Outside companies have been appointed to break into the ACT's new digital health record system, as authorities say they are doing everything possible to ensure patients' personal information is protected.
All paper and digital records for patients in the territory's public health system will be brought together under the one electronic system, which will go live on Saturday.
ACT Health chief information officer Peter O'Halloran said, so far, the companies have been unable to access the system, however, he did say the exercises have identified areas where security could be tightened.
"We're putting very strong protections in there. We're also getting a series of external companies to do an external validation of our security configuration, so they're actually trying to compromise the system and get in," he said.
"They can actually assure us that all protections we've got in place are sufficient or if they identify areas of concern we can fix those before we actually move it into production."
Unlike the Commonwealth's digital health record system, people who receive treatment in the ACT's public health system will be unable to opt-out.
The federal government's My Health Record was introduced in 2018 and this contains an online record of a person's medical history, but people were given a choice to opt-out.
Mr O'Halloran said people do not have the same option for the territory's digital health record as ACT Health was required to keep patient records of treatment under the Health Records (Privacy and Access) Act.
He said the public health system already kept records of every patient who was treated and the new digital record would simply collate this in one place. He argued cyber security protections would actually be strengthened under the new system.
"The way we are recording that information when we go live will be the digital health record," Mr O'Halloran said.
"Those staff are legally obligated to record that.
"Patients who walk into a hospital cannot choose not to have the clinicians take notes of their progress notes for their treatments likewise in the future they won't be able to opt out of that either."
Health practitioners who violate a patient's personal data can also face severe penalties.
"The other way we are really trying to protect it is around strong education for all of the staff that are accessing the system around appropriateness of access to records," Mr O'Halloran said.
Anybody who has high-level access to all patients data also has to hold a negative level one vetting clearance from the federal government.
Recent high-profile cyber attacks on Optus and Medibank have highlighted vulnerabilities in how companies and governments protect people's personal data.
One in three, or 6.4 million, Australians have been the victim of a data breach in the last 12 months, research from the Australian National University has found.
Mr O'Halloran said in order for a hacker to access data from the digital health record, they would first need to break the ACT government's databases as a separate system has been created within the government's records.
"We've also redesigned how we do our hosting and we've actually built what we call the 'health enclave', which is a separate part of the ACT government network, that is a more secure part inside the sort of outer fence, if you like, that is separately firewalled off from the rest of the ACT government," he said.
Mr O'Halloran said all of the servers for the system were physically located in the territory and there was a range of extra security protections for the servers.
"They are hosted in data centres in Canberra that have very strong physical protections and a whole range of back-up business continuity arrangements from everything to electricity outages to protection from lightning strikes and other weird and wonderful things that happen," he said.
"The last thing you want to have is a building full of computers struck by lightning."
