Health sector

Lockstep provides broadly two types of advice to health sector clients.  For larger and established organisations, we help with our unique knowhow in identity management strategy & policy, privacy engineering and Privacy Impact Assessment. For smaller clients, especially start-ups, we have a track record in bootstrapping a right-sized information security management system (ISMS) and risk management processes.  We help emerging e-health outfits get ready for serious business. Lockstep principal Steve Wilson has 35 years experience across the health industry, including seven years in the highly regulated medical device sector.

Lockstep founder Stephen Wilson has nearly 35 years experience in advisory and R&D leadership roles, in Australia and the USA.

Decades of experience in the health sector

Stephen has extensive experience in healthcare security, privacy, medical device R&D (in Australia and the USA), quality assurance, and clinical and regulatory affairs. His consulting clients include state & federal health departments, public sector human services organisations, peak bodies, and numerous e-health start-ups.

Stephen has long been involved in public policy for authentication and privacy. He recently was invited to give advice to the World Health Organisation on digitized vaccine certificates, and is currently a member of the New South Wales Ministerial Advisory Council on digital identity (DIMAC) where healthcare credentials are a key work item. He was an invited member of the Australian Law Reform Commission Developing Technology Advisory Sub-committee (2007-08), and a Ministerial appointment to the National Electronic Authentication Council (1998-2001). He is a foundation member of the Australia-New Zealand chapter of the International Association of Privacy Professionals (iapp-ANZ).

Stephen has authored numerous submissions to government inquiries on health & human services (including the draft National Health Privacy Code in 2003 and the Health & Welfare Access Card in 2007) and has written extensively on electronic health records, health identifiers and privacy.


Lockstep’s health sector clients include:

  • An international non-profit medical research foundation (security & privacy strategy to support the migration of R&D and clinical trial information systems to a managed security service provider)
  • A national peak body in community pharmacy (where we developed a privacy program and undertook the initial PIA for a new cloud based national data sharing platform)
  • Aetna U.S. (consumer adoption and privacy strategy for the deployment of biometrics to 40 million customers’ mobile apps)
  • Healthlink New Zealand (we reviewed their governance position and procurement strategy for an ongoing national PKI for doctors)
  • Victorian Dept of Health Web Transformation Program (Privacy Impact Assessment for a patient information portal)
  • A state senior citizen program (PIA for the health department on shifting the concession card customer management system to the cloud)
  • National Authentication Service for Health (acting PKI manager)
  • International Council of Ophthalmology (intellectual property strategy)
  • Medicare Australia (Gatekeeper PKI accreditation; ndesigned and piloted a new Relationship Certificate solution for qualified healthcare professionals)
  • Queensland Health integrated electronic medical records system (PIA)
  • HealthSMART Victoria (successive PIAs on state-wide Patient Master Index and clinical application)
  • South Australia Health (PKI strategy, acquisition plan, policy and key signing ceremony)
  • Queensland Health (new suite of privacy tools and Privacy Impact Assessment)
  • National eHealth Transition Authority NEHTA (we researched and developed the business case for a planned national PKI for 600,000 healthcare professionals, including smartcards and readers for comprehensive digitization of health records and processes).

Our early stage and start-up e-health clients include:

  • CONFIDENTIAL: A patient outcomes reporting platform (developed a security & privacy roadmap for budgeting purposes, compliance planning and to support investor due diligence)
  • CONFIDENTIAL: A patient scheduling platform for specialists (early stage security & privacy roadmap)
  • Ozdocsonline: Steve acted as CISO during the formative stages of this GP-patient online consultation platform, drafting the first security policy and guiding the foundational software and platform designs.
Stephen Wilson health profile Dec 2021