MedicineInsight: Privacy, security and governance

NPS MedicineWise takes its role as data custodian seriously. We collect, use and store MedicineInsight information strictly in line with Australian privacy laws, and national ethical research guidelines.  The MedicineInsight program uses a ‘five safes’ assessment approach which provides multiple layers of controls to ensure:

  • safe data; that is protected from inappropriate access
  • safe outputs; that safeguard the privacy of individuals who contribute data
  • safe projects; that ensure data is released only where this is in the public benefit
  • safe people; who are trusted and qualified data users
  • safe settings; that data is securely stored and accessed
 

We safeguard the privacy of patients, and respect their choice to opt out

Information that identifies a patient, such as name, date of birth and address, is not collected by MedicineInsight. This means that deidentified patient information can be used to improve the health of people in Australia.

We are committed to best privacy practices, and therefore respect the choice of patients to opt out of the program at any time.

 

We collect information in a transparent and ethical way

We invite practices to participate in the MedicineInsight program, and respect their choice not to participate. Our privacy controls ensure that information about GPs and patients is not gathered covertly, or without their knowledge.

  • The owner of the practice is provided with a comprehensive Practice Kit that includes information for them to make an informed decision to participate in the program
  • GPs are informed by the owner of the practice about the practice’s participation in the program, and are given the opportunity to consent to receiving individual tailored reports and
  • Patients are made aware of the program through promotional material that is displayed within the waiting room of all participating practices.
  • The MedicineInsight program has received ethics approval via the Royal Australian College of General Practitioners National Research Evaluation Ethics Committee.
  • Where MedicineInsight data is used for research purposes, all research projects and outcomes are made publicly available, and provided only with the approval and oversight of properly constituted Human Research Ethics Committees.   
 

We transfer and store information securely, and only in Australia

We take robust precautions to protect information we hold from misuse and loss, and from unauthorised access, modification and disclosure. We have a range of practices and policies in place to ensure MedicineInsight data is only stored in secure environments and  transferring securely.

  • Data extracted from practices are encrypted to government standards, and this ensures that unauthorised parties are not able to interrogate or ‘translate’ the data for their own use;
  • Data are stored only in Australia;
  • Robust and effective security controls are in place to protect the data; and
  • Data are only accessible by authorised staff.
  • A data-sharing agreement must be in place which outlines the responsibilities and obligations of researchers that access MedicineInsight data.
 

We have a rigorous approval process for sharing information with other parties

Third parties may express an interest in the information collected through MedicineInsight. The provision of information in these instances undergoes a rigorous and formal approval process, and is guided by the independent external MedicineInsight Data Governance Committee. This Committee includes GPs, consumer advocates, privacy experts and researchers and reports all approvals and studies to the Royal Australian College of General Practitioners National Research and Evaluation Ethics Committee.

Third-party use of MedicineInsight information must be aligned with our overall mission and be for public good. Information shared with third parties is done in a secure manner and individual practice, GP, practice staff, or patient details are always deidentified.

Read more about the application process