Data privacy, secrecy and security policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Data privacy, secrecy and security policy"

Transcription

1 A Data privacy, secrecy and security policy 11 March 2014 v2.0 Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 1 of 52

2 Document Control Sheet Document Information Document Name Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Change History Author Date Description Version NHFB 29/07/2013 Working draft for jurisdictional consideration. V0.1 NHFB 26/11/2013 Final version reflecting feedback V1.0 NHFB 11/03/2014 Updated for the Privacy Amendment (Enhancing Privacy Protection) Act 2012 V2.0 Approval Title Name Signature Administrator of the National Health Funding Pool Bob Sendt Date 11 March 2014 Title Name Signature NHFB Chief Executive Officer Lynton Norris Date 11 March 2014 This document is Unclassified and for Official Use Only. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 2 of 52

3 Contents ACRONYMS AND ABBREVIATIONS... 5 PREFACE INTRODUCTION Purpose Data privacy and secrecy Data security Physical security Data protocols Related documents Document updates COLLECTION AND USE OF PERSONAL INFORMATION LEGAL CONSIDERATIONS Collection of personal information under APP Use or disclosure of personal information under APP Security of personal information under APP Data protocol to ensure prudent management of personal information EDW DATA SECURITY FEATURES UTILISED BY THE ADMINISTRATOR About the EDW Granting and revoking user access to data via data stewards User permissions Shared workspaces Data separation Access logs and audit trails Technical implementation Annual attestation PROTOCOLS FOR DATA COLLECTION Administrator s Three Year Data Plan Data protocol 01: State and territory provision of hospital service estimates Protocols for reconciliation requirements Data protocol 02: State and territory provision of hospital services data to Administrator by accessing data provided to IHPA Data protocol 03: (interim) State and territory provision of hospital services data directly to the Administrator Data protocol 04: Provision of de-identified Medicare number for hospital services to Administrator PROTOCOLS FOR USE AND STORAGE OF DATA Determining hospital services eligible for Commonwealth funding Data protocol 05: Determine reconciliation adjustments to Commonwealth ABF funding Data Retention and Disposal Protocol Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 3 of 52

4 6 PROTOCOL FOR RELEASE OF DATA Data protocol 06: Protocol for the release of data Data protocol for the release of matched services to states and territories for review PROTOCOL FOR TREATMENT OF IDENTIFIED DATA Non-disclosure agreement Data protocol 07: Protocol for an incident of identification of a patient from de-identified or identifiable patient data APPENDIX A: DATA PROTOCOL DIAGRAMS APPENDIX B: MATRIX OF DATA TYPE TO RELEVANT PRIVACY AND SECRECY PROVISIONS APPENDIX C: MATRIX OF DATA TO RELEVANT DATA TYPE APPENDIX D: PROCEDURE FOR DATA STEWARD TO GRANT AND REVOKE ACCESS TO DATA APPENDIX E: GLOSSARY Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 4 of 52

5 Acronyms and abbreviations The following acronyms and abbreviations are used throughout this document. Term Description ABF Activity Based Funding ADS Analytical Data Store Administrator Administrator of the National Health Funding Pool COAG Council of Australian Governments DHS Commonwealth Department of Human Services DoH Commonwealth Department of Health IHPA Independent Hospital Pricing Authority LHN Local Hospital Network MBS Medical Benefits Schedule NEP National Efficient Price NHFB National Health Funding Body NHPA National Health Performance Authority NHRA National Health Reform Agreement EDW Enterprise Data Warehouse NMDS National Minimum Data Sets NWAU National Weighted Activity Unit ODS Operational Data Store PBS PIN RDS SCoH SPP Pharmaceutical Benefits Scheme Personal Identification Number Reference Data Store Standing Council on Health Specific Purpose Payment Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 5 of 52

6 Preface I am pleased to present my data privacy, secrecy and security policy for dealing with the collection, use, storage, disclosure and destruction of the data involved in my role as Administrator of the National Health Funding Pool. This policy has been informed by discussions with stakeholders. This policy document is of particular relevance to my work in reconciling actual hospital service levels to pre-existing estimates and in matching hospital services data to Medical Benefits Schedule (MBS) and Pharmaceutical Benefits Scheme (PBS) claims data using a common Medicare PIN. The document outlines processes and protocols I employ to ensure appropriate treatment of these data in the context of Commonwealth and state and territory privacy and secrecy requirements as stated in legislation and associated guidelines and principles. I have set out in this document the data I use, together with my assessment of the sensitivity of the data, the related legislation, guidelines, principles and advice I have used in forming this policy. The privacy, secrecy and security of all data provided by jurisdictions are of particular importance to me. Systems and processes used for collection, storage and reporting have been designed to ensure security of information. I will update this document as necessary to ensure these arrangements reflect changes in the legislative environment and best practice data and information management. All data requested by me are either not identified, or are de-identified. As long as these data remain unidentified, they are not deemed to be personal information within the meaning of the Privacy Act 1988 as amended by the Privacy Amendment Act To cover the possibility that data may become identifiable (and therefore potentially personal information ), additional measures have been adopted to ensure that their collection and use are in accordance with the Australian Privacy Principles and with the secrecy and patient confidentiality provisions in the National Health Reform Act 2011 and other statutory protections. All data not already specified under the National Health Reform Agreement (NHRA) or relevant legislation to be in the public domain are considered sensitive information and are treated in line with relevant secrecy provisions. In this document I outline specific protocols which are in place to ensure identifiable information is not received by me. I also outline protocols which I have put in place for the possibility where de-identified information received by me (or the National Health Funding Body on my behalf) becomes identifiable and therefore caught by relevant privacy provisions. The protocols include advising the data steward of the instance, precluding officers from disclosing information, and disposing of records securely where appropriate. RJ Sendt Administrator National Health Funding Pool Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 6 of 52

