Data storage and record retention
Data provided and created for this study are stored in accordance with AIHW information security protocols. No third parties, including the Department of Veterans’ Affairs (DVA), have access to any identified linked data. Any data provided to DVA by the AIHW are in aggregated and de-identified form and stored in accordance with DVA’s security processes and procedures.
Data stored and analysed at the AIHW are protected under the Privacy Act 1988 and the Australian Institute of Health and Welfare Act 1987. The AIHW is subject to the Public Service Act 1999 and the APS Code of Conduct. As well, it has issued formal Guidelines for the Custody of Institute Data as a further measure to ensure data protection.
The AIHW performs data linkage projects on a separate secure private network to which only Data Integration Services Centre (DISC) staff and the Systems Manager have access. Dedicated DISC infrastructure capabilities replicate the hardware already used with success on other large data integration projects across the AIHW. This environment is separate from any other AIHW systems. The AIHW connects, through the Intra Government Communications Network, to an Internet gateway provider accredited by the Australian Signals Directorate. The AIHW’s Internet gateway is certified to the PROTECTED level. DISC projects are undertaken on a separate secure network not connected to the Internet.
The AIHW uses best practice technology, procedures and policies to protect its information and communication technology assets. A layered system of security is in place, with different technologies and techniques used at different levels. In line with the Australian Government Protective Security Policy Framework:
- passwords are changed regularly
- accounts are locked out after 3 failed attempts
- Operating System patching of desktops, networking equipment and servers is done in line with Australian Signals Directorate guidelines
- application software updates are tested and applied as soon as practical after release
- access to the data centre is controlled by swipe card
- the network has a state-of-the art firewall to protect against external intrusion, beyond which the accredited gateway has its firewalls
- anti-virus software is constantly updated
- regular backups are taken, including rotation to a secure off-site storage facility
- desktops have been hardened to prevent users from installing software or tampering with the system.
These security measures are backed up by an auditing regime, based around tightly controlled separate information domains (staging, linking, and consolidation domains) that exist for each stage of creating the project data. Each project in each information domain is in a separate storage location, with access limited by user (different users in different information domains for separation requirements).
This architecture determines who can access what data at any time, and access is therefore predetermined and logged. Work logs of basic user and time/date information are generated when code is run against these data and are stored as part of the audit trail.
In summary, access is provided to individuals for each stage of a project. This allows the AIHW to determine and log all access rights to the data throughout the process. At the completion of the project, and in line with the data retention date, the AIHW uses sDelete (Microsoft) to remove all files relating to a project from the hard disk. In line with DISC data retention/backup cycle procedures, data are overwritten on a 4-weekly cycle. Data are encrypted as part of the archival process using Commvault.
Privacy principles and ethics approval
This study is conducted under strict privacy guidelines and the oversight of organisational ethics committees.
The Privacy Act 1988 sets out 13 Australian Privacy Principles that govern agencies of the Australian Government in their collection, storage, use, disclosure and management of data containing personal information. The Privacy Act permits the handling of health information for health and medical research purposes in certain circumstances, where researchers are unable to seek individuals’ consent. This recognises the need to protect health information from unexpected uses beyond individual health care as well as the important role of health and medical research in advancing public health.
The Privacy Commissioner has approved 2 sets of legally binding guidelines, issued by the National Health and Medical Research Council. Researchers must follow these guidelines when handling health information for research purposes without individuals’ consent. The guidelines also assist Human Research Ethics Committees (HRECs) in deciding whether to approve research applications. The guidelines are produced under sections 95 and 95A of the Privacy Act, detailing procedures that HRECs and researchers must follow when personal information is disclosed from an Australian Government agency for medical research purposes, and providing a framework for HRECs to assess proposals to handle health information for health and medical research (without individuals’ consent). They ensure that the public interest in the research activities substantially outweighs the public interest in the protection of privacy.
This study is conducted under strict privacy guidelines and the oversight of organisational ethics committees. This study was approved by the Departments of Defence and Veterans’ Affairs Human Research Ethics Committee (DDVA HREC) on 20 April 2018 (047–18). It was approved by the AIHW Ethics Committee on 8 May 2018 (EO2017/5/411).