To receive important alerts and updates from Gold Coast Primary Health Network, please submit the form below.
To receive important alerts and updates from Gold Coast Primary Health Network, please submit the form below.
Gold Coast Primary Health Network (GCPHN) collects, uses and stores data and information in line with Australian Privacy laws.
The GCPHN Data Governance Committee oversees the implementation of the Information Management Policy Framework that informs data policies, data procedures, data security, data guidelines and risk management plans that include specifications for audit trails and the notification and management of data breaches, cybersecurity measures and disaster recovery plans.
If you would like more information about the GCPHN Privacy Policy, view the GCPHN Privacy Policy.
The purpose of the Information Management Lifecycle – PIP QI Incentive is to support GCPHN and Gold Coast general practices meet requirements of the PIP Eligible Data Set Data Governance Framework and PIP Incentive Guidance. General practices require an executed Practice Agreement to access a license to use Primary Sense ™ and Pen CS Cat Plus for GCPHN to extract general practice data.
PIP QI Incentive sharing of PIP Eligible Data Set informing the 10 Improvement Measures
|
|
Location | In General Practices with an executed Practice Agreement to access a license to use Primary Sense or Pen CS Cat Plus |
Compliance with APPs | This Information management lifecycle identifies how the necessary data is collected from general practice |
PIP QI Incentive sharing of PIP Eligible Data Set informing the 10 Improvement Measures
|
|
Location |
|
Compliance with APPs | This Information management lifecycle identifies how the data is organised and stored by GCPHN |
PIP QI Incentive sharing of PIP Eligible Data Set informing the 10 Improvement MeasuresAt Gold Coast PHN premises: The Microsoft Azure database hosting Primary Sense and the ACG tool and the secure server hosting PAT CAT and Chilli Database is only accessed by:
By the Practice:
External:
|
|
Location |
|
Compliance with APPs | This Information management lifecycle identifies how the data is accessed and by whom in general practices and at GCPHN. |
Notes | Chilli Database is GCPHN’s Client Relationship Management (CRM) database. |
PIP QI Incentive sharing of PIP Eligible Data Set informing the 10 Improvement Measures
Primary Sense
Cat Plus
Data Privacy The PIP Eligible Data Set Governance Framework provides guidance on the roles and responsibilities for data content, collection, use, access, aggregation, privacy, security and data ownership at the local, regional and national level and details the role and responsibilities of each of the data custodians: Local Data Custodian – participating general practice Regional Data Custodian – GCPHN National Data Custodian – Australian Institute of Health and Welfare Data aggregation and disaggregation permissions linked to local, regional and national data custodians are outlined in the PIP Eligible Data Set Governance Framework Data Sharing GCPHN shares specific practice information with the Commonwealth Department of Health (DoH) to support the administration of the PIP QI Incentive. The information shared with DoH is:
The Information is shared via a CSV file and uploaded to the secure DoH Health Data Portal via secure transmission and Auskey. Only GCPHN authorised staff are able to access and upload to the DoH Health Data Portal The CSV file is generated from Practice Aggregation Tool Clinical Audit Tool (PATCAT) and GCPHN Customer Relationship Management database (CRM – ChilliDB) No personally identifying information of any patient is provided as part of the PIP Eligible Data set to the regional or national data custodian. Patient consent
GCPHN confirms a general practice is registered for the PIP QI Incentive in PAT CAT. This is required to generate a data report against the 10 improvement measures and isolate the PIP Eligible Data Set. De-identified aggregate level data for secondary purposes such as service planning and reporting is shared via electronic transfer with:
