PIP QI Incentive sharing of PIP Eligible Data Set informing the 10 Improvement Measures

• Information management lifecycle layer – Primary Sense outlines how de-identified data is retained and disposed
• Information management lifecycle layer – Pen CS Cat Plus outlines how de-identified data shared via Pen CS Cat Plus is retained and disposed
• Information management lifecycle outlines how Chilli DB data is retained and disposed
• Primary Sense Data is deleted after 5 years or as required by external governing frameworks

Compliance with APPsThis Information management lifecycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of by GCPHN.

Pen CS products covered by this Information management lifecycle:

• PAT CAT is a web-based solution that aggregates the de-identified general practice data from CAT4 and displays the information through a comprehensive collection of graphs, charts and reports.
• CAT4 is a practice population analysis and reporting tool that works alongside the general practice clinical information system (CIS). It allows the practice to identify and create lists of specific patient cohorts for management and follow up. Data is de-identified if transferred off site
• Topbar is a patient centred real time decision support tool for general practice and Doctors. Topbar provides supplementary information relevant to the patient’s health needs
• Prompts are notifications that appear on the Doctor’s desktop, in Topbar, during the patient consult. They are created by either the practice or by an accepted third party such as PHNs. Prompts are designed to provide decision support for Doctors and general practice to improve patient health outcomes and to assist with patient recall

Data Governance

• The PenCS Data Governance explains data governance concepts and details the Pen CS data governance arrangements. These data arrangements apply to all data extracted and transferred using PenCS products

Practice data flow to GCPHN

• CAT Plus extracts data from the CIS, the extract is a snapshot of specific clinical and MBS billing data sets
• Only the minimum data set required to inform the standardised data set, the Medical Microdata (MMD) is collected
• Stores information in an extract on the practice’s server/computer
• De-identifies the extract at the practice
• Scheduler sends the de-identified extract securely to the PHN server either monthly or quarterly
• Practices opting not to install scheduler have responsibility to de-identify the extract and send via secure transmission to PAT CAT
• The PHN server receives the extracts and aggregates the information
• The PHN server displays the population health data through charts and reports and other methods

In General Practices with an executed Practice Agreement to access a license to use Pen CS Cat Plus.

Practice Aggregation Tool Clinical Audit Tool (PAT CAT) is located on a secure server at GCPHN office.

This Information management life-cycle identifies how the necessary data is collected from general practice.

GCPHN have undertaken external expert reviews of our system and processes, including the completion of a Privacy Impact Assessment of CAT Plus to ensure that we meet best practice data management obligations.

PAT CAT

• De-identified data is received and stored in a dedicated PAT CAT server
• PAT CAT server is located at GCPHN office in a secure room. Access is by authorised staff only
• PAT CAT server is incrementally backed up on a scheduled basis to a cloud location within Australia
• Access to the PAT CAT server is by authorised staff only
• GCPHN has strict confidentiality agreements in place for staff and contractors
• Appropriate Physical and electronic security measures are in place
• No identifiable patient personal or health information is removed from or stored externally from the general practice’s clinical information system

Practice Aggregation Tool Clinical Audit Tool (PAT CAT) is located on a secure server at GCPHN office.

This Information management life-cycle identifies how the data is organised & stored by GCPHN.

At GCPHN premises:

The secure server hosting PAT CAT is only accessed by:

• authorised and trained Gold Coast PHN staff
• authorised and trained contracted staff
• Confidentiality agreements are in place with all staff accessing the data outlined in the Practice Agreement Terms and Conditions
• All data accessed is inherently de-identified
• Via Business Intelligence tools at Gold Coast PHN premises.

