File 26

The Data Linkage BranchThe specialist team at the Department of Health who are responsible for developing and maintaining the WA Data Linkage System, performing data linkage, and the facilitation of access to linked data. creates, updates, enhances and manages a web of links between some DOHWADepartment of Health Western Australia dataCan refer to: (1) the demographic data used in the Data Linkage process; or (2) information pertaining to services provided to people or their clinical information (available only from Data Custodians, including via CARES). collections, other approved data sources and research collections. These links are stored in a computer system that contains 'chains' where each link is associated with a recordA single data item sourced from a data collection, which typically refers to one event, instance or registration (e.g. hospital discharge, birth registration, car crash), although in rare cases can refer to more than one. The specifics of what constitutes a record varies between data collections, depending on how the data is recorded and stored. Each record contains: (1) demographic information (names, addresses, etc), that DLB uses to link the data, and; (2) service information (diagnoses, procedures, etc) that are used by Applicants to perform analysis. in a datasetA collection of similar items of information, for example a WA Births dataset might contain many thousands of pieces of information, each of which contains the name, place, and date of birth for WA people.. All links in a particular chain have been associated with the same person through the process of computer-drive probabilisticProbabilistic linkage is a method of linking records using non-unique identifiers (e.g. name, date of birth) to establish weights which represent the likelihood that two records belong to the same person. These weight are used to inform matches and non-matches, and can include clerical review for a selected 'grey area' in between. record linkageA complex technique for connecting data records within and between datasets using demographic data (e.g. name, date of birth, address, sex, medical record number). (Newcombe, 1988).

The Data LinkageA complex technique for connecting data records within and between datasets using demographic data (e.g. name, date of birth, address, sex, medical record number). Also called ‘Record Linkage’ or ‘Linkage’. Branch has developed and deployed privacy protocols described in Kelman (2001). Organisational, personal, electronic and physical measures are in place to ensure that confidentiality of information provided to the DLBData Linkage Branch: the specialist team at the Department of Health who are responsible for developing and maintaining the WA Data Linkage System, performing data linkage, and the facilitation of access to linked data. is maintained.

More specific details on how the Data Linkage Branch ensures Privacy and Security are listed below.

Privacy

  • Although probabilistic linkage needs personal identifying information (such as name, date of birth, address, gender) from each of the contributing data sources, the actual health or service details are stored and managed separately.
  • Linkage Officers working on creating links do not see clinical information, such as what people are treated for in hospital or what type of cancer they may have
  • For the majority of research projects, a data analyst can see that a person went to hospital for a certain operation, but they don't know the identity of that person. 
  • There is a strong professional culture among Data Linkage staff that values the protection of individual privacy;
  • Linkage Officers are employed under the Public Sector Management Act (1994) and are therefore bound by its privacy and confidentiality provisions;
  • Requests for new linkages must be approved by the Department of Health WA Human Research Ethics Committee (HREC);
  • All staff and researchers sign confidentiality acknowledgements;
  • Before data is provided to researchers, formal approval must be granted by the Data CustodianThe person within an organisation/agency formally assigned to collect, manage, secure and disclose a dataset on a day-to-day basis at the direction of the Data Steward./s (the person who manages that dataset) for the project.

Security 

The DLB maintains strict security processes at the DOHWA offices in East Perth. The protocols followed to ensure Physical and Technological Security are detailed below:

Physical Security

  • The DLB is located on a restricted access floor at the DOHWA offices. Access requires a security pass which are only provided with the approval of the DLB Program Manager. Visitors must obtain a photo security pass from the DOHWA security desk and sign in and out of the secure floor. Visitors are accompanied by a DLB staff member at all times.
  • The DLB servers are stored in a locked room, accessible only to DLB Systems Support staff and a limited number of DOHWA IT staff and IT Contractors.
  • The Client Services Team is located on a separate part of the floor to the Linkage area.
  • Data provided for linkage is stored in a locked filing cabinet accessible only to linkage staff.
  • Research extracts that are ready for collection by researchers are stored in a safe in the Client Services area. The code for the safe is known only to the Client Services Project Manager and Project Officer.

Technological Security

  • DOHWA provides technological security via a firewall and login protocols. Passwords to login to computers are changed every three months.
  • Network access is granted by login and password, and only with the approval of the DLB Program Manager. There is no access to DLB servers outside of the DLB computers at the DOHWA office. Client Services staff and analysts do not have access to the servers on which identifiableRelated to the identifiability of a dataset/data item; where the identity of a person/organisation is immediately obvious. data is stored.
  • All DLB staff must lock their computers when away from their desk for any period of time. DLB linkage staff must minimize their windows when a non-DLB staff member or visitor is present to avoid identifiable data being on display. All computers have automatic screen locking after 10 minutes of inactivity.
  • No identifiable information is stored on the hard drives of the DLB computers.
  • Data provided for new linkage projects must be encrypted and hand delivered to a DLB staff member or sent via courier.
  • Research data will be encrypted and will be delivered by secure means. The password will be emailed separately to a member of the research team.

Security for Researchers

In addition to the security protocols followed by the Data Linkage Branch, all applications for linked data must include a detailed security plan. The plan should adhere to the DOHWA Practice Code for the Use of Personal Health Information (2014, PDF) and address both technological and physical security. This plan is reviewed closely by the DOHWA Data Managers at the Expression of Interest stage, and the DOHWA HRECDepartment of Health Western Australia Human Research Ethics Committee if applicable to the project.