NPS MedicineWise takes its role as data custodian of primary healthcare data seriously. We extract non-identifiable, unit-level data from participating general practice systems. Non-identifiable data is the output of the de-identification process, which involves the removal or alteration of information that identifies a person, or is reasonably likely to identify them, as well as the application of any additional protections to prevent identification; including re-identification risks.
While the unit-level data we collect is quite detailed, and capable of being matched longitudinally and/or with other data sets, it has been appropriately de-identified at a participating general practice prior to extraction. This means that the unit-level data we collect, use and store in MedicineInsight does not constitute as personal information under the Privacy Act, as it is no longer about an identifiable individual or an individual who is reasonably identifiable.
Although, NPS MedicineWise appreciate the sensitivities that exist toward the secondary use of data, and together with its concern to adopt best practice standards where possible, have chosen to treat de-identified patient-level data as if it were subject to the Privacy Act. This position is a choice by NPS MedicineWise and not a legal obligation. It takes a strong stance on privacy and security protection for non-identifiable unit-level data, and has been initiated in the interests of MedicineInsight maintaining a robust social license to operate among consumers. A similar position has been extended to the consumer opt out approach that underpins the program.