7 1 Introduction The Administrator of the National Health Funding Pool (the Administrator) and the National Health Funding Body (NHFB) are established under the National Health Reform Act 2011 (the NHR Act). The Administrator's primary function is to administer the National Health Funding Pool, which in essence involves making payments to state and territory accounts in exchange for states and territories providing a certain number of public hospital services to patients. The NHFB's function is to assist the Administrator in the performance of his or her functions. As part of administering the National Health Funding Pool, the Administrator is required to perform a reconciliation of activity in respect of each state and territory. This reconciliation requires the provision of patient level hospital service data and MBS and PBS claims data. The overall policy intention is for this reconciliation to be undertaken by the Administrator using only de-identified data. As part of the requirements for this process, steps have been included to ensure the de-identification of data prior to a reconciliation being done by the Administrator. The Appendices to this document set out matrices of the types of data the Administrator uses, together with an assessment of privacy, secrecy and security around the data, and the related legislation, guidelines, principles and advice used in forming this policy. 1.1 Purpose The purpose of this document is to describe the Administrator s data privacy, secrecy and security policies and protocols relating to the collection, use, storage and disclosure of data used to inform the processes involved in his or her role. 1.2 Data privacy and secrecy The privacy and secrecy of information is of paramount importance. Any personal information will be treated in accordance with the Australian Privacy Principles in the Privacy Act 1988, incorporating the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and the secrecy and patient confidentiality provisions in the NHR Act as well as other statutory protections. The NHR Act provides protections and imposes obligations on the Administrator and NHFB for the handling of personal information and makes provisions to ensure patient confidentiality. All officers of the NHFB - whether staff employed under the Public Service Act 1999 or other persons assisting the NHFB (including contractors engaged by the NHFB Chief Executive Officer) - are subject to the Australian Public Service (APS) Code of Conduct. Any collection of personal information will only be done for a specified purpose and will be undertaken in strict compliance with the Australian Privacy Principles set out in the Privacy Act 1988 as amended by the Privacy Amendment (Enhancing Privacy Protection) Act Data security The Administrator is committed to the security of all data, and particularly patient level data submitted by states and territories. The Enterprise Data Warehouse (EDW) is being used as a secure facility for the submission, storage and dissemination of data to enable the Administrator s reconciliation processes including National Weighted Activity Unit (NWAU) calculation and determination of activity based funding eligibility. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 7 of 52

8 Where appropriate, security measures and standards employed are consistent with those provided within the Protective Security Policy Framework issued by the Commonwealth Attorney-General s Department and the Australian Government Information Security Manual issued by the Defence Signals Directorate. 1.4 Physical security The Administrator and the NHFB have physical security arrangements in place to ensure the security of data. These arrangements are consistent with the Protective Security Policy Framework and Australian Government Information Security Manual. Where appropriate the Administrator and NHFB use secure rooms, isolated (secure) printers, secure network connections, stand-alone computers, lockable filing cabinets and encrypted USB drives and compact discs. Access to the facilities and materials is restricted and monitored. 1.5 Data protocols This document outlines the data protocols for the collection, use, storage, disclosure and disposal of relevant data. The primary purpose of each protocol is to highlight how data privacy, secrecy and security are handled as the data flow through each of the protocol steps. Security in these protocols demonstrate the appropriate application of the Australian Government s Protective Security Policy Framework by the Administrator and NHFB, providing the operational environment necessary for the confident and secure conduct of the Administrator s business. Managing security risks proportionately and effectively enables the Administrator and NHFB to provide the necessary protection of the Administrator s and the NHFB s people, information and assets. 1.6 Related documents The policies in this document should be read in conjunction with the following documents, which collectively detail the Administrator s related policies, processes and data requirements. 1. NHR PHF NHFB Procedures Manual v Methodology for the Calculation of Commonwealth National Health Funding Pool Contributions (provided for each financial year) 3. Determination 03: Provision of actual hospital services data for reconciliation with estimated data 4. Business rules for determining hospital services eligible for Commonwealth funding Volume 2: Extended proof of concept Reconciliation Framework 6. The Administrator s rolling three year Data Plan. This document specifies the data items collected by the Administrator, including de-identifed data that would be personal information if re-identifed. 7. NHFB Physical Security Policy v NHFB Protective Security Framework v Document updates This document is subject to change and may be updated and reissued by the Administrator. Changes, if any, will be communicated to all stakeholders. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 8 of 52

9 2 Collection and use of personal information legal Both the Administrator and the NHFB are entities for the purposes of the Commonwealth Privacy Act 1988 (the Act) as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012, and are required to comply with the Australian Privacy Principles (APPs) set out in the Act.. The APPs apply to personal information. While de-identifcation procedures have been put in place, it is possible that at least some of these data would fall within the definition of personal information. Any personal information contained in the data provided by states and territories would be collected by the Administrator and the NHFB for the purpose of fulfilling the Administrator's function relating to reconciling the amounts the Commonwealth is required to pay into each State Pool Account with subsequent actual service delivery, and would be both necessary for, and directly related to, that purpose. Table 1 Relevant Australian Privacy Principles APP APP 3 Australian Privacy Principle text Collection of solicited personal information 3.1 If an APP entity is an agency, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of the entity s functions or activities. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 9 of 52

10 APP APP 6 Australian Privacy Principle text Use or disclosure of personal information 6.1 If an APP entity holds personal information about an individual that was collected for a particular purpose (the primary purpose), the entity must not use or disclose the information for another purpose (the secondary purpose) unless: a. the individual has consented to the use or disclosure of the information; or b. subclause 6.2 or 6.3 applies in relation to the use or disclosure of the information. 6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if: a. the individual would reasonably expect the APP entity to use or disclose the information for the secondary purpose and the secondary purpose is: i. if the information is sensitive information directly related to the primary purpose; or ii.if the information is not sensitive information related to the primary purpose; or b. the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or c. a permitted general situation exists in relation to the use or disclosure of the information by the APP entity; or d. the APP entity is an organisation and a permitted health situation exists in relation to the use or disclosure of the information by the entity; or e. the APP entity reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body. 6.3 This subclause applies in relation to the disclosure of personal information about an individual by an APP entity that is an agency if: a. the agency is not an enforcement body; and b. the information is biometric information or biometric templates; and c. the recipient of the information is an enforcement body; and d. the disclosure is conducted in accordance with the guidelines made by the Commissioner for the purposes of this paragraph. 6.4 If: a. the APP entity is an organisation; and b. subsection 16B(2) applied in relation to the collection of the personal information by the entity; the entity must take such steps as are reasonable in the circumstances to ensure that the information is de-identified before the entity discloses it in accordance with subclause 6.1 or 6.2. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 10 of 52