By the Practice:

• Cat Plus Patient data is only identified to the authorised user via Cat Plus within the Practice location/s
• Aggregated de-identified Gold Coast data can be accessed by secure individual practice logon to PAT CAT

By Pen CS:

• Authorised staff access CAT Plus for installation and troubleshooting purposes
• Installation is via remote access to practice server or workstations following approval by appropriate practice staff member
• Pen CS have security measure in place to support verification of authorised staff requesting remote access
• GCPHN staff can access data on premises at GCPHN office or remotely via secure login.
• Integrated Team Care (ITC) Project Officer on premises at GCPHN offices only.
• Contracted staff working on premises at GCPHN offices only
• Pen CS have security measure in place to support verification of authorised support staff requesting remote access

This Information management life-cycle identifies how the data is accessed and by whom in general practices, at GCPHN and by authorised contracted staff.

Staff access is removed on separation from the organisation as per the separation policy.

• Identifiable data is only accessible within general practice in a format for analysis and reporting supporting activities such as accreditation or Continuous Quality Improvement (CQI) activities
• No data leaves the practice without the practice’s permission
• Only data in a de-identifiable format is available to GCPHN

Use by GCPHN:

De-identified practice level data is used to:

• develop data reports to be provided back to practices electronically for the purposes of informing and supporting CQI activities
• assess potential CQI activities based on risk of health outcomes, eligibility for proactive care, and to highlight potential interactions or missing treatments
• To assess the effectiveness of Practice Support strategies to support quality improvement activities within the general practice

De-identified data at an aggregated level is used to inform:

• project activity related to general practice
• annual Needs Assessment reviews
• population health planning
• service planning
• project evaluation
• reporting to GCPHN Executive, Board and funders

Patient consent

• Patients’ have the option to withdraw from sharing their information at the practice level by notifying the practice
• GCPHN on-site access
• PAT CAT is located on a secure server at GCPHN office
• CAT Plus within general practices

This Information management lifecycle identifies how the data is used and shared in general practices, GCPHN and with other related parties.

There is no third-party use of the data without the express consent of the practice.

PAT CAT security:

• Webserver and database server are separate instances in line with data security best practice
• Appropriate firewalls are implemented
• Systems and security software are regularly updated in line with Information Management Policy Standards

GCPHN Staff security

• Via PAT CAT using individual authorised user login only

Practice staff security:

• Practice staff only have access to their own patient data and de-identified aggregated Gold Coast data from within their practice
• Access by practice staff is by individual authorised user login only

Data is stored in an SQL database on a physical server in a secure accessed server room at GCPHN premises.

The server has appropriate firewalls, security, monitoring, backups and maintenance processes in place.

This information management life-cycle identifies how the data is secured and maintained.

Systems and processes are monitored and regularly audited.

Pat Cat

• De-identified data is maintained in PAT CAT
• there is no archive feature for active practice de-identified data
• GCPHN administrator deletes data from PAT CAT on practice request

This Information management life-cycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of.

• If a patient withdraws consent to share their information, data will be deleted within one week
• If a practice withdraws consent, all data is deleted within a week
• If a patient becomes deceased, data are retained for 5 years, then deleted
• If a patient becomes inactive at a practice, data are retained for 5 years, then deleted (except patient ID which is retained for the purpose of meaningful use to link to another practice where consent has been obtained)
• Data no longer relevant to patient care are deleted after 5 years or as required by external governing frameworks

Each quarter an exception report is generated to include General Practice, Community Pharmacies, Allied Health Organisations, Private Specialists and Residential Aged Care Facilities whose data has not been validated within the previous 6 months

A data collection form is then sent to each of the organisations on the exception report via email to the current contact person using a generic email template.

General Practice, Community Pharmacies, Allied Health Organisations, Private Specialists and Residential Aged Care Facilities have two weeks to review the data collection form and update any information in line with the instructions provided via email.

Returned data collection forms are stored on a secure local drive then reviewed for updates. Updates are then entered into Chilli (GCPHN’s CRM). The data collection form is scanned and also saved into Chilli within the organisations file and the validation date is updated. Any other project areas with GCPHN are advised of any changes if it is of relevance to their work (i.e. Clinical Placements)

General Practice, Community Pharmacies, Allied Health Organisations, Private Specialists and Residential Aged Care Facilities that have not returned the data collection form within the 2 weeks are contacted via phone to confirm their details are correct or complete updates over the phone.

