File 26

The Data Linkage BranchThe specialist team at the Department of Health who are responsible for developing and maintaining the WA Data Linkage System, performing data linkage, and the facilitation of access to linked data. (DLBData Linkage Branch: the specialist team at the Department of Health who are responsible for developing and maintaining the WA Data Linkage System, performing data linkage, and the facilitation of access to linked data.) has developed and deployed privacy protocols described in Kelman (2001)An independent security review of these protocols, as well as DLB’s technical infrastructure and data handling protocols was carried out in January 2017. The review found no high risk threat scenarios and delivered a number of recommendations for further improvement. The Data LinkageA complex technique for connecting data records within and between datasets using demographic data (e.g. name, date of birth, address, sex, medical record number). Also called ‘Record Linkage’ or ‘Linkage’. Branch is committed to ensuring that our security stance remains optimal, and are implementing the recommendations that were provided.

An overview on how the Data Linkage Branch ensures Privacy and Security is provided below. A full report on Confidentiality and Security Standards at DLB, and the results of the 2017 Security Review are available in the Privacy and Security section of the Downloads page. 

Privacy

  • There is a strong professional culture among Data Linkage staff that values the protection of individual privacy. Linkage Officers are employed under the Public Sector Management Act (1994) and are bound by its privacy and confidentiality provisions. All staff and researchers sign confidentiality acknowledgements.
  • ProbabilisticProbabilistic linkage is a method of linking records using non-unique identifiers (e.g. name, date of birth) to establish weights which represent the likelihood that two records belong to the same person. These weight are used to inform matches and non-matches, and can include clerical review for a selected 'grey area' in between. linkage needs identifying information (such as name, date of birth and address) but the service information (such as details of diagnosis and treatment) are stored and worked on separately. 
    • Linkage Officers working on identifying information to create links do not see service information.
    • Client Services staff and approved data analysts can view service information but cannot see the identifying information. 
  • Requests for new linkages and the disclosure of linked data outside DOH must be approved by the Department of Health WA Human Research Ethics Committee (HREC).
  • Before data is provided to researchers, formal approval must be granted by the Data Custodian/s (the person who manages that dataset) for the project.

Security 

The DLB maintains strict security processes at the DOHWADepartment of Health Western Australia offices in East Perth. The following protocols ensure Physical and Technological Security:

Physical Security

  • The DLB is located on a restricted access floor at the DOHWA offices which can only be accessed with a security pass. 
  • Visitors to the DLB must obtain a photo security pass from the DOHWA security desk and be accompanied by a DLB staff member at all times.
  • The DLB servers are stored in a locked room with further restricted access. 
  • The Client Services Team is located on a separate part of the floor to the Linkage area.

Technological Security

  • Incoming and Outgoing Data:
    • Identifying data is provided only to the Linkage Team, and service data only to the Client services team. 
    • Data transfer is through secure encrypted portals or by hand delivery.
    • Linkage keys are encrypted.
    • Data passes through quality assurance checks before release. 
  • Server Security: 
    • Data is subject to regular secure (encrypted) back up, with storage at a secure off-site facility. 
    • Servers and databases are regularly patched.
  • Access:
    • Data is stored on secure servers with strict, needs-based access restrictions.
    • Personal computers are firewalled, with automatic locking protocols.
    • Login passwords are changed regularly. 
    • Client Services staff do not have access to the servers on which identifiableRelated to the identifiability of a dataset/data item; where the identity of a person/organisation is immediately obvious. data is stored, and Linkage staff do not have access to the servers on which service data is stored.

Security for Researchers

In addition to the security protocols followed by the Data Linkage Branch, all applications for linked data must include a detailed security plan. The plan should adhere to the DOHWA Practice Code for the Use of Personal Health Information (2014, PDF) and address both technological and physical security. This plan is reviewed closely by the DOHWA Data Managers at the Expression of Interest stage, and the DOHWA HRECDepartment of Health Western Australia Human Research Ethics Committee if applicable to the project.