MedicineInsight: Privacy, security and governance

NPS MedicineWise takes its role as Data Custodian seriously. We collect, use and store MedicineInsight information strictly in line with Australian privacy laws, and ensure at all times that there are multiple layers of controls to:

  • protect the data we hold from inappropriate access
  • safeguard the privacy of individuals that contribute data and
  • respect the consent choices of those who participate in MedicineInsight.

We safeguard the privacy of patients, and respect their choice to opt out

Information that identifies a patient, such as name, date of birth and address, is not collected by MedicineInsight. This means that patient information can be used to improve the health of people in Australia, but no-one will know which patient it came from.

We are committed to best privacy practices, and therefore respect the choice of patients to opt out of the program at any time.


We collect information in a transparent and ethical way

We invite practices to participate in the MedicineInsight program, and respect their choice not to participate. Our privacy controls ensure that information about GPs and patients is not undertaken covertly, or without their knowledge, in particular:

  • the owner of the practice is provided with a comprehensive Practice Kit that includes information for them to make an informed decision to participate in the program
  • GPs are informed by the owner of the practice about the practice’s participation in the program, and are given the opportunity to consent to receiving individual tailored reports and
  • patients are made aware of the program through promotional material that is displayed within the waiting room of all participating practices.

We transfer and store information securely, and only in Australia

We take robust precautions to protect information we hold from misuse and loss, and from unauthorised access, modification and disclosure. We have a range of practices and policies in place to provide a secure environment for transferring and storing MedicineInsight data, in particular:

  • data that is extracted from practices is encrypted to government standards, and this ensures that unauthorised parties are not able to interrogate or ‘translate’ the data for their own use;
  • data is stored only in Australia;
  • robust and effective security controls are in place to protect the data; and
  • the data is only accessible by authorised staff.

We have a rigorous approval process for sharing information with other parties

Third parties may express an interest in the information collected through MedicineInsight. The provision of information in these instances undergoes a rigorous and formal approval process, and is guided by the MedicineInsight independent external Data Governance Committee. This Committee includes GPs, consumer advocates, privacy experts and researchers.

Third-party use of MedicineInsight information must be aligned with our overall mission and be for public good. Information shared with third parties is done in a secure manner and will never identify an individual practice, GP, practice staff, or patient.