1. All parties must demonstrate compliance with data management best practice
a) All parties must act in compliance with the Privacy Act and Privacy Principles
Issues of consent for the disclosure of personal health data are governed under the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). All parties that are handling personal data must ensure they act in compliance with the Privacy Act and the APPs, and third parties must provide compliance information to general practices where they are extracting personal patient data for secondary purposes.
b) All parties must act ethically with regard to general practice data
All parties handling general practice data have an obligation beyond that of mere legal compliance. They must behave ethically and recognise their decisions and actions have impacts on general practice teams, their patients, and society more broadly. Third parties using general practice data need to consider whether positive values (e.g., merit, integrity, justice, beneficence) underlie their activities, evaluate whether they are contributing to the community, and reflect whether their behaviour is respectful of social norms.
General practices must evaluate whether they believe the requesting third party is a reputable organisation, and whether their aims in using the data are open, honest and appropriate. Ethical conduct involves more than simply doing the right thing. It involves ‘acting in the right spirit, out of an abiding respect and concern for one’s fellow creatures.’1
Examples of inappropriate secondary uses could include:
-
- That which is inappropriate from a data management perspective (i.e., it does not align with data management best practice)
- That which might reasonably result in the re-identification of individuals
- On-selling or otherwise providing or transferring data to other parties (not specified in the data sharing agreement or contract)
- Publicly benchmarking practices or individual health professionals
- Establishing pay-for-performance systems or performance managing clinicians
- Revalidation or credentialling of health professionals
- Purely commercial purposes not linked to the goal of improving patient care
- Linkage to datasets held by entities such as workers’ compensation insurers, private health insurers, or Centrelink
- Low quality or dubious
c) Data must only be used for agreed purposes
General practice data usually contains longitudinal and dynamic data, often spanning decades. Third parties must aim to extract the minimum amount of data needed to achieve their purpose (ie, not complete medical records). General practice data must only be used by a third party for the purposes outlined in the data sharing agreement or contract. The third party must seek express permission from the general practice (and patients if consent was required in the first instance) to use, provide, or transfer the data for any purpose not originally specified, including further analysis or extrapolation of the data.
d) Data security is everyone’s responsibility
Third parties must provide information to general practices on how they intend to conduct the extraction of data, store it in a facility based in Australia as per legislation, and ensure the data is kept secure. Third parties must demonstrate compliance with Australian cyber security standards for systems used to store and analyse data. They must explain how they employ cyber security resilience measures to protect extracted data from malicious attempts to access and misuse it by external agents. Details might be provided in the data sharing agreement or contract.
e) Special considerations apply for data linkage
Bringing together data relating to one individual, family, place or event from disparate sources can help answer questions that are not easy to answer using other methods. Where informed patient consent is given, data linkage is acceptable. However, linkage of de-identified data carries a risk of re-identifying individuals. In this situation, it is imperative identifiable demographic data is separated from clinical data prior to linkage, and personnel involved in the linking of identifiable data do not have access to the clinical data, and vice versa. If a third party intends to link general practice and other data, they must seek ethics approvals through the relevant channels and demonstrate to the general practice this is being conducted by a reputable body such as the Australian Institute of Health and Welfare (AIHW).
2. Healthcare consumers deserve transparency in the use of their health data
a) General practices must provide information on secondary use to patients
Much effort is taken in general practices, and healthcare settings in general, to ensure patient privacy is protected. Patients must trust they can speak freely with their GP without fear personal information could end up in the hands of a third party without their knowledge.
To retain patient trust, it is important for general practice to have processes and protocols in place informing and reassuring patients data collected in general practice is adequately protected in terms of privacy and ethical principles.
The RACGP Standards for general practices (5th edition) recommends general practices advise patients about whether they provide de-identified data to third parties, and by whom and for what purpose the data is used. Clear, easy-to-understand statements about the purpose and benefits of secondary use of health data help foster trust.2
Practices can consider a multifaceted approach to inform patients of their data sharing policy, such as through posters in waiting rooms, on the general practice’s website, social media channels, practice newsletters, and patient registration forms. As with all patient communications, general practices must consider literacy levels and language barriers when discussing secondary uses of data.
General practice principals must inform all staff working in the clinic about any data sharing agreements so they have an understanding about secondary use of patient data and can discuss this with patients as required. Contractors and locums must also be made aware of these agreements.