National Data Custodian – Australian Institute of Health and Welfare (AIHW) GCPHN as part of the role as a regional data custodian is required to transfer de-identified PHN aggregated data to the National Data Custodian AIHW on a quarterly basis via securely encrypted email. GCPHN will aggregate and de-identify the PIP eligible dataset from all practices submitting data within the network. This means data is added together to produce total counts for each Improvement Measure for the PHN as a whole. This aggregated data is then disaggregated by gender, age groups and Aboriginal and Torres Strait Islander status. For further information regarding the data shared between the Regional Data Custodian (GCPHN) and the National Data Custodian (AIHW) please refer to the PIP QI – Technical Specifications document No individual practice level data is shared with the National Data Custodian. Suppression rules are applied to the de-identified aggregated data. No values less than 10 are reported to AIHW. The aggregated de-identified data will be used by the AIHW for national level analysis and research. Researchers may apply to access the data securely and in accordance with data access and release protocols, which will be developed in accordance with the PIP Eligible Data Set Data Governance Framework. As the PIP Eligible Data Set is de-identified and aggregated, the information accessed for approved research purposes will not be identifiable. In addition to this, the AIHW has organisational checks and approval processes that ensure that information remains de-identified and secure when accessed for research purposes. The PIP QI Incentive Quality Improvement Measures User Guide for General Practices outlines how the National Data Custodian can use the data. |
|
Location |
|
Compliance with APPs | This Information management lifecycle identifies how the data is used and shared in general practices, GCPHN and with other related parties. |
PIP QI Incentive sharing of PIP Eligible Data Set informing the 10 Improvement Measures
Microsoft Azure meets a broad set of international and industry specific compliance standards. https://azure.microsoft.com/en-au/overview/trusted-cloud/
Regional Data Custodian GCPHN Staff security
Local Data Custodian Practice staff security:
National Data Custodian AIHW staff security
Back-ups Quarterly Data submissions to DOH of Practices who are eligible for the PIP QI payment is held on a SharePoint Library.
Monthly or quarterly PATCAT data submissions are automatically inserted into the PATCATSQL database which is backed up as follows:
Continuous Primary Sense data submissions are automatically inserted into the Primary Sense Azure SQL database which is backed up as follows:
|
|
Location |
|
Compliance with APPs | This Information management lifecycle identifies how the data is secured and maintained by GCPHN. |
PIP QI Incentive sharing of PIP Eligible Data Set informing the 10 Improvement Measures
Compliance with APPsThis Information management lifecycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of by GCPHN.
The purpose of the Information Management Life-cycle – Pen CS CAT Plus is to support GCPHN and Gold Coast general practices meet requirements regarding secondary use of patient data. General practices require an executed Practice Agreement to access a license to use Pen CS CAT Plus for GCPHN to extract general practice data.
The GCPHN Data Governance Committee oversees the implementation of the Information Management Policy Framework that informs data policies, data procedures, data guidelines and risk management plans that include specifications for audit trails and the notification and management of data breaches, cyber security and disaster recovery plans.
Pen CS products covered by this Information management lifecycle:
Data Governance
Practice data flow to GCPHN
In General Practices with an executed Practice Agreement to access a license to use Pen CS Cat Plus.
Practice Aggregation Tool Clinical Audit Tool (PAT CAT) is located on a secure server at GCPHN office.
This Information management life-cycle identifies how the necessary data is collected from general practice.
GCPHN have undertaken external expert reviews of our system and processes, including the completion of a Privacy Impact Assessment of CAT Plus to ensure that we meet best practice data management obligations.
PAT CAT
Practice Aggregation Tool Clinical Audit Tool (PAT CAT) is located on a secure server at GCPHN office.
This Information management life-cycle identifies how the data is organised & stored by GCPHN.
At GCPHN premises:
The secure server hosting PAT CAT is only accessed by:
By the Practice:
By Pen CS:
This Information management life-cycle identifies how the data is accessed and by whom in general practices, at GCPHN and by authorised contracted staff.
Staff access is removed on separation from the organisation as per the separation policy.
Use by GCPHN:
De-identified practice level data is used to:
De-identified data at an aggregated level is used to inform:
Patient consent
This Information management lifecycle identifies how the data is used and shared in general practices, GCPHN and with other related parties.