11 APP APP 11 Australian Privacy Principle text Security of personal information 11.1 If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information: 11.2 If: a. from misuse, interference and loss: and b. from unauthorised access, modification or disclosure a. an APP entity holds personal information about an individual; and b. the entity no longer needs the informationfor any purpose for which the information may be usedor disclosed by the entity under this Schedule; and c. the information is not contained in a Commonwealth record; and d. the entity is not required by or under an Australian law, or a court/tribunal order, to retain the information; the entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified. 2.1 Collection of personal information under APP 3 Where a patient's identity is 'reasonably ascertainable' from data provided by a jurisdiction (i.e. by combining multiple data fields, or combining it with publicly available data), and thus constitutes personal information, APP 3 (refer Table 1) allows the Administrator and NHFB officers to collect these data if the information is reasonably necessary for, or directly related to, one or more of the entity s functions or activities. As the collection of these data from jurisdictions is a necessary part of, and directly related to, performing the function of reconciling the amounts paid by the Commonwealth into State Pool Accounts with the actual services provided, then even if the data received contain personal information, receipt of such data by the Administrator and the NFHB will not breach APP Use or disclosure of personal information under APP 6 APP 6 (refer Table 1) deals with the use or disclosure of personal information by agencies. This is relevant to the Administrator's purpose in using the data provided to: reconcile the amounts paid by the Commonwealth into each State Pool Account with the subsequent actual services provided; and match with MBS and PBS claims data in order to reconcile the amounts paid by the Commonwealth into each State Pool Account based on actual services provided. APP 6 allows the data to be used for these purposes. The Administrator s Data Plan requires only the receipt of de-identified data in the first instance. However where information may become identified or are considered reidentifiable, steps will be taken to ensure that this information is de-identified prior to any disclosure. This may include separately storing data considered to be personally identifiable, de-identifying data using recognised techniques, aggregating data to a level that eliminates the chance of re-identification or removing the personally identifiable data elements from data sets altogether. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 11 of 52

12 2.3 Security of personal information under APP 11 APP 11 deals with the security of personal information whilst being used for the purporse and also at the completion of the purpose. Notwithstanding that the Administrator s Data Plan requires only the receipt of de-identified data, the Administrator has measures in place to meet the requirements of APP 11 when using data received from jurisdictions. The Administrator uses the secure facilities of the EDW to receive, manage and store data. Section 3 provides detail on the EDW facilities with respect to security including access. At the completion of the purpose, and where the information does not form part of a Commonwealth record, the Administrator will destroy or de-identify data that may become re-identifiable before storing or sharing the data. 2.4 Data protocol to ensure prudent management of personal information In the event that an incident occurs where certain reconciliation data lead to identification of one or more individual patients, data protocol 07 sets out the procedures to be followed by the Administrator and the NHFB. Whilst an incident of this nature is not in breach of the Privacy Act, protocol 07 demonstrates that the Administrator has a process to ensure prudent management of personal information consistent with Commonwealth legislative requirements. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 12 of 52

13 3 EDW data security features utilised by the Administrator 3.1 About the EDW The EDW is a high quality, secure, reliable, easy-to-use, shared data storage, analysis and reporting system that supports some of the Administrator s key information management requirements. The EDW was established in 2010 to provide the information and communication technology capability to enable key roles and agencies the Administrator, the NHFB, the Independent Hospital Pricing Authority, the National Health Performance Authority, the Australian Commission on Safety and Quality in Health Care and the Commonwealth Department of Health (DoH), to perform their roles under national health reform. The EDW includes the following features: a secure online system for jurisdictions to submit data to the Administrator secure access control management for the sharing of data between the Administrator and the organisations specified in the clause B97 of the NHRA a facility that allows jurisdictions to securely access approved data products a physically secure location with disaster recovery capabilities compliance with relevant Australian Government security policies, including the Australian Government Protective Security Policy Framework and the Australian Government Information Security Manual. 3.2 Granting and revoking user access to data via data stewards For each source data artefact, only the relevant data steward (for example the NHFB CEO as NHFB data steward for the Administrator s data) has the authority to grant and revoke access to those data, and must provide explicit approval before any access to the data artefact by a user or group of users. For example, an NHFB officer who wishes to access hospital services data that have been provided to the Administrator, has to make a request to the NHFB data steward, who then has to determine what access will be granted (if any). Requests for access can also be made in respect of a group of users rather than a single user. The NHFB data steward has a documented procedure for granting and revoking access to data artefacts to a user or group of users (refer Appendix D). Once access has been approved by the data steward, the EDW data custodian will then set the access permissions for that user (or group of users) to access it in accordance with the approval by the data steward. Although a data set may be loaded into the EDW, it can only be accessed by specific users or groups of users where there is explicit approval from the relevant data steward. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 13 of 52

14 3.3 User permissions Source data sets in the EDW are stored as Teradata database tables. The system enables user permissions to be implemented at the level of individual data elements in a table. So, for example, if a data set includes 10 fields in each line of data in a table which has 400,000 lines, and where one of the fields is the year of collection, it is possible to give a particular user access to, say, only three of those fields, and only for data that was collected in a particular year. 3.4 Shared workspaces Specified groups of NHFB users have access to shared workspaces that are confidential to the members of the group, in the same way as are folders on shared drives. These are termed Analytical Data Stores (ADSs) as they are intended to enable exploratory analysis of data. The NHFB, in assisting the Administrator, has been allocated three ADSs, which can be regarded effectively as separate databases: An ADS for analysis of hospital activity and related data An ADS for analysis of MBS and related data An ADS for analysis of PBS and related data The NHFB data steward grants and revokes access to these ADSs as required, to NHFB users only. This means that the ADSs and all the data sets in them are reserved for the exclusive use of NHFB users. Any data provided by the Administrator to agencies under the sharing principles of the NHRA (under clause B97) will be provided as a copy only. Each copy will be provided either by secure data transfer directly to each agency, or (in line with arrangements between agencies and the EDW) by provision of the data in shared EDW workspaces provided for specified groups of agency users. The NHFB data steward mandates that all the Administrator s data for reconciliation requirements, other than data authorised to be in the public domain, is to be stored and analysed in the EDW in the above ADSs to ensure appropriate levels of privacy, secrecy and security. 3.5 Data separation In the EDW, the shared work spaces, derived data and analytical programs of NHFB officers will be separate and secure from any other organisation. The NHFB data steward will have authority over who has access to NHFB data. For example, if officers of the NHFB are undertaking analyses of data for reconciliation purposes, those analyses will not be accessible to other users outside the NHFB, nor will any of the working datasets, SAS programs, or any data cubes or reports created. 3.6 Access logs and audit trails In addition to the overall approach of authorised data stewards granting access to specific source data sets, data elements in those source data sets, reports and/or cubes, to designated users and/or groups of users, the EDW logs all access to data in the managed data space at the level of the user and the individual data elements, reports or cubes accessed, the operations performed on those data, and the time at which the access took place. For data saved within EDW personal and group shared workspaces, the EDW logs access at the level of individual users and the files they access, but not generally at the level of specific data elements accessed within the files. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 14 of 52

