA Country Health Service
2015/16
309
CUA WAS2016
WA Country Health Service
2016/17
378
CUA WAS2016
WA Country Health Service
2017/18
250
CUA WAS2016
(c) Yes
(i) WA Health Data including HR, Financial, Contractual and Clinical information.
(ii) For laptops and tablets, hard drives are removed from devices before they are disposed and then the hard drives are environmentally and securely destroyed via WA Government CUA approved vendors. For mobile phones these are reset to factory settings prior to disposal and mobiles that are damaged, un-repairable and cannot be accessed for deleting the information are physically destroyed as the preferred method of disposal.
Mental Health Commission advises:
(a) Yes
(i) Mental Health Commission, Mobile Devices Policy and Mental Health Commission, Information Security Policy.
(ii) Not applicable
(b)
(i) 2015-16 – Nil
(ii) 2016-17 - Nil
(iii) 2017-18 - 25
Items disposed under CUAWAS2016 Waste Disposal and Recycling Services – Category E – ICT Equipment Disposal (e-Waste).
(c) Yes
(i) Emails
(ii) Remove Exchange account. All e-waste was required to have the maximum 7-Pass Overwrite for each device.
Health & Disability Services Complaints Office (HaDSCO) advises:
(a) Yes
(i) HaDSCO has a Service Level Agreement with the Department of Health for the provision of Information Technology services and adopts the Department of Health’s ‘Information Security Policy’ and the ‘Acceptable Use of Information and Communications Technology Policy’ in regards to the use of mobile devices.
(ii) Not applicable
(b) Nil
(i – iii) Not applicable
(c) Nil
(i – ii) Not applicable
Healthway advises:
(a) Yes
(i) Healthway has a Mobile Device policy (D13/954).
(ii) Not applicable
(b) (i - ii) Nil
(iii) 7 mobile phones and 5 Tablets were disposed of via "Total Green Recycling" contract number WAS2016. 1 Tablet was purchased via a staff member; items being disposed were circulated to staff asking for EOI to purchase.
(c) The Mobile Device policy states that mobile devices are to be used to remotely connect to Healthway networks. All data is accessed and saved to those networks.
(i) Not applicable
(ii) Mobile devices were erased prior to disposal and "Total Green Recycling" were also requested to erase/sanitise all mobile devices.
Animal Resource Authority (ARA) advises:
(a) Yes
(i) An internal IT Network Security Agreement form is signed when new employees are being inducted, and includes the IT Policy for employee/s to read and understand. Off-site use of agency mobile devices by employees is recorded and monitored.
(ii) Not applicable
(b) Nil
(i – iii) Not applicable
(c) No
(i – ii) Not applicable
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.