There is no third-party use of the data without the express consent of the practice.
PAT CAT security:
GCPHN Staff security
Practice staff security:
Data is stored in an SQL database on a physical server in a secure accessed server room at GCPHN premises.
The server has appropriate firewalls, security, monitoring, backups and maintenance processes in place.
This information management life-cycle identifies how the data is secured and maintained.
Systems and processes are monitored and regularly audited.
Pat Cat
This Information management life-cycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of.
Primary Sense is a suite of IT modules including the Microsoft Azure database and Primary Sense dashboard that supports general practices to make timely decisions for better health care for their respective populations.
The purpose of the Primary Sense data collection is to support the reports and alerts generated by the Primary Sense ™ data extraction and Population Health Management Clinical Audit Tool. General Practices require an executed Practice Level. Agreement to access a license to use Primary Sense ™ and for GCPHN to extract general practice data.
|
|
Location | Primary Sense ™ Database in Microsoft Azure in AustraliaPrimary Sense ™ Dashboard in Microsoft Azure in Australia |
Compliance with APPs | This Information management lifecycle identifies how the data is organised and stored by GCPHN |
Practice data is:
The Primary Sense dashboard: Is a web-based interface. Supports practices with system administration and quality improvement by outlining aggregated deidentified practice level data including:
Supports practices optimal use of data by outlining aggregated deidentified practice level data including:
|
|
Location |
|
Compliance with APPs | This Information management lifecycle identifies how the data is accessed and by whom in general practices and at GCPHNThe GCPHN Data Access Policy outlines which GCPHN/contracted staff have access to Microsoft Azure Database holding the data and what level of access is permitted. Staff access is logged, monitored and audited |
At Gold Coast PHN premises:The Microsoft Azure database holding the data is only accessed by:
At Gold Coast PHN premises and remotely: The Primary Sense Dashboard is only accessed by:
By the Practice:
Elsewhere:
|
|
Location |
|
Compliance with APPs | This Information management lifecycle identifies how the data is used and shared in general practices, GCPHN and with other related parties |
The Microsoft Azure database:Patient care (Primary use of data)
Population Health Planning (Secondary use of data)
Patient consent
Aggregate level data for secondary purposes is shared via electronic transfer with:
The Primary Sense Dashboard: Is accessed by authorised GCPHN staff to support system administration including:
|
|
Location | Primary Sense ™ Database in Microsoft Azure in Australia |
Compliance with APPs | This Information management lifecycle identifies how the data is secured and maintained by GCPHN |
Microsoft Azure meets a broad set of international and industry specific compliance standards. https://azure.microsoft.com/en-au/overview/trusted-cloud/
GCPHN Staff security:
Practice staff security:
|
|
Compliance with APPs | This Information management lifecycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of by GCPHN |
Organisation Data is stored in our Chilli Database (GCPHN CRM) and is updated through both a proactive approach from Gold Coast Primary Health Network (GCPHN) staff and through the generated exception report to ensure organisational information stored within our database is no older than six months old.
Each quarter an exception report is generated to include General Practice, Community Pharmacies, Allied Health Organisations, Private Specialists and Residential Aged Care Facilities whose data has not been validated within the previous 6 months
A data collection form is then sent to each of the organisations on the exception report via email to the current contact person using a generic email template.
General Practice, Community Pharmacies, Allied Health Organisations, Private Specialists and Residential Aged Care Facilities have two weeks to review the data collection form and update any information in line with the instructions provided via email.
Returned data collection forms are stored on a secure local drive then reviewed for updates. Updates are then entered into Chilli (GCPHN’s CRM). The data collection form is scanned and also saved into Chilli within the organisations file and the validation date is updated. Any other project areas with GCPHN are advised of any changes if it is of relevance to their work (i.e. Clinical Placements)
General Practice, Community Pharmacies, Allied Health Organisations, Private Specialists and Residential Aged Care Facilities that have not returned the data collection form within the 2 weeks are contacted via phone to confirm their details are correct or complete updates over the phone.
