1 – Create/ Collects

• The Data Collection Form is reviewed on an annual basis by Gold Coast PHN Executive Management and Senior Leadership Team
• The Data Collection Form is sent to all pharmacy and specialist practice organisations whose data has not been validated within a six-month period or
• Reviewed and updated during a face to face practice visit
• The data is collected from the organisation by both manual and electronic processes
• Any identified changes are updated in our CRM
• Gold Coast pharmacy and specialist practice staff complete the data collection form at their organisation location.
• This Data Collection Information Management Lifecycle is publicly available via gcphn.org.au to support informed consent for data collection. The Data Collection Form is required to be completed by an authorised person who acknowledges they have reviewed the Data Collection Form Lifecycle.
• All data that is collected is used to inform GCPHN activities

2 – Organise/Store

• reviewed for changes
• updated information is entered into our CRM
• a data validation date is logged against the practice or pharmacy data
• manually updated by authorised GCPHN staff

The Data Collection Form is stored in CRM on premises at GCPHN offices on a secure server.

This Information Management Lifecycle identifies how the data is organised and stored.

3 – Access

• authorised and trained Gold Coast PHN staff
• Integrated Team Care (ITC) Project Officer (previously known as Close the Gap) working from the Gold Coast PHN office
• authorised and trained contracted staff working from Gold Coast PHN office
• confidentiality agreements are in place with all staff accessing the data

GCPHN staff can access data on premises at GCPHN office or remotely via secure login.

Integrated Team Care (ITC) Project Officer on premises at GCPHN offices only.

Contracted staff working on premises at GCPHN offices only.

This Information Management Lifecycle identifies how the data is accessed and by whom.

Staff access is removed on separation from the organisation as per the separation policy.

4 – Use/Share

• Annual needs assessment reviews
• population health planning
• service planning
• project evaluation
• reporting to GCPHN Executive, Board and funders
• for research purposes to benefit Australians health and the health care system in conjunction with third parties such as the Australian Digital Health Agency
• individual email addresses will be used by GCPHN internally to distribute information to pharmacy and specialist organisations such as digital health updates and other important health information.

Data is shared via electronic transfer with the Australian Digital Health Agency.

Data may also be shared with

• Department of Health
• Contractors working with GCPHN
• Partners working collaboratively with GCPHN and The Australian Digital Health Agency.

This Information management lifecycle identifies how the data is used and shared.

The data in the CRM is not made available to any commercial entities for marketing purposes.

The data in the CRM is not made wholly available to any third party. Only specific de-identified data sets are shared.

5 – Maintain/ Secure

Data validation process:

• Data collection PDF form is generated for each organisation identified on the exception report and forwarded to the practice via email
• Authorised member of the organisation team reviews, updates and returns the data collection form to GCPHN via email
• If the Data Collection Form is not returned by the advised date, a follow up phone call occurs to assist with collection of the required data

Face to face practice visit process:

• Data Collection Form may be updated during practice visits
• Data update form is generated and taken on the visit by GCPHN staff member
• Authorised member of the organisation reviews, and updates the data collection form
• The updated data collection form is returned to the GCPHN office by the visiting GCPHN staff member

Data is stored in a secure SQL server database accessible only to authorised and trained GCPHN staff via

• The CRM user interface
• Predefined business intelligence applications (audit tools used to assist reporting)
• Both interfaces use single sign on authentication or via username and password access
• Staff accessing the CRM are forced to update passwords every ninety days

Data is stored in an SQL database on a physical server in a secure accessed server room at GCPHN premises.

The server has appropriate firewalls, security, monitoring, backups and maintenance processes in place.

This Information Management Lifecycle identifies how the data is secured and maintained.

Systems and processes are monitored and regularly audited.

6 – Retention/ Disposal

• stored in a temporary folder on the secure server until the data is entered and uploaded electronically in CRM
• All forms are deleted from the secure server following uploading to CRM
• Superseded data (including organisations and contacts) are expired, become inactive and are archived through this process
• The hard copy completed Data Collection Form is securely destroyed once uploaded in CRM

Data in the CRM database is periodically archived to inform organisational reporting.

This Information Management Lifecycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of.