Hard copy data collection forms are securely destroyed once stored in Chilli

• The data collection form is reviewed on an annual basis by Gold Coast PHN Executive Management and Senior Leadership team.
• The data collection form is sent via email to all Residential Aged Care Facilities (RACF) whose data has not been validated within a six-month period or reviewed and updated during other email or phone call interaction with RACF staff.
• The data is collected from the RACF by both manual and electronic processes.
• Any identified changes are updated in the GCPHN CRM.

This data collection Information management lifecycle is publicly available via gcphn.org.au to support informed consent for data collection. The Data Collection Form is required to be completed by an authorised person who acknowledges they have reviewed the Data Collection lifecycle. All data that is collected is used to inform GCPHN activities.

The completed data collection form is:

• reviewed for changes
• updated information is entered into GCPHN CRM.
• a data validation date is logged against the RACF data.
• manually updated by authorised GCPHN staff.

The Data Collection Form is stored in CRM on premises at GCPHN offices on a secure server.

This Information Management Lifecycle identifies how the data is organised and stored.

The data is accessed by:

• authorised and trained Gold Coast PHN staff.
• authorised and trained contracted staff working from Gold Coast PHN office.
• confidentiality agreements are in place with all staff accessing the data.

GCPHN staff can access data on premises at GCPHN office or remotely via secure login.

Contracted staff working on premises at GCPHN offices only.

This Information management lifecycle identifies how the data is accessed and by whom.

Staff access is removed on separation from the organisation as per the separation policy.

The data could be used at an aggregated level to inform:

• Annual Needs Assessment reviews
• population health planning
• service planning
• project evaluation
• reporting to GCPHN Executive, Board, and funders
• for research purposes to benefit Australians health and the health care system
• Individual email addresses will be used by GCPHN internally to distribute information to RACFs, such as the RACF communiques, Health Alerts and relevant information from Gold Coast Health and Gold Coast Public Health Unit.

Data may be shared with:

• Department of Health
• Gold Coast Public Health Unit
• Gold Coast Health
• Contractors working with GCPHN
• Partners working collaboratively with GCPHN

This Information management lifecycle identifies how the data is used and shared.

The data is updated through either a data validation process or during a phone call interaction.

Data validation process:

• Data collection form is generated for each RACF identified on the exception report and forwarded to the facility via email.
• Authorised member of the RACF reviews, updates and returns the data collection form to GCPHN via email.
• If the data collection form is not returned by the advised date, a follow up phone call occurs to assist with collection of the required data.

Data is stored in a secure SQL server database accessible only to authorised and trained GCPHN staff via:

• The CRM user interface
• Predefined Business intelligence applications (audit tools used to assist reporting)
• Both interfaces use Single Sign On authentication or via username and password access
• Staff accessing the CRM are forced to update passwords every ninety days

Data is stored in an SQL database on a physical server in a secure accessed server room at GCPHN premises.

The server has appropriate firewalls, security, monitoring, backups, and maintenance processes in place.

This Information management lifecycle identifies how the data is secured and maintained.

Systems and processes are monitored and regularly audited.

The data/data collection form is:

• stored in a temporary folder on the secure server until the data is entered and uploaded electronically in CRM.
• All forms are deleted from the secure server following uploading to CRM.
• Superseded data (including organisations and contacts) are expired, become inactive and are archived through this process
• The hard copy completed data collection form is securely destroyed once uploaded in CRM.

Data in the CRM database is periodically archived to inform organisational reporting.

This Information management lifecycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of.

