The Data Linkage Branch (DLB) maintains strict security processes at the Department of Health offices in East Perth. The following protocols ensure Physical and Technological Security:
- The DLB employs a layered security approach. Access is gained after passing through a number of areas of increasing restriction.
- The entry foyer of the building is manned during working hours when it is also accessible to members of the public.
- Entry beyond the foyer requires the use of an access control card or an escort.
- Visitors to the DLB must identify themselves, obtain a photo visitor pass from the Department of Health WA security desk and be accompanied by a DLB staff member at all times.
- The DLB is located on a restricted access floor at the Department of Health WA offices which can only be accessed with an access control card.
- The Client Services and Data Delivery Teams are located in a separate office area to the Linkage and Systems Teams.
- The DLB servers are located in a secured server room within a restricted area on a restricted access floor of the building. Access to this area requires separately authorised permission on the access control card, is monitored and audited. Access to this area by non-DLB staff is on a strictly need-to-access basis, and only under DLB escort.
- Incoming and Outgoing Data:
- Identifying data is provided only to the Linkage Team, and content data only to the Client Services Team.
- Data transfer is through secure encrypted portals or by hand delivery.
- Linkage keys are encrypted.
- Data passes through quality assurance checks before release.
- The local intranet is protected from intrusion initiated from external (and internal) parties by several layers of network security and monitoring.
- Server Security:
- Data is subject to regular secure (encrypted) back up, with storage at a secure off-site facility.
- Servers and databases are regularly patched.
- Servers are further protected from intrusion attempts initiated from within the local intranet by an additional layer of monitored firewalling.
- Data is stored on secure servers with strict, needs-based access restrictions.
- Personal computers are monitored by a corporate virus and malware checking system, and employ an automatic locking protocol.
- Login passwords are changed regularly.
- Client Services staff do not have access to the servers on which identifiable data is stored, and Linkage staff do not have access to the servers on which content data is stored.
More information on DLB Security protocols can be found in ‘Confidentiality and security standards in the Data Linkage Branch (abridged) ’.
Security Review 2017
In January 2017, the DLB contracted an independent security review of its systems and processes, carried out by an independent and external expert. The scope of the review comprised all systems and resources within the remit of DLB. The report from this review can be found at the Data Linkage Branch Material downloads page
Security for Data Applicants
In addition to the security protocols followed by the DLB, all applications for linked data must include a detailed security plan. The plan should adhere to the Department of Health WA Practice Code for the Use of Personal Health Information and address both technological and physical security. This plan is reviewed closely by the Department of Health Data Custodians at the feasibility assessment stage, and the Department of Health WA Human Research Ethics Committee.