General practices might choose to nominate a point of contact to answer any patient questions or concerns.
b) General practices must provide patients an opportunity to opt out of providing data for secondary uses
Most data extraction software has an opt-out function, therefore, where feasible, general practices must provide patients with a choice to opt out of secondary uses of data.3 If a patient indicates they wish to opt out of a program to use de-identified data for secondary purposes (whether verbally or in writing), this must be indicated in their record.
Although desirable, there is currently no facility in general practice electronic medical record systems for patients to give consent for use of particular data (e.g., all de-identified data except psychiatric information) or for the use of data for particular purposes (e.g., only for medical research).
Patients must be advised that once they provide consent for the secondary use of data, it will not be feasible to remove previously provided data should they have a change of mind. Identifiers will have been removed in this process, rendering it impossible to link the supplied data to any individual following extraction. The data may have been used in published research by a third party. It is, however, possible to withdraw consent for future secondary uses of data.
c) Consent must be obtained from patients for particular secondary uses
For some secondary purposes, usually when identifiable information is requested, patients will be required to give their express consent for their data to be included in the research. Express patient consent for disclosure to a third party is also required in situations where the data includes details that might reasonably identify an individual. The National Health and Medical Research Council (NHMRC) National Statement on Ethical Conduct in Human Research provides guidance on when consent is required in Chapter 2.3: Qualifying or waiving conditions for consent.
Third parties must outline the process by which the patients of a general practice will be approached to provide consent, and this can be documented in the data sharing agreement or contract. Consent conversations must be thoroughly documented by the third party, and all efforts made to ensure the patient is aware of the ways in which the data will be used.
Third parties must refrain from passing on or selling data to other third parties without prior agreement with the general practice in the data sharing agreement.
d) Special considerations apply for data on or about Aboriginal and Torres Strait Islander peoples
Data that concerns or that might affect Aboriginal and Torres Strait Islander people, either individually or collectively, must be given specific consideration by third parties.
Indigenous data sovereignty ensures data on or about Aboriginal and Torres Strait Islander people is used in ways consistent with their values, culture, and diversity, and meets their current and future needs.4
General practices entering into data sharing agreements must ensure the third party has appropriate Aboriginal and Torres Strait Islander data sovereignty arrangements.
e) Special considerations may apply for data collected specifically related to other patient groups
Data used for research on our about particular populations (for example, people from culturally and linguistically diverse (CALD) backgrounds or individuals with rare health conditions) will often involve smaller data sets, which can increase the risk of re-identification. Third parties using data related to these populations must have processes in place to minimise the risk of de-identification to protect patient privacy.
3. The contribution of general practice must be valued and recognised
a) General practices must retain access and control over what can be extracted
Maintaining accurate and comprehensive patient health records is crucial to providing patients with continuous high- quality and safe care. Patient health records generally belong either to the health professional who created them or to the practice in which they work.5 As the custodians of data, GPs and their practices have a responsibility to ensure these data are collected, stored, accessed, used and disposed of appropriately.
General practices must retain control over what data can be extracted from their systems by third parties.
Data generated by a practice must be available and remain available for all purposes the practice deems appropriate. Third parties storing electronic medical record data must not restrict access or charge fees to access a practice’s own data.
b) There must be a value proposition for general practice
Secondary uses of general practice data should preferably benefit the larger healthcare sector including general practice, not just secondary or tertiary segments of the health care system.
Therefore, third parties requesting data are expected to explain how their use of the data will result in public benefit, and specifically, benefit for general practice. Further, they must specify how they will provide results or outcomes of research from supplied data to participating general practices.
Before agreeing to provide general practice data, practice owners, GPs and administrative staff will need to know the costs, benefits, and risks associated with extraction, storage, analysis, curation and use of general practice data by third parties. Data sharing agreements or contracts must indemnify the general practice, its GPs and its patients in the event of a breach of the terms of the contract. General practices can refer to their medical defence organisation (MDO) to determine whether they are covered in the event a data breach occurs due to a failing by a third party.
General practices might require support, particularly in the form of additional resourcing, to change data entry practices or to engage in quality improvement activities. General practices can charge a fee or ask for other compensation in exchange for the time and effort taken to share data. This might include financial benefits, feedback about or analysis of the data (for example, progress reports and data quality reports), or CPD points.
c) GP advisors must be involved in data analysis and interpretation
Third parties must demonstrate meaningful involvement of general practice advisors in analysing and interpreting general practice data. It is important third parties have an understanding of general practice, the context in which the data were collected, and the nature of the data. GPs can help explain the provenance and meaning of data.