Services › Security Health Check

Security Health Check

A structured assessment of your practice's cybersecurity posture, with clear findings and prioritised recommendations.

We assess your practice against 9 security domains covering everything from access control and patient data protection to backup systems, vendor security, and breach readiness. You receive a detailed report with a risk rating for each area and a prioritised list of practical recommendations. Think of it as a check-up for your practice's digital health.

Book a Free Scoping Call Try the Free Self-Assessment

What's included

Everything you need to understand where your practice stands — from initial conversation through to a clear, actionable report.

01

Pre-assessment questionnaire

We send you a short questionnaire to understand your practice setup before the session. Takes about 10 minutes to complete.

02

60–90 minute assessment session

A guided conversation (video call or onsite) where we work through your security posture across 9 domains. No technical jargon — we speak practice manager, not IT.

03

Detailed written report

Professional report covering each domain with a risk rating (Strong / Moderate / Needs Attention), specific findings, and regulatory context.

04

Prioritised recommendations

Your top 5 quick wins plus a full recommendation register ranked by priority and estimated effort.

05

Delivery walkthrough

A 30–45 minute call to walk you through the report, answer questions, and discuss next steps — so you leave with a clear plan, not just a document.

What we assess

We review your practice across 9 security domains — each one chosen because it reflects real risks and real regulatory obligations for Australian healthcare settings.

1

Access Control & User Management

Who can access what, and how is it controlled?

2

Password & Authentication

Are credentials strong enough and properly managed?

3

Patient Data & Records Security

How is patient information protected in your systems?

4

Backup & Recovery

Could you recover if your systems went down today?

5

Network & Device Security

Are your computers, network, and devices properly protected?

6

Third-Party & Vendor Security

Do your software providers handle your data safely?

7

Staff Awareness & Training

Would your team recognise a phishing email?

8

Incident Response & Breach Readiness

Do you know what to do if something goes wrong?

9

Policies, Compliance & Documentation

Do you have the documented policies you're legally required to have?

Why this matters for your practice

Healthcare is the most breached sector in Australia, accounting for 18% of all notifiable data breaches reported to the OAIC. That's not a statistic to cause alarm — it's context for why this conversation is worth having.

The regulatory landscape has also changed. Since December 2024, the Privacy Act explicitly requires both "technical and organisational measures" to protect personal information (Privacy and Other Legislation Amendment Act 2024). A new statutory tort now means patients can personally sue for serious privacy breaches — something that wasn't possible before.

And it's not just the Privacy Act. RACGP accreditation requires documented information security practices. My Health Records Rule 42 requires a written security and access policy. Most practices we speak with don't realise how many regulatory layers apply — until something goes wrong.

A Security Health Check gives you a clear picture of where your practice stands and what to prioritise — before an incident forces the conversation. It's about making informed decisions, not reacting to a crisis.

18%

of all notifiable data breaches in Australia are in the healthcare sector

OAIC Notifiable Data Breaches Report

Dec 2024

Privacy Act amendments introduced new "technical and organisational measures" requirements

Privacy and Other Legislation Amendment Act 2024

Rule 42

My Health Records Act requires a written security and access policy for registered practices

My Health Records Rule 2016

What's included and what it costs

One fixed-fee engagement covering everything from initial scoping through to report delivery and walkthrough — no add-ons, no surprises.

Full Assessment

Security Health Check

Assessment, report, and delivery walkthrough

From $1,200 ex GST
  • 1

    Pre-assessment questionnaire

    Short intake form completed in your own time — takes about 10 minutes

  • 2

    60–90 minute assessment session

    Guided conversation via video call or onsite (Adelaide metro) across all 9 security domains

  • 3

    Detailed written report

    Risk rating for each domain, specific findings, and regulatory context

  • 4

    Prioritised recommendation register

    Top 5 quick wins plus a full list ranked by priority and estimated effort

  • 5

    30–45 minute report walkthrough

    We walk you through the findings and make sure you leave with a clear plan

Best for: GP clinics, specialist practices, and allied health providers of any size.

Typical range: Most small to medium practices (1–10 practitioners) fall within $1,200–$1,800. Larger or more complex practices may fall outside this. Final fee confirmed after a free scoping call.

Book a Free Scoping Call

How it works

A straightforward process designed to fit around a busy practice.

1

Book a scoping call

Free 15-minute call to understand your practice and confirm the scope. No commitment required.

2

Complete the questionnaire

We send a short pre-assessment questionnaire. Takes about 10 minutes and can be done in your own time.

3

Assessment session

60–90 minute guided conversation via video call or onsite (Adelaide metro). We lead — you just talk us through your setup.

4

Receive your report

Delivered within 5–7 business days, with a walkthrough call included so you know exactly what to do next.

Ready to get a clear picture?

Start with a free 15-minute scoping call. We'll confirm what's involved, answer any questions, and provide a fixed quote — no obligation.

Book a Free Scoping Call Try the Free Self-Assessment

Not sure what you need? Start with our free online self-assessment to get an instant snapshot of your practice's security posture — no commitment, no account required.

Frequently asked questions

Do you need to come to our practice?

Most assessments are done via video call. Onsite visits are available in the Adelaide metropolitan area if preferred.

How long does the whole process take?

From scoping call to report delivery, typically 2–3 weeks. The assessment session itself is 60–90 minutes.

Will you need to talk to our IT provider?

Not usually. We gather what we need from you. If we identify technical questions that need IT input, we'll let you know and can liaise with your IT provider if helpful.

What if we don't have any security policies at all?

That's very common and exactly why practices engage us. The Health Check will identify what you need, and we can help you build it.

Is this an audit?

No. It's a supportive assessment, not a compliance audit. We're here to help you improve, not to grade you. Everything we find stays confidential between us and your practice.

Have a question not answered here?

Get in touch