Strict security processes at the Department of Health offices in East Perth are adhered to. The following protocols ensure Physical and Technological Security:
Physical Security
- The Department of Health employs a layered security approach. Access is gained after passing through a number of areas of increasing restriction.
- The entry foyer of the building is manned during working hours when it is also accessible to members of the public.
- Entry beyond the foyer requires the use of an access control card or an escort.
- Visitors to the Department of Health must identify themselves, obtain a photo visitor pass from the Department of Health WA security desk and be accompanied by a staff member at all times.
- The Data Linkage and Outputs teams are located on a restricted access floor at the Department of Health WA offices which can only be accessed with an access control card.
- The ISPD Client Services and Data Outputs Teams are located in a separate office area to the Linkage and Systems Teams.
- Servers are located in a secured server room within a restricted area on a restricted access floor of the building. Access to this area requires separately authorised permission on the access control card, is monitored and audited. Access to this area is on a strictly need-to-access basis.
Technological Security
- Incoming and Outgoing Data:
-
- Identifying data is provided only to the Linkage Team, and content data only to the ISPD Client Services Team.
- Data transfer is through secure encrypted portals or by hand delivery.
- Linkage keys are encrypted.
- Data passes through quality assurance checks before release.
- The local intranet is protected from intrusion initiated from external (and internal) parties by several layers of network security and monitoring.
-
- Server Security:
-
- Data is subject to regular secure (encrypted) back up, with storage at a secure off-site facility.
- Servers and databases are regularly patched.
- Servers are further protected from intrusion attempts initiated from within the local intranet by an additional layer of monitored firewalling.
-
Access
- Data is stored on secure servers with strict, needs-based access restrictions.
- Personal computers are monitored by a corporate virus and malware checking system and employ an automatic locking protocol.
- Login passwords are changed regularly.
- ISPD Client Services staff do not have access to the servers on which identifiable data is stored, and Linkage staff do not have access to the servers on which content data is stored.
More information on Data Linkage Services Security protocols can be found in ‘Confidentiality and security standards in the Data Linkage Branch’.
Security Review 2017
In January 2017, Data Linkage Services contracted a security review of its systems and processes, carried out by an independent and external expert. The scope of the review comprised all systems and resources within the remit of the Data Linkage Services. The report from this review can be found at the Material downloads page
Security for Data Applicants
In addition to the security protocols followed by, all applications for linked data must include a detailed security plan. The plan should adhere to the Department of Health WA Practice Code for the Use of Personal Health Information and address both technological and physical security. This plan is reviewed closely by the Department of Health Data Custodians at the feasibility assessment stage, and the Department of Health WA Human Research Ethics Committee.