Update on Clinical Document architecture and e-Health records

The National E-Health Transition Authority (NEHTA) and our partners are aware of potential issues citing security vulnerabilities which could affect eHealth systems worldwide.

NEHTA, the Department of Health, and the PCEHR System Operator identified and considered these issues some time ago and as a result put in place actions to either negate or mitigate them.

The issues are around the use of the Clinical Document Architecture (CDA) standard, via style sheets, and in particular the Health Level Seven International (HL7) supplied style sheets, and all deal with the potential for malicious content to be exposed through the clinical documents.

The first issue is that documents may contain unstructured information outside of the current NEHTA specifications that could have malicious content included and thus create a security exposure. Current NEHTA specifications have the following controls in place to prevent this vulnerability being exploited:

  • Template Service Package (Schematron):

Documents coming to the PCEHR are checked to ensure completeness, inclusion of mandatory elements and checks for prohibited content in line with industry agreed conformance requirements.

  • CDA Validator

NEHTA provides this utility to support software vendors to ensure that the clinical documents their systems produce are conformant.

  • Conformance Profile(s)

Lists the specific conformance requirements for clinical documents detailing mandatory elements and checks for prohibited content.

  • CDA Rendering Specification

Provides ehealth software developers with instructions on how to display health related information contained within a CDA document in a human readable form.

It is possible that some vendors who are running early versions of our specifications may face this issue. We will contact these vendors directly and provide guidance.

  • The second issue is malicious content could be hidden within the human readable part of the document.

The PCEHR has controls in place to reject these types of documents therefore this is not an issue in the PCEHR system.

  • The third issue is that links to external websites embedded in the document or in an attachment such as Word, PDF, jpg etc. could contain malicious content.

There are known vulnerabilities with the exchange of any type of document which contain links to external systems or document types. Vendors are aware of these risks and there is guidance available for vendors to protect their users. CDA is a new type of document and there is similar guidance available to support vendors to address risks in these document types. The PCEHR currently has in place a number of protection mechanisms that are also available to software vendors to test their point-to-point systems.

NEHTA and the PCEHR System Operator have held a webinar with vendors to address concerns. A further webinar with vendors is planned for later in this week.

NEHTA, the Department of Health, and the PCEHR System Operator maintain surveillance of vulnerabilities and other security threats as part of the operation of the PCEHR. The PCEHR has controls in place to detect such malicious content and prevent it being distributed. If malicious content is identified the PCEHR System Operator will work with the relevant healthcare providers and medical software vendors. Any and all advice from the sector regarding potential vulnerabilities is taken with the utmost seriousness and the Department of Health and NEHTA appreciate the active cooperation and participation of the vendor community.

For further assistance contact:

The NEHTA Help Centre
[email protected]
1300 901 001  


Media enquiries: [email protected]