• The data Collection Form is reviewed on an annual basis by Gold Coast PHN Executive Management and Senior Leadership team
• The data collection form is sent to all organisations whose data has not been validated within a six-month period or
• Reviewed and updated during a face to face practice visit
• The data is collected from the organisation by both manual and electronic processes
• Any identified changes are updated in our CRM)
• Gold Coast Health Care and Community Organisation staff complete the data collection form at their organisation location.
• This data collection Information management lifecycle is publicly available via gcphn.org.au to support informed consent for data collection. The Data Collection Form is required to be completed by an authorised person who acknowledges they have reviewed the Data Collection Form lifecycle.
• All data that is collected is used to inform GCPHN activities

The completed data collection form is:

• reviewed for changes
• updated information is entered into our CRM
• a data validation date is logged against the practice data
• manually updated by authorised GCPHN staff

The data collection form is stored in CRM on premises at GCPHN offices on a secure server.

This information management lifecycle identifies how the data is organised and stored.

The data is accessed by:

• authorised and trained Gold Coast PHN staff
• Integrated Team Care (ITC) Project Officer (previously known as Close the Gap) working from the Gold Coast PHN office
• authorised and trained contracted staff working from Gold Coast PHN office
• confidentiality agreements are in place with all staff accessing the data

GCPHN staff can access data on premises at GCPHN office or remotely via secure login.

Integrated Team Care (ITC) Project Officer on premises at GCPHN offices only.

Contracted staff working on premises at GCPHN offices only.

This information management lifecycle identifies how the data is accessed and by whom.

Staff access is removed on separation from the organisation as per the separation policy.

The data could be used at an aggregated level to inform:

• Annual Needs Assessment reviews
• population health planning
• service planning
• project evaluation
• reporting to GCPHN Executive, Board and funders
• for research purposes to benefit Australians health and the health care system in conjunction with third parties such as the Australian Digital Health Agency
• individual email addresses will be used by GCPHN internally to distribute information to health care and community organisations such as digital health updates and other important health information.

Data is shared via electronic transfer with the Australian Digital Health Agency.

Data may also be shared with

• Department of Health
• Contractors working with GCPHN
• Partners working collaboratively with GCPHN and The Australian Digital Health Agency

This Information management lifecycle identifies how the data is used and shared.

The data in the CRM is not made available to any commercial entities for marketing purposes.

The data in the CRM is not made wholly available to any third party. Only specific de-identified data sets are shared.

The data is updated through either a data validation process or during a face to face visit:

Data validation process:

• Data collection PDF form is generated for each organisation identified on the exception report and forwarded to the practice via email
• Authorised member of the organisation team reviews, updates and returns the data collection form to GCPHN via email
• If the data collection form is not returned by the advised date, a follow up phone call occurs to assist with collection of the required data

Face to face practice visit process:

• Data collection form may be updated during practice visits
• Data update form is generated and taken on the visit by GCPHN staff member
• Authorised member of the organisation reviews, and updates the data collection form
• The updated data collection form is returned to the GCPHN office by the visiting GCPHN staff member

Data is stored in a secure SQL server database accessible only to authorised and trained GCPHN staff via

• The CRM user interface
• Predefined Business intelligence applications (audit tools used to assist reporting)
• Both interfaces use Single Sign On authentication or via username and password access
• Staff accessing the CRM are forced to update passwords every ninety days

Data is stored in an SQL database on a physical server in a secure accessed server room at GCPHN premises.

The server has appropriate firewalls, security, monitoring, backups and maintenance processes in place.

This Information management lifecycle identifies how the data is secured and maintained.

Systems and processes are monitored and regularly audited.

The data/data collection form is:

• stored in a temporary folder on the secure server until the data is entered and uploaded electronically in CRM
• All forms are deleted from the secure server following uploading to CRM
• Superseded data (including organisations and contacts) are expired, become inactive and are archived through this process
• The hard copy completed data collection form is securely destroyed once uploaded in CRM

Data in the CRM database is periodically archived to inform organisational reporting.

This Information management lifecycle identifies how long the data is retained for and when, under what circumstances and how it is disposed of.