15 Access to these logs is strictly controlled and will generally only be available to authorised EDW officers. In the event of an apparent anomaly being discovered in access to NHFB source data, reports or cubes, the EDW will bring this to the attention of the NHFB data steward via a manual process. When this occurs, the NHFB data steward will investigate the anomaly, any breaches of protocol, and planned remedial actions. Outcomes will be advised to the relevant jurisdiction. The access logs will also be available to internal and external auditors, where they wish to review the logs to establish that no inappropriate or unauthorised access has occurred. The NHFB will receive a copy of those parts of the access logs that detail access to its derived data and to the shared workspaces of its officers, and, if requested, the audit trails for instances of access to its derived data and/or workspaces. 3.7 Technical implementation The technical capacity to implement this approach to managing data access is done in part through an Oracle product called Identity and Access Management (I&AM). I&AM is built into the EDW and maintains a profile for each and every EDW user which sets out their membership of any source data access groups. The permissions for these data access groups are implemented in the relevant part of the EDW for example in Red Hat Enterprise Linux and in Teradata. The permissions assigned to a data access group cover the source data sets, reports and data cubes that those users or groups of users are entitled to access and any rules governing their access (for example that it is for a data set pertaining to a particular month or year). The identification and authentication of each user is done through the NHFB s outsourced network logon process, which is managed by IBM. When a person who has logged on to the NHFB s network seeks to access the EDW that is, any of the data or software in the EDW they can only gain access where the information regarding their identity is securely passed from IBM s network security module to Oracle I&AM. I&AM then assigns to that user for that session (i.e. until the person logs off or exits the EDW), the permissions that are associated with the data access group(s) designated for that person in their I&AM profile. When access to the EDW is extended to third parties that are not users of the NHFB network, those users will have to pass a logon process that uniquely identifies them to the Oracle I&AM. 3.8 Annual attestation The NHFB Data Steward will make an annual attestation to the Administrator, as at 30 June each year, detailing a list of officers authorised to access NHFB data, together with a statement of any breaches of data security over the year. The Administrator will share the statement with jurisdictions accordingly. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 15 of 52

16 4 Protocols for data collection The Administrator seeks to provide a secure data exchange mechanism for the provision of all data. 4.1 Administrator s Three Year Data Plan The Administrator s Three Year Data Plan (Data Plan) is the Administrator s determination of the minimum level of data required from jurisdictions in order to calculate the Commonwealth s contribution, conduct reconciliation activities and ensure national comparability (clause B88, NHRA). The Data Plan is revised and re-issued annually, following endorsement by the Standing Council on Health. Supply of the data outlined in the Data Plan is required to enable the Administrator to undertake the functions set out in legislation and in the NHRA. The objectives of the Data Plan are to: communicate the Administrator s data requirements over the three years to jurisdictions in accordance with clause B85 of the NHRA describe the mechanisms, including timelines that the Administrator will use to collect data from jurisdictions advise how data will be used by the Administrator in undertaking the duties required by the Act and the NHRA. Refer to the relevant Data Plan for data submission requirements relating to the reconciliation process. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 16 of 52

17 4.2 Data protocol 01: State and territory provision of hospital service estimates This data protocol is followed when states and territories provide the Administrator with NWAU estimates (or updates to NWAU estimates) for hospital services. Estimates are required to be provided for the coming financial year in aggregate by 31 March each year, and then by confirmed aggregate and each Local Hospital Network (LHN) by 31 May each year. States and territories are then able to revise estimates using this protocol as the financial year progresses. Refer to the Data Plan for details on submission requirements. Refer Appendix A for a data protocol 01 process diagram. Table 2 Data protocol 01 for state and territory provision of hospital service estimates to the Administrator Step Participant and Action 1. State or territory: Sends service estimates to the Administrator. Description A state or territory s original or revised service estimates in spreadsheet form directly to the Administrator at according to formats and timeframes as specified in the Data Plan and associated technical specifications. Privacy There are no privacy concerns with these data as the data contain no personal information. Secrecy The service estimate data are received into a securely managed server where only the Administrator, or NHFB officers specifically authorised by the Administrator may view the to access the data. Security The service estimate data are received into a securely managed server. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 17 of 52

18 Step Participant and Action 2. Administrator and NHFB: receive estimates. Description The NHFB stores the estimates in the NHFB secure document management system. Privacy Secrecy Only specified NHFB officers as authorised by the NHFB CEO have access to the Administrator s to receive estimates. Only specified NHFB officers as authorised by the NHFB data steward have access to the NHFB secure document management system to store and retrieve estimates. Security The service estimate data are received into a securely managed server and a secure document management system. 3. NHFB: Utilises estimates provided to derive Commonwealth National Health Funding Pool contributions. The NHFB, acting on Administrator instructions as documented in the relevant year s Methodology for the Calculation of Commonwealth National Health Funding Pool Contributions, utilises estimates provided, including cross border estimates, along with SPP, NEP, NEC and other information as required to calculate Commonwealth National Health Funding Pool contributions. Only specified NHFB officers as authorised by the NHFB CEO have access to the Administrator s to receive estimates. Only specified NHFB officers as authorised by the NHFB data steward have access to the NHFB secure document The service estimate data and derived Commonwealth national health funding pool contributions are managed in an secure server and secure document management system. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 18 of 52

19 Step Participant and Action 4. Administrator: Approves calculation of Commonwealth National Health Funding Pool contributions and advises jurisdictional ministers and Commonwealth Treasurer. Description Privacy Secrecy management system to store and retrieve estimates and contribution results. Security 5. Commonwealth Treasurer: Receives advice of Commonwealth National Health Funding Pool contributions. 1. Jurisdictional Ministers: Receive advice of Commonwealth National Health Funding Pool contributions. 7. NHFB: Enters Commonwealth National Health Funding Pool contributions into the NHFA Payments System. Only specified NHFB officers as authorised by the NHFB data steward have access to the NHFA Payments System to enter, validate and approve contributions. A three stage entry, validation and approval process, by three separate NHFB users (who are authorised to enter, validate or approve as appropriate) ensures appropriate security around the entry of contributions Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 19 of 52

