Data and digital

Data & Digital@2x.png

Why it is important

Expanding privacy and security regulations, and an increasingly hostile online environment, have made information privacy and cyber security an increasing concern. The digitisation of services and increasing use of data for decision-making are key drivers in the health care industry’s transformation.

Our management approach

Ramsay recognises the significant importance of information privacy and cyber security to our business, particularly in an environment of expanding information privacy and security regulations, and an increasingly hostile  online landscape.

Ramsay relies on its own and third-party vendor information systems to perform key functions essential to our ability to operate, provide care and manage patient admissions and patient data, inventory and administration.

Each Ramsay regional business monitors cyber risks and data and privacy concerns. Each region has its own accountability framework to reduce risk, protect all data held and meet the regulatory requirements. As part of this, each region has dedicated data protection and privacy officers (or equivalent). Each region is responsible for delivering comprehensive training to staff as part of our continual improvement.

Additionally, Ramsay has implemented a global cyber security control framework aligned to the NIST Cyber Security Framework v1.1 including increasing annual maturity targets for all regions.  The NIST Framework defines a set of controls across five categories (Identify, Protect, Detect, Respond, and Recovery) and is designed to provide both protection and resilience against the broad range of cyber security risks.

Our approach is overseen by the Ramsay Health Care Board, the Board’s Global Risk Management Committee and the Global Executive.

Impact boundary and stakeholders

  1. Patients
  2. Doctors
  3. Employees
  4. Government and regulators


Our measures are provided in our annual Impact Report Quality Scorecard and include notifiable breaches of patient privacy.


  • GRI disclosures: 418-1 Customer privacy
  • SASB topic areas: Patient privacy and electronic health care records
  • SDGs: 3, 8,17