• Print

The AIHW operates under a strict privacy regime which has its basis in section 29 of The Australian Institute of Health and Welfare Act 1987. Our record of protecting the security of the data we hold on the health and welfare of Australians is exemplary. The Institute's Board closely monitors the Institute's performance regarding maintenance of the privacy of its data, and has commissioned and endorsed a range of policies and practices relating to data privacy.

Privacy is one of the five objectives of the Institute's Corporate Plan, with strategies to implement that objective contained in our Business Plan.

Functions of the AIHW

The AIHW's main functions relate to the collection and production of health-related and welfare-related information and statistics, and are specified in s. 5 of the AIHW Act.

In summary, the AIHW:

  • identifies and meets the information needs of governments and the community to enable them to make informed decisions to improve the health and welfare of Australians
  • provides authoritative, timely information and analysis to the Commonwealth, state and territory governments and to non-government clients by collecting, analysing and disseminating national data on health, community services and housing assistance
  • develops, maintains and promotes, in conjunction with stakeholders, information standards for health, community services and housing assistance.
  • subject to strict confidentiality provisions in the AIHW Act and with the agreement of its Ethics Committee, releases data to other bodies or persons for research purposes.

The AIHW puts into the public domain and promotes the results of its work. 

Legislative framework to support data privacy

Australian Institute of Health and Welfare Act 1987

The confidentiality provisions in s. 29 of the AIHW Act apply to information obtained by the AIHW concerning another person. It is important to note that the definition of 'person' in the context of s. 29 of the AIHW Act includes both a body politic and a deceased person.

From the perspective of both subjects and providers of information held by the Institute, a major strength of s. 29 is that it specifically imposes on recipients of data released by the Institute (e.g., with the approval of the Ethics Committee), the same confidentiality obligations as apply to AIHW staff. These include a specific restriction on being required to divulge or communicate any of that information to a court (s.29(1)(e)).

The obligations of s. 29(4)(e) of the Act are so strict that they include the requirement not to disclose even the source of the information or "the whereabouts, existence or non-existence of a document concerning a person." The AIHW can, however, inform the community that it is responsible for particular data collections.

Privacy Act 1988

APS Code of Conduct

As well as the protection offered by the s. 29 of the AIHW Act, personal information held by the Institute is covered by the confidentiality provisions of the Privacy Act 1988.

Staff of the Institute are employed under the Public Service Act 1999 and are subject to the APS Code of Conduct.

The legislative framework provides a firm underpinning for the Institute's national data collection activities.

The AIHW has a range of policies, protocols and processes in place to ensure the confidentiality of its data, including:

Policies

  • AIHW Information Security and Privacy Policy and Procedures
  • Guidelines for Custody of AIHW Data
  • AIHW Ethics Committee: Guidelines for the preparation of submissions for ethical clearance
  • Privacy and the AIHW Ethics Committee - Guidance to Committee Members 

Protocols

  • "Rules" covering the release of statistical information to ensure that a data subject cannot be identified.
  • Confidentialisation regime undertaken within AIHW Units: e.g., encryption of linkage keys
  • The AIHW will not permit its data to be linked for regulatory purposes.
  • Data linkage and protecting privacy: a protocol for linking between two or more data sets held within the Australian Institute of Health and Welfare (207KB PDF and 138KB DOC).

Procedures

Undertaking of confidentiality

All staff, including staff employed on a short-term basis, staff of collaborating units and contractors are required to sign an Undertaking of Confidentiality as soon as they start work at the Institute. Verbal and written information covering security of data is part of the induction material given to all new staff.

Formal delegation of responsibilities to data custodians

The Institute has developed a central corporate register of AIHW data holdings to support a standardised approach to the management of data holdings. Staff at Unit Head level have responsibility for particular data sets, including ensuring compliance with any security and confidentiality requirements. To acknowledge the key role of Data Custodians, the Institute's Director has formally delegated responsibility for the custody of data holdings to those Data Custodians. The roles and responsibilities of Data Custodians are included in the Institute's Guidelines for the Custody of Institute Data.

Computer systems and database access

To support the data custodian guidelines, systems are in place to ensure that staff cannot gain unauthorised database access.

Data audit program

A regular program of data audits is conducted to monitor, among other things, that confidentiality requirements are maintained. Reports of this audit program are considered by the Audit and Finance Committee of the AIHW Board, and formally endorsed at a Board meeting.

Contribution to national privacy initiatives

The AIHW contributes to national discussion of privacy issues through its participation in national bodies, and submissions to the development and review of national privacy legislation. The AIHW has observer status on the Australian Health Ministers' Advisory Council (AHMAC) working group developing the National Health Privacy Code and is committed to national adoption of that Code.
The AIHW Director and the Chief Executive Officer of the Office of National Health and Medical Research Council have observer status on the governing body of the other organisation, and have a close working relationship regarding matters of privacy and ethical issues.  

Further information

Further information can be obtained from the Institute's Privacy Officer (02 6244 1000). For a general overview on how the AIHW protects the privacy of individuals, please read our Safeguarding your privacy brochure [1.1MB PDF]. For more detailed information about AIHW’s legal obligations and the Institute’s data custody and governance arrangements, please see our Privacy at the AIHW brochure [1.9MB PDF].