20 4.3 Protocols for reconciliation requirements Data protocol 02: State and territory provision of hospital services data to Administrator by accessing data provided to IHPA This data protocol is followed when states and territories request the Administrator to use the data already being supplied to the Independent Hospital Pricing Authority (IHPA), through the AIHW/IHPA data submissions portal (AIHW/IHPA Portal) for Submission A. The AIHW/IHPA Portal is a secure facility for the submission of data. Refer Appendix A for a data protocol 02 process diagram. Table 3 Data protocol 02 for state and territory provision of hospital services data to the Administrator Step Participant and Action 1. State or territory: Submits hospital service data via the AIHW/IHPA Portal. Description States and territories request the Administrator to use quarter two and quarter four data already being supplied to the IHPA, through the AIHW/IHPA Portal. Privacy The data contain no identifiable personal information. Secrecy IHPA portal data can only be viewed by authorised IHPA officers. Security The IHPA portal utilises the secure facilities of the EDW for the receipt of data. 2. IHPA: Validates data according to IHPA rules (agreed with NHFB). The Administrator utilises the IHPA validation process for consistency between IHPA and Administrator data. The IHPA utilises secure IHPA data facilities for the validation of data. 3. IHPA: Provides validated data to the Administrator and NHFB. IHPA provides the data to the Administrator through the EDW IHPA utilises the secure facilities of the EDW for the sharing of data with the Administrator. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 20 of 52

21 Step Participant and Action 4. NHFB: receives data on behalf of Administrator (Submission A as referred to in the Administrator s Data Plan). Description The data are received into the Administrator s ADS within the EDW. Privacy The data contain no identifiable personal information. In the event of a patient who had a hospital service being identified by NHFB officers from the specified data, then data protocol 07 must be followed. Secrecy Once the data are received from IHPA by the Administrator, they can only be viewed by authorised NHFB officers granted access to hospital services as required for assisting with the Administrator s functions. Security The Administrator utilises the secure facilities of the EDW for the receipt of data. All data are stored in the EDW s Teradata platform. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 21 of 52

22 4.3.2 Data protocol 03: (interim) State and territory provision of hospital services data directly to the Administrator This protocol is followed when states and territories submit password protected Submission A patient services data directly to the Administrator. Any data provided via this means will be subject to the same data validation rules as data provided to IHPA. Note: Data protocol 03 is interim, and is expected to be retired in December When data protocol 03 is retired, data protocol 02 will become the only protocol for use in the provision of hospital service data to the Administrator. Refer Appendix A for a data protocol 03 process diagram. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 22 of 52

23 Table 4 Data protocol 03 for state and territory provision of hospital services data to Administrator Step Participant and Action 1. State or territory: Posts six monthly and annual hospital services data directly to the Administrator (Submission A as referred to in the Administrator s Data Plan). Description States and territories must submit password protected patient services data directly to the Administrator on a CD via Australia Post registered mail. The CD must be mailed to the post office box as advised to states and territories by the Administrator. States and territories must format the data as outlined in the Administrator s Technical Specifications. For consistency purposes, any data provided via this means will be subject to the same data validation rules as data provided to IHPA. The password for the data must be ed to the Administrator at Privacy The data contain no identifiable personal information. Secrecy If the CD is intercepted by an unauthorised third party, then the data are encrypted and will be unreadable without the password, as the password is delivered to the recipient by a separate mechanism. Security The CD submitted carries password protection, and the password is delivered to the recipient by a separate mechanism. 2. NHFB: receives data on behalf of Administrator and applies password to allow access to the data. The data contain no identifiable personal information. In the event of a patient who had a hospital service being identified by NHFB officers from the specified data, then The unencrypted CD data (once password is applied) can only be viewed by authorised NHFB officers granted access to hospital services as required for assisting with the Administrator s functions. The CD submitted carries password protection, and the password is delivered to the recipient by a separate mechanism. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 23 of 52

24 Step Participant and Action 3. NHFB: loads data into the Administrator s work area (ADS) in the EDW ready for use. Description Privacy data protocol 07 will be followed. Secrecy Once the data are loaded into the EDW, it can only viewed by authorised NHFB officers granted access to hospital services as required for assisting with the Administrator s functions. Security All data are stored in the EDW s Teradata platform. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 24 of 52

25 4.3.3 Data protocol 04: Provision of de-identified Medicare number for hospital services to Administrator This protocol is followed when states and territories submit password protected Submission B Medicare number data for those patient services submitted in Submission A to the Commonwealth Department of Human Services (DHS) on a CD via Australia Post registered mail. The interim arrangement of posting CDs is expected to be replaced by the use of a data submission portal. DHS holds the status of an integrating authority and undertakes this work as a service to the Administrator as required under the NHRA. Refer Appendix A for a data protocol 04 process diagram. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 25 of 52

26 Table 5 Data protocol 04 for provision of de-identified Medicare number for hospital services Step Participant and Action 1. State or territory: Submits six monthly and annual hospital patient services Medicare number data to DHS (Submission B as referred to in the Administrator s Data Plan). Description Each state and territory must submit password protected patient services Medicare number data directly to DHS on a CD via Australia Post registered mail. The CD must be mailed to the DHS officer and address as advised by the Administrator. States and territories must format the data as outlined in Appendix B of the Administrator s Technical Specifications. The password for the data must be ed to the authorised DHS officer at the address advised by the Administrator. Privacy The Medicare number is identifiable information which could be used fraudulently or used to identify a patient who had a hospital service. In the unlikely event of the state or territory Medicare number data being sent to the Administrator in error, then it must be returned immediately to the provider jurisdiction. Secrecy If the CD is intercepted by an unauthorised third party, then the data are encrypted and will be unreadable without the password, as the password is delivered to the recipient by a separate mechanism. Security The CD submitted carries password protection, and the password is delivered to the recipient by a separate mechanism. 2. DHS business area: receives data as an arranged service for the Administrator, and notes the password. On receipt of the data CD, DHS log the data disc details, including State/territory, date received, relevant password, and date the CD is uploaded to the DHS system for processing. The data contain identifiable information in the form of a Medicare number. DHS has existing established practices for handling Medicare number data in accordance with privacy requirements. The unencrypted CD data (once the password is applied) can only be viewed by appropriately accredited DHS officers granted access as required for processing the data. The CD submitted carries password protection, and the password is delivered to the recipient by a separate mechanism. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 26 of 52

