1 – Create/Collect

• Information management lifecycle layer – Primary Sense™ outlines how de-identified data shared via Primary Sense™ is extracted and managed
• Information management lifecycle layer – Pen CS Cat Plus outlines how de-identified data shared via Pen CS Cat Plus is extracted and managed
• Only the minimum data set required to inform Population Health Management, creation of data reports to support Continuous Quality Improvement (CQI) activity and alerts is collected
• The PIP QI Incentive PIP Eligible Data Set is the data required to inform and calculate the numerator, denominator and computation for each of the 10 Improvement Measures as outlined in the PIP Quality Improvement Measures Annotated Specifications
• General practice can opt to share only the minimum data set required to inform the specified Improvement Measures – referred to as The PIP Eligible Data Set as part of their participation in the PIP QI Incentive
• No personally identifying information of any patient is provided as part of the minimum data set to inform Population Health Management or the PIP Eligible Data Set
• Identifying information of general practices participating in the PIP QI Incentive is collected to administer the PIP QI Incentive, to confirm the eligibility of the general practice to receive the PIP QI Incentive Payment and to generate data reports relating to the 10 PIP QI measures

Location

Compliance with APPs

2 – Organise/Store

• Information management lifecycle layer – Primary Sense™ outlines how de-identified data shared with GCPHN is stored
• Information management lifecycle layer – Pen CS Cat Plus outlines how de-identified data shared with GCPHN is stored
• No Identified patient personal or health information is removed from or stored externally from the general practice’s clinical information system

Location

• Primary Sense™ Database in Microsoft Azure in Australia
• The ACG tool in Microsoft Azure in Australia
• Practice Aggregation Tool Clinical Audit Tool (PAT CAT) is located on a secure server at GCPHN office

Compliance with APPs

3 – Access

PIP QI Incentive sharing of PIP Eligible Data Set informing the 10 Improvement Measures

At Gold Coast PHN premises:

The Microsoft Azure database hosting Primary Sense™ and the ACG tool and the secure server hosting PAT CAT and Chilli Database is only accessed by:

• authorised and trained Gold Coast PHN staff
• authorised and trained contracted staff
• Confidentiality agreements are in place with all staff accessing the data outlined in the Practice Agreement Terms and Conditions
• Primary Sense ™ and Pen CS Cat Plus use industry standard databases and business intelligence tools with appropriate access controls and audit capability
• All data accessed is inherently de-identified

By the Practice:

• Access is obtained via login for authorised users only using the Primary Sense Desktop™ or Primary Sense™ secure website applications
• Confidentiality agreements are in place with all staff accessing the data outlined in the Practice Agreement Terms and Conditions
• Access is controlled via API methods / Stored Procedures
• Patient data is only re-identified to the authorised user via Primary Sense within the Practice location/s
• Cat Plus Patient data is only identified to the authorised user via Cat Plus within the Practice location/s

External:
GCPHN, general practice staff and authorised personnel may access outside of their main premises by:

• Authorised user login and controlled access via Primary Sense website
• Authorised user login and controlled access via terminal server from specific locations

Location

• GCPHN on-site access
• Primary Sense website in Azure in Australia
• Primary Sense Desktop installed in Practices
• Pen CS Cat Plus software installed in practices
• PAT CAT software stored on a secure server in GCPHN office

Compliance with APPs

Notes

4 – Use/Share

• Under the PIP QI Incentive general practices work with GCPHN to undertake CQI activities through the collection and review of practice data based on specified improvement measures the PIP Eligible Data Set
• Practices may focus their quality improvement activities on the specified Improvement Measures, or,
• Practices may focus their quality improvement activities on any other areas informed by their clinical information system data that meets the needs of their practice population
• Deidentified practice data is analysed to assess potential CQI activities based on risk of health outcomes, eligibility for proactive care, medication safety alerts and to highlight potential interactions or missing treatments
• The PIP Eligible Data Set is used to develop data reports to be provided back to practices electronically for the purposes of informing and supporting CQI activities
• To assess the effectiveness of Practice Support strategies to support quality improvement activities within the general practice

Primary Sense™

• Data related to the PIP Eligible Data Set is re-identified at the practice for the clinicians/staff as appropriate and through authorised access
• Primary Sense™ has the capability to link data between practices that a patient may visit. This will only occur once consent from the patient and the practices is obtained
• Reports related to the PIP Eligible Data Set and the 10 Improvement Measures are generated using ACG® tool and Primary Sense ™ Database and displayed at the practice via Primary Sense ™ Desktop through authorised access

Cat Plus

• The PIP Eligible Data Set is used to develop data reports to be provided back to practices electronically for the purposes of informing and supporting CQI activities

Data Privacy

The PIP Eligible Data Set Governance Framework provides guidance on the roles and responsibilities for data content, collection, use, access, aggregation, privacy, security and data ownership at the local, regional and national level and details the role and responsibilities of each of the data custodians:

Local Data Custodian – participating general practice

Regional Data Custodian – GCPHN

National Data Custodian – Australian Institute of Health and Welfare

Data aggregation and disaggregation permissions linked to local, regional and national data custodians are outlined in the PIP Eligible Data Set Governance Framework

Data Sharing

GCPHN shares specific practice information with the Commonwealth Department of Health (DoH) to support the administration of the PIP QI Incentive. The information shared with DoH is:

• PIP Practice Identifier
• Practice name
• Practice physical location
• Date de-identified PIP Eligible Data Set was shared with GCPHN

The Information is shared via a CSV file and uploaded to the secure DoH Health Data Portal via secure transmission and Auskey. Only GCPHN authorised staff are able to access and upload to the DoH Health Data Portal

The CSV file is generated from Practice Aggregation Tool Clinical Audit Tool (PATCAT) and GCPHN Customer Relationship Management database (CRM – ChilliDB)

No personally identifying information of any patient is provided as part of the PIP Eligible Data set to the regional or national data custodian.

