Security and Privacy

Data for Decisions uses University of Melbourne developed software to extract data for research purposes from general practice computer systems

Partnering general practices agree to display communication materials at all locations of their practice so that they can be viewed by patients. GRHANITE® software includes an easy to access patient ‘opt-out’ checkbox so that practice staff can stop data related to individual patients from being extracted.

GRHANITE® software

GRHANITE® is University of Melbourne developed computer software that works in any environment where data is routinely collected. Its prototype was created by Professor Douglas Boyle in 2007 and has been further developed and used by the University in the primary care arena; it is currently installed in many GP clinics throughout Australia. GRHANITE® can interface with many GP practice management computer software systems, including Medical Director, Best Practice and Zedmed.

With permission from general practices partnering in Data for Decisions, and subject to ethics committee approval and legal agreements, GRHANITE® extracts de-identified patient data to be used for research aimed at improving public health, health services and patient journeys of care.

Introduction to GRHANITE® flyer

Cybersecurity

As a data informatics center, we understand the importance of ensuring that our cyber security measures are of the highest standard. With the recent surge in cyber attacks around the world, we recognize that the security of our clients' data is paramount.

At our center, we have implemented robust cyber security protocols to protect our clients' sensitive data. Our team of experts continuously monitor and update our systems to stay ahead of emerging threats and vulnerabilities. We use state-of-the-art encryption technology to safeguard our clients' data both in transit and at rest.

In addition, we adhere to industry best practices and regulatory requirements to ensure that our clients' data is handled in compliance with relevant privacy laws. Our staff are regularly trained in cyber security awareness and are vigilant in detecting and reporting any potential security incidents.

We take pride in the security and privacy of our clients' data and are committed to providing a safe and secure environment for their information.

Privacy

GRHANITE® optimises patient and health provider privacy by systematically excluding person identifiable data fields from data extracts. Data de-identification also depends, to some extent, on people who input data using the correct fields in their own computer systems (e.g. clinical software systems). Additional privacy filters are used by GRHANITE® in fields where user error is known to occur.

If necessary, the data originating from a GP practice can be re-identified by sending it back to that practice and using a re-identification ‘key’. This sort of re-identification might be done if a practice agrees to participate in a clinical trial (pending appropriate data and ethical approvals) where the practice may contact patients with certain characteristics to determine their interest in participating. (N.B. Involvement in clinical trials may include financial incentives and benefits to GPs and patients through access to new treatments.)

Partnering general practices agree to display communication materials at all locations of their practice so that they can be viewed by patients. GRHANITE® software includes an easy to access patient ‘opt-out’ checkbox so that practice staff can stop data related to individual patients from being extracted.

Data for Decisions adheres to the University of Melbourne Privacy Policy which outlines our obligation to comply with the relevant Australian regulations and legislations. Researchers that use information sourced from the Patron database are legally required to take all measures to protect privacy and they must not take any steps to attempt to re-identify any data that is provided to them.

Patron Data storage

The Patron data repository is physically housed within a secure University of Melbourne data center. No data within the Patron dataset is stored within an off-shore server or outside of University controlled server environments.

Data security

Our team at HaBIC R2 Health Informatics Unit, within the Department of General Practice and Primary Care, are experts in cross-sectoral data capture, consent management and privacy-protecting record management. We employ national and international good practice policies and procedures in our data warehousing and curation in line with national legislation around privacy and data security. Our active risk mitigation strategies are regularly reviewed. It is a legal requirement that any notifiable data breaches are reported to the Australian Information Commissioner.

GRHANITE® uses a number of internationally recognised encryption mechanisms to protect data in transit from the general practice, providing many layers of security. Each instance of GRHANITE® has a unique password and license, and site-specific encryption keys that are themselves encrypted.

No Patron datasets will ever be publicly accessible, but findings from the research, using aggregate data, will be made available through publications and reports. Every researcher that accesses part of the dataset can do so only after meeting ethical, legal and data governance standards.

Anonymous record linkage

GRHANITE® generates ‘hashes’ or ‘signatures’ from person-identifiable information before the data leaves the general practice computer. These ‘signatures’ are irreversible, meaning that unlike statistical linkage keys, there is no way to retrieve person identifiable information from the signature. When information is extracted using GRHANITE® from multiple organisations, the signatures provide a mechanism to link records.