27 Step Participant and Action Description Privacy Secrecy Security 3. DHS business area: loads data into a secure DHS production mainframe environment ready for de-identification of data. 4. DHS business area: Submits a request to run the data in the production environment. The data are uploaded to the DHS mainframe environment, where the data are kept until the batch is run. The DHS business area requests the DHS IT service desk to run the data in the production environment. The batch is scheduled to run on a nominated day. The data contain identifiable information in the form of a Medicare number Once the data are loaded into the secure DHS production mainframe input data area, they can only be viewed by appropriately accredited DHS officers granted access as required for carrying out the DHS function of deidentifying the data. DHS utilises the secure facilities of the DHS production mainframe input data area for the validation of data. DHS utilises the secure facilities of the DHS production mainframe. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 27 of 52

28 Step Participant and Action Description Privacy Secrecy Security 5. DHS IT: de-identifies the data by using each input Medicare number to look up the Medicare PIN associated with the Medicare number on the DHS Consumer Directory database. The production batch is run on the scheduled day. Three files are produced from this process: 1. A response file for the submitting state or territory, with an indication of a successful or unsuccessful look up for the Medicare number for each record on the file. The response file contains the Medicare number and does not contain the Medicare PIN. 2. A de-identified output file for the Administrator. When a look up is successful the process will replace the Medicare number with the associated PIN for the patient. When a look up is not successful the Medicare number will be replaced with zero. 3. A summary report file indicating the total number of records received, the total number of successful look ups and the total number of invalid Medicare numbers. The response file contains the Medicare number and does not contain the Medicare PIN. The output file does not contain the Medicare number but contains the Medicare PIN. DHS officers involved in the process have existing permissions to access both the Medicare Number and the Medicare PIN. Once the data are loaded into the secure DHS production mainframe input data area, they can only be viewed by appropriately accredited DHS officers granted access as required for carrying out the DHS function of deidentifying the data. DHS utilises the secure facilities of the DHS production mainframe. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 28 of 52

29 Step Participant and Action Description Privacy Secrecy Security 6. DHS business area: prepares the response, output, and summary report files for forwarding to the relevant stakeholders. The DHS business area receives an automated report from DHS IT showing the results of the de-identification process. The data are downloaded from the DHS mainframe environment. This process involves the DHS business area retrieving the data from mainframe, saving the output, response and summary report files to a designated folder where they are renamed appropriately and copied to CD using encrypted WinZip software. The response file contains the Medicare number and does not contain the Medicare PIN. The output file does not contain the Medicare number but contains the Medicare PIN. DHS officers involved in the process have existing permissions to access both the Medicare Number and the Medicare PIN. Data can only be viewed by appropriately accredited DHS officers granted access as required for carrying out the DHS function of deidentifying the data. DHS utilises the secure facilities of the DHS production mainframe. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 29 of 52

30 Step Participant and Action Description Privacy Secrecy Security 7. DHS business area: mails the response file and summary report to the submitting state or territory. DHS submits the password protected response data CD indicating the results of the Medicare number look up process by registered mail to the nominated contact officer for the state or territory, with an associated indicating the password. The summary report is also included on the CD indicating the total number of records received, the total number of valid and invalid Medicare numbers. The response file contains the Medicare number and does not contain the Medicare PIN. The response file is provided back to the provider jurisdiction that already has access to the Medicare Numbers and is bound by existing local privacy requirements. The jurisdiction receiving the response file has obligations under existing local secrecy provisions. The CD provided carries password protection, and the password is delivered to the recipient by a separate mechanism. 8. State or territory: Receives the response file and summary report. Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 30 of 52

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

Determination 02: Adjustments to Commonwealth funding under the National Health Reform Agreement Growth period

Determination 02: Adjustments to Commonwealth funding under the National Health Reform Agreement Growth period Office of the Administrator PO Box 3139 Manuka ACT 2603 Telephone: 1300 930 522 Email: nhfa.administrator@nhfa.gov.au Determination 02: Adjustments to Commonwealth funding under the National Health Reform

More information

Business rules for determining 2012-13 hospital services eligible for Commonwealth funding

Business rules for determining 2012-13 hospital services eligible for Commonwealth funding A Business rules for determining 2012-13 hospital services eligible for Commonwealth funding Volume 2 Extended proof of concept 17 December 2013 Document Control Sheet Document Information Document Name

More information

Information Circular

Information Circular Information Circular Enquiries to: Brooke Smith Senior Policy Officer IC number: 0177/14 Phone number: 9222 0268 Date: March 2014 Supersedes: File No: F-AA-23386 Subject: Practice Code for the Use of Personal

More information

PRINCIPLES FOR ACCESSING AND USING PUBLICLY-FUNDED DATA FOR HEALTH RESEARCH

PRINCIPLES FOR ACCESSING AND USING PUBLICLY-FUNDED DATA FOR HEALTH RESEARCH TARGETED CONSULTATION DRAFT National Health and Medical Research Council PRINCIPLES FOR ACCESSING AND USING PUBLICLY-FUNDED DATA FOR HEALTH RESEARCH Developed by NHMRC s Prevention and Community Health

More information

Chapter 11: Australian Privacy Principle 11 Security of personal information

Chapter 11: Australian Privacy Principle 11 Security of personal information Chapter 11: Australian Privacy Principle 11 Security of personal information Version 1.1, March 2015 Key points... 2 What does APP 11 say?... 2 Holds... 2 Taking reasonable steps... 3 What are the security

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Zinc Recruitment Pty Ltd Privacy Policy

Zinc Recruitment Pty Ltd Privacy Policy 1. Introduction Zinc Recruitment Pty Ltd Privacy Policy We manage personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. This policy applies to information collected

More information

Privacy fact sheet 17

Privacy fact sheet 17 Privacy fact sheet 17 Australian Privacy Principles January 2014 From 12 March 2014, the Australian Privacy Principles (APPs) will replace the National Privacy Principles Information Privacy Principles

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information: Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal

More information

Daltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual

Daltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual Daltrak Building Services Pty Ltd ABN: 44 069 781 933 Privacy Policy Manual Table Of Contents 1. Introduction Page 2 2. Australian Privacy Principles (APP s) Page 3 3. Kinds Of Personal Information That

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH Council of Australian Governments An agreement between the Commonwealth of Australia and the States and Territories, being: The State of New South Wales The State

More information

STRATEGIC PLAN 2013-16

STRATEGIC PLAN 2013-16 STRATEGIC PLAN 2013-16 CONTACT INFORMATION If you require further information or have any queries in relation to this Strategic Plan, please contact: National Health Funding Body PO Box 3139, Manuka ACT

More information

Information Sheet: Cloud Computing

Information Sheet: Cloud Computing info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.