Hard copy data collection forms are securely destroyed once stored in Chilli
The purpose of this data collection is to maintain the data integrity of the information held in GCPHN’s Client Relationship Management (CRM) Chilli Database (ChilliDB) by ensuring our records are regularly updated and hold accurate information about Residential Aged Care Facilities (RACFs) in the Gold Coast region. The process is undertaken on a quarterly basis or as required to ensure RACF data is no older than 6 months.
This data collection Information management lifecycle is publicly available via gcphn.org.au to support informed consent for data collection. The Data Collection Form is required to be completed by an authorised person who acknowledges they have reviewed the Data Collection lifecycle. All data that is collected is used to inform GCPHN activities.
The completed data collection form is:
The Data Collection Form is stored in CRM on premises at GCPHN offices on a secure server.
This Information Management Lifecycle identifies how the data is organised and stored.
The data is accessed by:
GCPHN staff can access data on premises at GCPHN office or remotely via secure login.
Contracted staff working on premises at GCPHN offices only.
This Information management lifecycle identifies how the data is accessed and by whom.
Staff access is removed on separation from the organisation as per the separation policy.
The data could be used at an aggregated level to inform:
Data may be shared with:
This Information management lifecycle identifies how the data is used and shared.
The data is updated through either a data validation process or during a phone call interaction.
Data validation process:
Data is stored in a secure SQL server database accessible only to authorised and trained GCPHN staff via:
Data is stored in an SQL database on a physical server in a secure accessed server room at GCPHN premises.
The server has appropriate firewalls, security, monitoring, backups, and maintenance processes in place.
This Information management lifecycle identifies how the data is secured and maintained.
Systems and processes are monitored and regularly audited.
The data/data collection form is:
Data in the CRM database is periodically archived to inform organisational reporting.
This Information management lifecycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of.
The purpose of the Data Lifecycle – Cancer Screening in General Practice Project data set is to provide the information required to Gold Coast general practices working on the CSQIPH project to identify how the PenCS cervical screening data set will be used. General practices require an executed Practice Agreement to access a license to use Pen CS CAT Plus for GCPHN to extract general practice data which is used to support and inform the Cancer Screening in General Practice Project. This document should be read in conjunction with the Information Management Lifecycle PenCS CAT Plus.
The GCPHN Data Governance Committee oversees the implementation of the Information Management Policy Framework that informs data policies, data procedures, data guidelines and risk management plans that include specifications for audit trails and the notification and management of data breaches, cyber security and disaster recovery plans.
Cancer screening data is currently collected by CAT Plus which is an integrated patient-centric software platform that uses the practices own data to support improved patient outcomes. CAT Plus includes PAT CAT, CAT4 and Topbar.
