Privacy, security and governance

How MedicineInsight extracts data

We extract non-identifiable, unit-level data from participating general practice systems. 

We use de-identification processes to ensure non-identifiable data, which involves the removal or alteration of information that identifies a person, or is reasonably likely to identify them, as well as the application of any additional protections to prevent identification, including re-identification risks.
 

Access to MedicineInsight data

Data access is facilitated by an application pathway. Only applications from Australian-based researchers for non-commercial purposes are considered.

All applications received are subject to internal risk and data feasibility assessments before progressing to our Data Governance Committee for approval.

Preparation of data extracts following application approval is dependent upon resourcing and may not commence immediately.

You can contact our MedicineInsight team for more information.
 

How we safeguard privacy

Deidentification

MedicineInsight extracts non-identifiable data from participating general practice systems. Non-identifiable data is the output of the de-identification process, which involves the removal or alteration of information identifying a person, or is reasonably likely to identify them, as well as the application of any additional protections to prevent identification including re-identification risks.

While the data is quite detailed, and capable of being matched longitudinally and/or with other data sets, it has been appropriately de-identified at a participating general practice prior to extraction. This means that the data we collect, use and store in MedicineInsight does not constitute as personal information under the Privacy Act 1988 (Privacy Act), as it is no longer about an identifiable individual or an individual who is reasonably identifiable.

Secondary use of data

We appreciate the sensitivities of secondary data use and are committed to ensuring MedicineInsight data is managed in a manner which is generally consistent with the Australian Privacy Principles (APPs) contained in the Privacy Act, as well as state and territory privacy laws and healthcare regulations. A similar position has been extended to the consumer opt out approach that underpins the program. You can also view our privacy policy.

Privacy and consent reviews

In early 2021, two reviews were undertaken on the MedicineInsight program. The first was an independent Privacy Impact Assessment (PIA) to evaluate the program's approach to privacy, security and confidentiality. The second was a review of the program's consent model, which included a comprehensive assessment of the opt out process.

Findings of these reviews confirmed the program’s approach to these standards remained strong and put forward a series of key recommendations aimed at furthering best practice governance, privacy and consent standards of the MedicineInsight program. Work to implement these recommendations commenced at the start of 2022 and continued through the transition of the program to us.

So far, it has involved partnering with consumers, peak bodies and technical experts to scope how existing program material can be more culturally inclusive and consumer aware, together with delivering a coordinated communication plan, updating the MedicineInsight information online and pursuing long-term strategies to enhance the programs opt-out approach to ensure MedicineInsight retains the trust and support of its stakeholders. Supplementary PIA advice was obtained in 2025, resulting in recommendations to better communicate the program’s purpose and responsibilities to empower healthcare consumers.

Opt-out approach

Under the Privacy Act, there is no requirement for the Commission to obtain patient consent to collect the data for the MedicineInsight program. However, in the interests of taking an open and transparent position on the handing of data for secondary use, and to respect the privacy of patients, the Commission has chosen to employ an opt out approach to the MedicineInsight program.

The opt out approach is intended to be an important mechanism to provide consumers with as much choice and control over their data as possible by providing transparency of data flows and giving individuals the option not to participate. We operate the opt out approach in accordance with the specific requirements of the National Statement on Ethical Conduct in Human Research. 

The opt out approach relies on general practices (as the data owners) implementing the model, by displaying the MedicineInsight poster and making information sheets and out-out forms available to consumers in the practice. This obligation is set out in the practice agreement a practice signs when joining the MedicineInsight program. Practices are also encouraged to include information about MedicineInsight in their local privacy policies or privacy statements to appropriately notify consumers about their involvement in the program.

The RACGP’s guiding principles document for practices managing requests for the secondary use of de-identified general practice data requires patients to be made aware if their practice provides de-identified data to third parties.

The five-safes assessment

MedicineInsight uses a ‘five safes’ assessment approach for the safe sharing of data. This framework provides multiple layers of controls to ensure:

• safe data; that is protected from inappropriate access
• safe outputs; that safeguard the privacy of individuals who contribute data
• safe projects; that ensure data is released only where this is in the public benefit
• safe people; who are trusted and qualified data users
• safe settings; that data is securely stored and accessed

This approach balances risk and data utility to ensure data is shared in a way that delivers public benefit, supports integrity, protects privacy, and maintains confidentiality.

We invite practices to participate in MedicineInsight and respect their choice not to participate. Our privacy controls, below, ensure information about General Practitioners and patients is not gathered covertly, or without their knowledge. 

A practice is provided with comprehensive information to make an informed decision

GPs are informed by the manager/owner of the practice about the practice’s participation in the program, and are given the opportunity to provide informed consent to receiving individual tailored reports

Patients are made aware of the program through promotional material that is displayed within the waiting room of all participating practices

The MedicineInsight program has received ethics approval via the Royal Australian College of General Practitioners National Research Evaluation Ethics Committee, and operates in accordance with the requirements of this approval

Where MedicineInsight data is used for research purposes, all research projects and outcomes are made publicly available, and provided only with approval and oversight from NHMRC certified Human Research Ethics Committees.
 

Security of data storage

We take robust precautions to protect data held from misuse and loss, and from unauthorised access, modification and disclosure. Processes and policies include:

• Data extracted from practices are encrypted to government standards, to ensure unauthorised parties are unable to interrogate or ‘translate’ the data for their own use
• Data are stored only in Australia
• Robust and effective security controls are in place to protect the data
• Data are only accessible by authorised staff

A data-sharing agreement must be in place which outlines the responsibilities and obligations of researchers that access MedicineInsight data.