More information

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS 1. SCOPE This policy details the College s privacy policy and related information handling practices and gives guidelines for access to any personal information retained by the College. This includes personal

More information

OPERATIONAL DIRECTIVE. Data Stewardship and Custodianship Policy. Superseded By:

OPERATIONAL DIRECTIVE. Data Stewardship and Custodianship Policy. Superseded By: OPERATIONAL DIRECTIVE Enquiries to: Ruth Alberts OD number: OD0321/11 Performance Directorate Phone number: 9222 4218 Date: February 2011 Supersedes: OD 0107/08 File No: F-AA-00673 Subject: Data Stewardship

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

PRIVACY POLICY. This document is our privacy policy and it tells you how we collect and manage your personal information.

PRIVACY POLICY. This document is our privacy policy and it tells you how we collect and manage your personal information. PRIVACY POLICY Introduction iproximity Pty Ltd (we, our, us) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information this includes existing

More information

Pacific Smiles Group Privacy Policy

Pacific Smiles Group Privacy Policy Pacific Smiles Group Privacy Policy Pacific Smiles Group Limited and its related bodies corporate (PSG, we, our, us) recognise the importance of protecting the privacy and the rights of individuals in

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Administrator National Health Funding Pool Annual Report 2012-13

Administrator National Health Funding Pool Annual Report 2012-13 Administrator National Health Funding Pool Annual Report 2012-13 Design Voodoo Creative Printing Paragon Printers Australasia Paper-based publications Commonwealth of Australia 2013 This work is copyright.

More information

PRIVACY POLICY. Privacy Statement

PRIVACY POLICY. Privacy Statement PRIVACY POLICY Privacy Statement Blue Care is one of Australia's leading providers of retirement living, community health, help at home services and aged care homes, caring for more than 12,500 people

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Privacy Policy Statement

Privacy Policy Statement Privacy Policy Statement Our Commitment While information is the foundation for providing you with superior service, protecting the privacy of your personal information is of the highest importance to

More information

Data Governance in-brief

Data Governance in-brief Data Governance in-brief What is data governance? Data governance is the system of decision rights and accountabilities surrounding data and the use of data. It can involve legislation, organisational

More information

POLICY STATEMENT 5.17

POLICY STATEMENT 5.17 POLICY STATEMENT 5.17 DENTAL RECORDS 1 (Including ADA Guidelines for Dental Records) 1. Introduction 1.1 Dentists have a professional and a legal obligation to maintain clinically relevant, accurate and

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting

More information

Information Privacy Policy

Information Privacy Policy Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION

More information

NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation

NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation Please send your completed renewal confirmation to: Department of Human Services Fax number: 1800 890 698 Number of pages

More information

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010 About Healthcare Identifiers QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010 Q1. What is the Healthcare Identifiers Service? The Healthcare Identifiers (HI) Service will implement and maintain a

More information

POLICY FRAMEWORK AND STANDARDS INFORMATION SHARING BETWEEN GOVERNMENT AGENCIES

POLICY FRAMEWORK AND STANDARDS INFORMATION SHARING BETWEEN GOVERNMENT AGENCIES POLICY FRAMEWORK AND STANDARDS INFORMATION SHARING BETWEEN GOVERNMENT AGENCIES January 2003 CONTENTS Page 1. POLICY FRAMEWORK 1.1 Introduction 1 1.2 Policy Statement 1 1.3 Aims of the Policy 1 1.4 Principles

More information

Submission in Response to the Personally Controlled Electronic Health Record System: Legislation Issues Paper

Submission in Response to the Personally Controlled Electronic Health Record System: Legislation Issues Paper Submission in Response to the Personally Controlled Electronic Health Record System: Legislation Issues Paper August 2011 About National Seniors Australia With a quarter of a million individual members

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Market Research in the Field v.1

Market Research in the Field v.1 PRIVACY IMPACT ASSESSMENT DECEMBER 10, 2014 Market Research in the Field v.1 Does the CFPB use the information to benefit or make a determination about an individual? No. What is the purpose? Conduct research

More information

that it has no right to have access to the Software in source code form;

that it has no right to have access to the Software in source code form; Attachment 2: TERMS & CONDITIONS SECTION 1: CAT CS Pty Ltd CAT Plus Software Distribution Agreement things to know: For the Practice 1. The Practice acknowledges that all Intellectual Property Rights in

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Personally controlled electronic health record (ehealth record) system

Personally controlled electronic health record (ehealth record) system Personally controlled electronic health record (ehealth record) system ehealth record System Operator Audit report Information Privacy Principles audit Section 27(1)(h) Privacy Act 1988 Audit undertaken:

More information

Mandatory data breach notification in the ehealth record system

Mandatory data breach notification in the ehealth record system Mandatory data breach notification in the ehealth record system Draft September 2012 A guide to mandatory data breach notification under the personally controlled electronic health record system Contents

More information

Overview of the Impact of the Privacy Reforms on Credit Reporting

Overview of the Impact of the Privacy Reforms on Credit Reporting Overview of the Impact of the Privacy Reforms on Credit Reporting June 2012 Andrew Galvin, Partner 1 OVERVIEW 1.1 Credit Reporting Reform - Background When initially passed, the Privacy Act 1988 essentially

More information

1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au.

1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au. Indigenous Business Australia Credit Information Policy 1 Purpose and application of this policy 1.1 This credit reporting policy (Credit Information Policy) describes and establishes how Indigenous Business

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

Privacy Policy Draft

Privacy Policy Draft Introduction Privacy Policy Draft Please note this is a draft policy pending final approval Alzheimer s Australia values your privacy and takes reasonable steps to protect your personal information (that

More information

Belmont 16 Foot Sailing Club. Privacy Policy

Belmont 16 Foot Sailing Club. Privacy Policy Belmont 16 Foot Sailing Club Privacy Policy APRIL 2014 1 P age Belmont 16 Foot Sailing Club Ltd (the 16s ) respects your right to privacy and is committed to protecting your personal information. This

More information

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:

More information

Council Policy. Records & Information Management

Council Policy. Records & Information Management Council Policy Records & Information Management COUNCIL POLICY RECORDS AND INFORMATION MANAGEMENT Policy Number: GOV-13 Responsible Department(s): Information Systems Relevant Delegations: None Other Relevant

More information

16 Electronic health information management systems

16 Electronic health information management systems 16 Electronic health information management systems Section 16: Electronic information management systems The continued expansion and growth in global technologies is aiding the development of many new

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Electronic business conditions of use

Electronic business conditions of use Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users

More information

NORTHERN TERRITORY OF AUSTRALIA HEALTH SERVICES ACT 2014. As in force at 1 July 2014. Table of provisions