Patient consent

• Patients’ have the option to withdraw from sharing their information by notifying their practice

GCPHN confirms a general practice is registered for the PIP QI Incentive in PAT CAT. This is required to generate a data report against the 10 improvement measures and isolate the PIP Eligible Data Set.

De-identified aggregate level data for secondary purposes such as service planning and reporting is shared via electronic transfer with:

• Department of Health
• Contractors working with GCPHN
• Partners working collaboratively with GCPHN

National Data Custodian – Australian Institute of Health and Welfare (AIHW)

GCPHN as part of the role as a regional data custodian is required to transfer de-identified PHN aggregated data to

the National Data Custodian AIHW on a quarterly basis via securely encrypted email.

GCPHN will aggregate and de-identify the PIP eligible dataset from all practices submitting data within the network. This means data is added together to produce total counts for each Improvement Measure for the PHN as a whole. This aggregated data is then disaggregated by gender, age groups and Aboriginal and Torres Strait Islander status. For further information regarding the data shared between the Regional Data Custodian (GCPHN) and the National Data Custodian (AIHW) please refer to the PIP QI – Technical Specifications document

No individual practice level data is shared with the National Data Custodian.

Suppression rules are applied to the de-identified aggregated data. No values less than 10 are reported to AIHW.

The aggregated de-identified data will be used by the AIHW for national level analysis and research.  Researchers may apply to access the data securely and in accordance with data access and release protocols, which will be developed in accordance with the PIP Eligible Data Set Data Governance Framework.

As the PIP Eligible Data Set is de-identified and aggregated, the information accessed for approved research purposes will not be identifiable. In addition to this, the AIHW has organisational checks and approval processes that ensure that information remains de-identified and secure when accessed for research purposes.

The PIP QI Incentive Quality Improvement Measures User Guide for General Practices outlines how the National Data Custodian can use the data.

Location

• GCPHN on-site access
• Primary Sense website in Azure in Australia
• Primary Sense Desktop installed in Practices
• PAT CAT software in practices and GCPHN office
• Chilli Database in GCPHN office
• DoH Health Data Portal

Compliance with APPs

5 – Maintain/Secure

Microsoft Azure meets a broad set of international and industry specific compliance standards.  https://azure.microsoft.com/en-au/overview/trusted-cloud/

• The Primary Sense ™ Database is secured with appropriate Firewall rules
• The PAT CAT server is secured with appropriate Firewall rules

Regional Data Custodian GCPHN Staff security

• Via website or Primary Sense™ applications and via controlled API methods / Stored Procedures.
• Via database and Business Intelligence tools at Gold Coast PHN premises only.

Local Data Custodian Practice staff security:

• Practice staff only have access to their own patient data from within their practice
• Practice staff can only see their own practice data or PHN aggregate level data in PAT CAT

National Data Custodian AIHW staff security

• Only authorised AIHW Staff are able to access and view the de-identified aggregated at PHN level data for each Improvement Measure.
• AIHW authorise view only access to the PIP Advisory Group and PIP Advisory Group Data Governance Subcommittee
• AIHW as the national data custodian ensures privacy policies and privacy notices comply with all relevant legislation. No identifying information is provided to the national data custodian.

Back-ups

Quarterly Data submissions to DOH of Practices who are eligible for the PIP QI payment is held on a SharePoint Library.

• This is backed up daily and retained for 1 year.

Monthly or quarterly PATCAT data submissions are automatically inserted into the PATCATSQL database which is backed up as follows:

• Intra daily backups are retained for 7 days
• Daily backups are retained for 15 days
• Weekly backups are retained for 30 days
• Monthly backups are retained for 60 days

Continuous Primary Sense data submissions are automatically inserted into the Primary Sense Azure SQL database which is backed up as follows:

• Point in time recovery available for 7 days.
• Weekly backups for 4 weeks
• Monthly backups for 2 months

Location

• Primary Sense ™ Database in Microsoft Azure in Australia
• The ACG tool is located in Microsoft Azure in Australia
• Practice Aggregation Tool Clinical Audit Tool (PAT CAT) is located on a secure server at GCPHN office

Compliance with APPs

6 – Retention/ Disposal

• Information management lifecycle layer – Primary Sense™ outlines how de-identified data is retained and disposed
• Information management lifecycle layer – Pen CS Cat Plus outlines how de-identified data shared via Pen CS Cat Plus is retained and disposed
• Information management lifecycle outlines how Chilli DB data is retained and disposed
• Primary Sense™ Data is deleted after 5 years or as required by external governing frameworks

Compliance with APPs