The Victorian Government funds 17 health services to provide clinical services to children or young people with moderate to severe mental health problems.

In 2017–18, clinical mental health services in Victoria treated 11 945 children and young people up to the age of 18 years—an 11.5 per cent increase on the previous year—and admitted 2 014 to hospital, a 9.8 per cent increase. DHHS was not able to provide any information about young people aged 19–25 years in either the adolescent or adult mental health system.

Mental health problems are the most common health issues facing young people worldwide, according to the Global Burden of Disease Study 2017. Three-quarters of all mental health problems manifest in people under the age of 25. One in four Australians aged 16–24 years will experience mental health problems in any given year, while 2.1 per cent of Australian children and adolescents have a severe mental health problem and a further 3.5 per cent have moderate mental health problem.

Independent assurance report to Parliament

Ordered to be published

VICTORIAN GOVERNMENT PRINTER May 2019

PP No 30, Session 2018–19

We have consulted with DHHS, BH, RCH and RVEEH, and we considered their views when reaching our audit conclusions. As required by section 16(3) of the Audit Act 1994, we gave a draft copy of this report, or relevant extracts, to those agencies and asked for their submissions and comments. We also provided a copy of the report to the Department of Premier and Cabinet.

Responsibility for the accuracy, fairness and balance of those comments rests solely with the agency head.

Responses were received as follows:

Health services typically store their patient data in applications hosted and secured by third-party vendors. However, health services remain responsible for protecting patient data and ensuring that vendors fulfil their security responsibilities.

Digital Health has established a clear roadmap for health services to follow to improve patient data security. However, it is the responsibility of health services to implement and monitor their own measures across the key data security domains of ICT security, personnel security and physical security. This part examines the effectiveness of data security practices at the audited health services and HTS.

While Victorian health services manage their ICT systems independently, cybersecurity is a common challenge. DHHS's Digital Health branch provides support to improve cybersecurity in the sector by developing guidance materials, running awareness and training sessions, and funding ICT infrastructure upgrades. It has also developed a set of 72 baseline cybersecurity controls for health services to implement by 2020–21 to improve the maturity of health services' practices.

The Health Records Act 2001 requires health services to protect patients' health information from unauthorised access, modification or disclosure. Health services have long-established information management practices to protect patient confidentiality and hardcopy information. With the growing use of digital technologies to treat patients and store data, health services need to introduce ICT security measures to manage the risk of cyberattacks on patient data systems.