Resources Blogs Accountability in Action: Building a Stronger Data Culture in Healthcare

Accountability in Action: Building a Stronger Data Culture in Healthcare

author
calendar10/20/2025
clock 6 min read
feature image

book open Table of Contents

When a patient’s diagnostic imaging fails to upload to their My Health Record, who is responsible: Clinical staff? IT? The vendor behind the electronic medical record (EMR)?

Without clear accountability, Australia's healthcare system faces heightened risks related to privacy breaches, compliance failures, and operational inefficiency. The Australian healthcare system is managing increasingly distributed and complex data environments, spanning EMRs, patient portals, and third-party systems. As this complexity grows, so does the need for shared accountability — a cultural shift where every department takes ownership of data stewardship, not just IT or compliance teams.

Regulatory frameworks, such as the My Health Records Act 2012 and guidelines from the Office of the Australian Information Commissioner (OAIC), provide the foundation for responsible data governance. But frameworks alone aren't enough. Building a strong data culture – one where accountability is embedded into everyday operations – is what transforms policy into practice.

Fragmentation and the Accountability Gap in Healthcare Data Governance

Many healthcare providers operate in silos. This fragmentation increases the likelihood of data breaches, mismanagement of sensitive health information, and non-compliance with privacy laws.

In a data environment rife with bottlenecks, data ownership is unclear, and governance responsibilities are inconsistently applied. According to the Royal Australian College of General Practitioners (RACGP), this fragmentation presents both challenges and opportunities:

  • 43% of general practitioners cited health system fragmentation and communication issues as a top concern in 2025.
  • 53% identified compatible technology and electronic systems as critical enablers of care.

Originally, the My Health Records Act 2012 was designed to address these information challenges by mandating clear responsibilities for data stewardship, access controls, and breach notification. A 2024 policy impact analysis by the Department of Health and Aged Care revealed that over 24 million Australians now have a My Health Record, which includes diagnostic imaging, hospital discharge summaries, prescription information, and immunisations.

However, many consumers find their records incomplete, mainly because data uploads remain voluntary for Australia’s healthcare organisations, which limits the system’s effectiveness. The same policy impact analysis reported consumer demands, highlighting this accountability gap: 

  • 83% of consumers want control over their health data.
  • 71% agree that this control would improve communication with healthcare providers.

Meeting these expectations requires healthcare organisations to move beyond voluntary participation towards proactive governance — bridging the accountability gap through shared responsibility, supported by policy and technology. The OAIC's Privacy Management Framework reinforces this strategy by encouraging organisations to embed privacy governance into their operational culture, rather than approach it as an isolated compliance task.

Leadership as a Catalyst for Cultural Change

Organisational culture is impossible to change without direction from leaders. But this can’t be done through mandates alone.

Effective leaders in healthcare organisations establish clear data ownership roles, promote ethical data use, and align governance goals with clinical and operational priorities. The Health Provider Compliance Strategy 2025 – 2030 emphasises leadership-level accountability and proactive compliance as core components of sustainable governance, outlining several leadership responsibilities for embedding accountability: 

  • Establish clear governance structures. Leaders must define who owns data across departments, eliminating ambiguity about roles and responsibilities in data stewardship.
  • Foster a culture of speaking up. Creating safe channels for staff to report privacy concerns or potential breaches without fear of reprisal ensures issues are identified and addressed early.
  • Integrate compliance into strategic planning. Rather than treating governance as a separate function, leaders should embed privacy and data management considerations into clinical workflows, technology investments, and operational decisions.
  • Invest in continuous education. Proactive compliance requires ongoing training that keeps staff informed about regulatory changes, emerging risks, and best practices in data handling.
  • Exemplify ethical data behaviour. When executives and department heads visibly prioritise data responsibility through transparent decision-making and adherence to protocol, they set the standard for organisational culture.

Together, these components recognise that cultural change is the responsibility of all and not just that of compliance teams. When healthcare leaders prioritise data security and stewardship, they create an environment where accountability is second nature.

More importantly, this leadership-driven approach builds trust that extends to the patient-healthcare provider relationship, as patients increasingly expect transparency and control over their health information. 

Technology as a Foundation for Operationalising Accountability

While leadership sets the bar for shared accountability, technology platforms translate governance policies into actionable workflows.

In Australia’s healthcare sector, where legacy systems, information silos, and inconsistent My Health Records can impede a strong data culture that prioritises robust data security, technological innovation can and must go beyond supporting operations. It must be a vital enabler of accountability.

The AvePoint Confidence Platform reinforces governance policies by helping healthcare organisations implement them more consistently and operationally across their data environments. Its capabilities support: 

  • Unified governance across systems. The Confidence Platform provides centralised policy enforcement across Microsoft 365 and other hybrid environments. This supports the Privacy Act 1988’s requirement for organisations to take reasonable steps to protect personal information through secure system design and access controls.
  • Automated lifecycle management. By enabling data classification and automating retention or disposal policies, the Confidence Platform supports provisions in the My Health Records Act, specifically secure handling and timely deletion of health information in cases of record deactivation or patient withdrawal.
  • Proactive risk management. The Risk Posture Command Center in the Confidence Platform offers real-time visibility into data risks such as oversharing, misconfigured permissions, and orphaned records. These insights help organisations meet OAIC Privacy Guidelines that call for proactive risk identification and mitigation, especially in high-risk sectors like healthcare.
  • Role-based access and external sharing controls. Granular permission management and automated access reviews in the Confidence Platform help enforce least-privileged access, supporting the Privacy Act’s principles around limiting data access to authorised personnel and preventing unauthorised disclosure.
  • Audit readiness and reporting. Reporting tools in the Confidence Platform simplify compliance audits and provide transparency into data usage, access patterns, and policy enforcement. This aligns with the OAIC’s Privacy Management Framework, which encourages continuous monitoring and documentation of privacy practices. 

By leveraging these capabilities, the Australian healthcare system can go beyond manual governance and fragmented oversight. With the right purpose-built platform, healthcare providers can adopt a more consistent, scalable approach to data stewardship: a strategy that supports compliance, reduces risk, and reinforces the cultural shift toward shared accountability.

From Rote Compliance to an Enhanced Data Culture

When a patient's diagnostic imaging fails to upload to their My Health Record, the question shouldn't be "Who is responsible?" It should be "How did our culture allow this to happen?"

A strong data culture is impossible to establish in the blink of an eye. It requires a mindset shift across an organisation: one steered by sustained leadership, guided by clear frameworks, and executed with the right technology.

Compliance in healthcare is no longer just a matter of rote exercise. It’s a strategic transformation that in turn supports patient safety, operational efficiency, and long-term innovation that can change lives. Australian healthcare organisations that embrace shared accountability and leverage the AvePoint Confidence Platform are in a better position to overcome data complexity and deliver high-quality care. 

author

Janine Morris

Janine Morris is an experienced information management professional who helps organizations reduce information chaos and improve employee experience while meeting regulatory and compliance requirements, especially those related to AI and data security. She holds a Master's degree in Information Management and her professional approach and passion have earned her solid recognition in the industry, including being recognized as a Membership Fellow (FRIM) and serving as a former board director and branch president of RIMPA Global.

data securityData Governancedata managementlifecycle managementHealthcare