NORTHERN TERRITORY OF AUSTRALIA HEALTH SERVICES ACT 2014. As in force at 1 July 2014. Table of provisions NORTHERN TERRITORY OF AUSTRALIA HEALTH SERVICES ACT 2014 As in force at 1 July 2014 Table of provisions Part 1 Preliminary matters 1 Short title... 1 2 Commencement... 1 3 Principles and objectives of

More information

Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information

Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information Version 1.0, February 2014 Key points... 2 What does APP 5 say?... 2 Taking reasonable steps to notify or

More information

Direct Recruitment Privacy Policy

Direct Recruitment Privacy Policy Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected

More information

Scotland s Commissioner for Children and Young People Records Management Policy

Scotland s Commissioner for Children and Young People Records Management Policy Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

RTO Delegations Guidelines

RTO Delegations Guidelines RTO Delegations Guidelines ISBN 0 7594 0389 9 Victorian Qualifications Authority 2004 Published by the Victorian Qualifications Authority This publication is copyright. Apart from any use permitted under

More information

Guidelines approved under Section 95A of the Privacy Act 1988. December 2001

Guidelines approved under Section 95A of the Privacy Act 1988. December 2001 Guidelines approved under Section 95A of the Privacy Act 1988 December 2001 i Commonwealth of Australia 2001 ISBN Print: 1864961074 Online: 1864961139 This work is copyright. Apart from any use as permitted

More information

Information Handling Policy

Information Handling Policy Information Handling Policy 10 December 2015 Information Handling Policy 1. Who We Are 1.1 In this Information Handling Policy, references to we, our, us and ClearView are to ClearView Wealth Limited and

More information

FISHER & PAYKEL PRIVACY POLICY

FISHER & PAYKEL PRIVACY POLICY FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed

More information

APES 310 Dealing with Client Monies

APES 310 Dealing with Client Monies M EXPOSURE DRAFT ED 01/10 (April 2010) APES 310 Dealing with Client Monies Proposed Standard: APES 310 Dealing with Client Monies (Supersedes APS 10) [Supersedes APES 310 Dealing with Client Monies issued

More information

De-identification of Data using Pseudonyms (Pseudonymisation) Policy

De-identification of Data using Pseudonyms (Pseudonymisation) Policy De-identification of Data using Pseudonyms (Pseudonymisation) Policy Version: 2.0 Page 1 of 7 Partners in Care This is a controlled document. It should not be altered in any way without the express permission

More information

National Health Reform Enterprise Data Warehouse (NHR EDW) Program. RFT Industry Brief

National Health Reform Enterprise Data Warehouse (NHR EDW) Program. RFT Industry Brief National Health Reform Enterprise Data Warehouse (NHR EDW) Program RFT Industry Brief 11 August 2011 11 August 2011 1 1. Introduction Rob Wilkinson NHR EDW Program Manager 11 August 2011 2 Agenda Topic

More information

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

Administrative Procedures Memorandum A1452

Administrative Procedures Memorandum A1452 Page 1 of 11 Date of Issue February 2, 2010 Original Date of Issue Subject References February 2, 2010 PRIVACY BREACH PROTOCOL Policy 2197 Management of Personal Information APM 1450 Management of Personal

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 26/10/2015 HSCIC Audit of Data Sharing

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

Tasmanian Government Identity and Access Management Toolkit

Tasmanian Government Identity and Access Management Toolkit Tasmanian Government Identity and Access Management Toolkit Summary January 2010 Department of Premier and Cabinet For further information on the Toolkit, contact the Office of egovernment: egovernment@dpac.tas.gov.au

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...

More information

AASA Online Privacy Policy CRP.020

AASA Online Privacy Policy CRP.020 Introduction Alzheimer s Australia SA Inc values your privacy and takes reasonable steps to protect your personal information (that is, information which identifies or may reasonably be used to identify

More information

Privacy Policy Australian Construction Products Pty Limited

Privacy Policy Australian Construction Products Pty Limited Privacy Policy Australian Construction Products Pty Limited What is this privacy policy about? This Privacy Policy describes how Australian Construction Products 63 091 618 781 (we or us) will treat the

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY 1. About this Policy Corporate Travel Management Group Pty Ltd (ABN 52 005 000 895) (CTM) ('we', 'us', 'our') understands the importance of, and is committed

More information

Entrepreneurs Programme - Business Evaluation. Version: 3

Entrepreneurs Programme - Business Evaluation. Version: 3 Entrepreneurs Programme - Business Evaluation Version: 3 20 October 2015 Contents 1 Purpose of this guide... 4 2 Programme overview... 4 2.1 Business Management overview... 4 3 Business Evaluations...

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

NORTHERN TERRITORY ELECTRICITY RING-FENCING CODE

NORTHERN TERRITORY ELECTRICITY RING-FENCING CODE NORTHERN TERRITORY ELECTRICITY RING-FENCING CODE JULY 2001 Table of Provisions Clause Page 1. Authority...2 2. Application...2 3. Objectives...2 4. Ring-Fencing Minimum Obligations...2 5. Compliance with

More information

Privacy Policy and Disclosure Statement

Privacy Policy and Disclosure Statement Privacy Policy and Disclosure Statement 1. Introduction 1.1 From time to time Pinnacle People (ABN: 813 790 665 06) ("the Company") is required to collect, hold, use and/or disclose personal information

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 21/09/2015 HSCIC Audit of Data Sharing

More information

Submission to the Senate Select Committee on Health Public Hearing on Big Data and Data Linkage

Submission to the Senate Select Committee on Health Public Hearing on Big Data and Data Linkage Submission to the Senate Select Committee on Health Public Hearing on Big Data and Data Linkage Australia s health system is world class, supporting universal and affordable access to high quality medical,

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

Life Cycle of Records

Life Cycle of Records Discard Create Inactive Life Cycle of Records Current Retain Use Semi-current Records Management Policy April 2014 Document title Records Management Policy April 2014 Document author and department Responsible

More information

CUA Group APP Privacy & Credit information Policy

CUA Group APP Privacy & Credit information Policy For more information: Call 133 282 Visit www.cua.com.au Drop into your local branch CUA Group APP Privacy & Credit information Policy 1 August 2015 Credit Union Australia Limited ABN 44 087 650 959 AFSL

More information

Auditing data protection a guide to ICO data protection audits

Auditing data protection a guide to ICO data protection audits Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

Cloud Computing in a Government Context

Cloud Computing in a Government Context Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information