Governance and Privacy

Preserving privacy and maintaining robust data governance are of critical importance.  Any use of linked data must have an appropriate legal basis.  The CHeReL also complies with best practice principles by separating the linkage of personally identifying information from the content information (e.g. clinical diagnosis, type of cancer, cause of death etc). The CHeReL and NSW Health comply with the Five Safes Framework to ensure data is handled in a way that protects privacy and supports safe, responsible and ethical use of data.

Legislative framework

CHeReL will only perform record linkage of personally identifying information where permitted by legislation. The CHeReL is bound by the Health Records Information and Privacy Act 2002 (HRIP Act) for personal health information and the Privacy and Personal Information Protection Act 1998 (PPIP Act) for personal information. As an NSW Health Agency, the CHeReL also complies with obligations under the Health Administration Act 1982 and the Public Health Act 2010 in relation to collection and disclosure of information.

The legal framework is supported by a range of NSW Health policies and procedures. The NSW Privacy Manual for Health Information provides operational guidance to the legislative obligations imposed by the HRIP Act and policies on disclosure of data for research, management of health services and electronic information security.

Where linked data are used for research, Human Research Ethics Committee (HREC) approval is required

Approval by the Aboriginal Health and Medical Research Council HREC is required for research projects involving analysis of data relating to Aboriginal people (http://www.ahmrc.org.au/).

Secure data environments (SDEs)

Secure data environments (SDEs) provide a safe and controlled way for approval uses to access health data. The CHeReL complies with NSW Health Policy to release potentially re-identifiable unit record data on to a secure data environment, see here for more information.