Please refer to Information Management Lifecycle Layer- PenCS CAT Plus in relation to how the cervical screening data set is created and collected. | |
Location | Please refer to Information Management Lifecycle Layer- PenCS CAT Plus in relation to the cervical screening data set |
Compliance with APPs | The PenCS Information Management Lifecycle identifies how cervical screening data is collected from general practice.GCPHN have undertaken external expert reviews of our system and processes, including the completion of a Privacy Impact Assessment of CAT Plus to ensure that we meet best practice data management obligations |
Please refer to Information Management Lifecycle Layer – PenCS CAT Plus in relation to how the cervical screening data set is organised and stored. | |
Location | Please refer to Information Management Lifecycle Layer- PenCS CAT Plus in relation to the cervical screening data set |
Compliance with APPs | The PenCS Information Management Lifecycle identifies how cervical screening data is organised & stored by GCPHN |
Please refer to Information Management Lifecycle Layer- PenCS CAT Plus in relation to how the cervical screening data set is accessed by GCPHN staffProject specific data sharing requirements:
QLD Health Cancer Screening Unit (CSU) staff will have access to deidentified data for the CSQIPHS project. CSU staff access will be limited to those who have completed confidentiality and consent approval from the National Cancer Screening Register (NCSR) to undertake relevant analysis of confidential data. |
|
Compliance with APPs | This Information Management Lifecycle, together with the PenCS Information Management Lifecycle identifies how cervical screening data is accessed and by whom in general practices, at GCPHN and by authorised contracted staff |
Please refer to Information Management Lifecycle Layer- PenCS CAT Plus in relation to how the cervical screening data set is used and shared.Project specific data sharing requirements:
Deidentified CSQIPHS project data will be securely shared by GCPHN with QLD Health Cancer Screening Unit (CSU) Data will not be shared by CSU, it will be used to inform the development of deidentified reports that may be shared by CSU with key local, state and national stakeholders to support cancer screening activities and improvements. |
|
Location | Deidentified data provided to the CSU from participating practices will be protected and stored on a secure Queensland Health server. |
Compliance with APPs | This Information Management Lifecycle identifies how cervical screening data is used and shared with other related parties |
Please refer to Information Management Lifecycle Layer- PenCS CAT Plus in relation to how the cervical screening data set is maintained and secured | |
Location | The Queensland Health server has appropriate firewalls, security, monitoring, backups and maintenance processes in place |
Compliance with APPs | This Information Management Lifecycle identifies how cervical screening data is used and maintained by CSU |
Please refer to Information Management Lifecycle Layer- PenCS CAT Plus in relation to how the cervical screening data set is retained and disposed ofProject specific data sharing requirements:
Project data shared with CSU will be destroyed upon completion of the work for which it is required. |
|
Location | Please refer to Information Management Lifecycle Layer- PenCS CAT Plus in relation to the cervical screening data set |
Compliance with APPs | This Information management lifecycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of by GCPHN. |
Gold Coast Primary Health Network (GCPHN) collects, uses and stores information in line with Australian Privacy laws.
The purpose of this data collection is to maintain the data integrity of the information held in GCPHNs Client Relationship Management (CRM) Chilli Database (ChilliDB) by ensuring our records are regularly updated and hold accurate information about Health Care and Community Organisations in the Gold Coast region. To ensure our data base is current this process will be undertaken until June 30, 2022.
The completed data collection form is:
The data collection form is stored in CRM on premises at GCPHN offices on a secure server.
This information management lifecycle identifies how the data is organised and stored.
The data is accessed by:
GCPHN staff can access data on premises at GCPHN office or remotely via secure login.
Integrated Team Care (ITC) Project Officer on premises at GCPHN offices only.
Contracted staff working on premises at GCPHN offices only.
This information management lifecycle identifies how the data is accessed and by whom.
Staff access is removed on separation from the organisation as per the separation policy.
The data could be used at an aggregated level to inform:
Data is shared via electronic transfer with the Australian Digital Health Agency.
Data may also be shared with
This Information management lifecycle identifies how the data is used and shared.
The data in the CRM is not made available to any commercial entities for marketing purposes.
The data in the CRM is not made wholly available to any third party. Only specific de-identified data sets are shared.
The data is updated through either a data validation process or during a face to face visit:
Data validation process:
Face to face practice visit process:
Data is stored in a secure SQL server database accessible only to authorised and trained GCPHN staff via
Data is stored in an SQL database on a physical server in a secure accessed server room at GCPHN premises.
The server has appropriate firewalls, security, monitoring, backups and maintenance processes in place.
This Information management lifecycle identifies how the data is secured and maintained.
Systems and processes are monitored and regularly audited.
The data/data collection form is:
Data in the CRM database is periodically archived to inform organisational reporting.
This Information management lifecycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of.
So we can provide you with the most accurate information,
please tell us a little more about yourself