The Department of Health is committed to maintaining privacy. In addition to multiple layers of protection already provided by the Department of Health WA, the following are applied:

  • A strong professional culture among staff that values the protection of individual privacy. Linkage Officers are employed under the Public Sector Management Act (1994) and are bound by its privacy and confidentiality provisions. Staff also undergo Criminal Record Screening
  • All staff and researchers sign confidentiality acknowledgements and are required to undertake regular training about their obligations
  • The identifying information used for linkage (such as name, date of birth and address) and the content information provided to Data Applicants (such as details of diagnosis and treatment) are stored and worked on separately (see The Separation Principle below)
  • Staff access the minimum amount of information required for their role
  • Requests for linked data for research and new linkages must be approved by the Department of Health WA Human Research Ethics Committee and Department of Health Research Governance Office
  • Before data is provided to Data Applicants, formal approval must be granted by the Data Custodian/s (the person who manages that dataset) for the project
  • Technical measures in releasing data to approved Data Applicants is applied to ensure data from separate studies cannot be combined

The Separation Principle

A separation principle was developed to address privacy concerns and enable Data Custodians to retain control over access to information in their care. This protocol is now referred to as “best practice protocol” and is used widely by a number of linkage centres around the world. This protocol, described in Kelman 2002, aims to protect privacy by restricting access to personal identifying information.

The principle consists of four distinct steps. In this way, access to identifying information is restricted to a specialised Linkage Team who perform the first and second steps. Data Custodians are involved in the third step. Data Applicants are only involved in the last step and therefore do not need to access any personal identifying information.

  1. Linkage Officers create, store and manage links in a dynamic Linkage System using confidential personal demographic information
  2. Linkage Officers extract subsets of links from the Linkage System, then encrypt these “linkage keys” differently for each particular project
  3. Encrypted “linkage keys” are provided to the Data Custodians (of the separate datasets) so they can add them to their clinical or service details (known as ‘content data’) for that particular project
  4. Lastly, Data Applicants receive content data from each Data Custodian and use the encrypted keys to connect the details needed for their analyses