Security and Privacy

Data for Decisions uses University of Melbourne developed software to extract data from general practice computer systems

GRHANITE® software

GRHANITE® is University of Melbourne developed computer software that works in any environment where data is routinely collected. Its prototype was created by Associate Professor Douglas Boyle in 2007 and has been further developed and used by the University in the primary care arena; it is currently installed in many GP clinics throughout Australia. GRHANITE® can interface with many GP practice management computer software systems, including Medical Director, Best Practice and Zedmed.

With permission from general practices partnering in Data for Decisions, and subject to ethics committee approval and legal agreements, GRHANITE® extracts de-identified patient data to be used for research aimed at improving public health, health services and patient journeys of care.

Introduction to GRHANITE® flyer


GRHANITE® optimises patient and health provider privacy by systematically excluding person identifiable data fields from data extracts. Data de-identification also depends, to some extent, on people who input data using the correct fields in their own computer systems (e.g. clinical software systems). Additional privacy filters are used by GRHANITE® in fields where user error is known to occur.

If necessary, the data originating from a GP practice can be re-identified by sending it back to that practice and using a re-identification ‘key’. This sort of re-identification might be done if a practice agrees to participate in a clinical trial (pending appropriate data and ethical approvals) where the practice may contact patients with certain characteristics to determine their interest in participating. (N.B. Involvement in clinical trials may include financial incentives and benefits to GPs and patients through access to new treatments.)

Partnering general practices agree to display communication materials at all locations of their practice so that they can be viewed by patients. GRHANITE® software includes an easy to access patient ‘opt-out’ checkbox so that practice staff can stop data related to individual patients from being extracted.

Data for Decisions adheres to the University of Melbourne Privacy Policy which outlines our obligation to comply with the relevant Australian regulations and legislations. Researchers that use information sourced from the Patron database are legally required to take all measures to protect privacy and they must not take any steps to attempt to re-identify any data that is provided to them.

Data storage

The Patron data repository is physically housed within the University of Melbourne environment. Nectar Cloud eResearch infrastructure currently facilitates secure storage of the large Patron dataset. The University of Melbourne is Nectar’s lead agent. No data within the Patron dataset is stored within an off-shore server or outside of the University controlled server environment.

Data security

Our team at HaBIC R2 Health Informatics Unit, within the Department of General Practice, are experts in cross-sectoral data capture, consent management and privacy-protecting record management. We employ national and international good practice policies and procedures in our data warehousing and curation in line with national legislation around privacy and data security. Our active risk mitigation strategies are regularly reviewed. It is a legal requirement that any notifiable data breaches are reported to the Australian Information Commissioner.

GRHANITE® uses a number of internationally recognised encryption mechanisms to protect data in transit from the general practice, providing many layers of security. Each instance of GRHANITE® has a unique password and license, and site-specific encryption keys that are themselves encrypted.

No Patron datasets will ever be publicly accessible, but findings from the research, using aggregate data, will be made available through publications and reports. Every researcher that accesses part of the dataset can do so only after meeting ethical, legal and data governance standards.

Anonymous record linkage

GRHANITE® generates ‘hashes’ or ‘signatures’ from person-identifiable information before the data leaves the general practice computer. These ‘signatures’ are irreversible, meaning that unlike statistical linkage keys, there is no way to retrieve person identifiable information from the signature. When information is extracted using GRHANITE® from multiple organisations, the signatures provide a mechanism to link records.