Data sharing and security: your questions answered
  1. Home
  2. Data & Security
  3. Data sharing and security: your questions answered

Data sharing and security: your questions answered

At MedicalDirector, we recognise data security and the ethical sharing of data is a top priority, and are committed to meet the needs of our customers to have a safe and secure way of managing digital health records, in the interests of patient privacy to enable better healthcare for all.
For this reason, you will see us in the coming months start to elevate our conversation on how we are continuing to lift the bar on security, while maintaining our position as leading innovators in solutions that enable better clinical practice management, more personalised patient engagement and more flexible models of care.
We have a transparent approach in the way we communicate with our customers, partners, stakeholders and the wider community. That’s why we’ve taken the time to answer some of your key questions around MedicalDirector’s position on data sharing and security:

Does MedicalDirector require doctors to share patient data?
MedicalDirector rejects all claims doctors are being required to share data.

Population health tools like MDHeart, offer participating doctors the option to share ‘de-identified’ patient data, so that we can deliver near real-time population health insights back to participating practices via MD Heart.

GPs can opt-in or opt-out of MD Heart when upgrading to MD Clinical 3.17.2 or later versions and at any time by accessing the Settings within MD Clinical.

How does the ‘opt-in’ function work on your software?
Specifically, when users install the MDHeart software, they get a prompt to ask them whether or not they wish to participate.

We guarantee that only GP access details activate the MD Heart clinical data-sharing process. Without GP consent, no data-sharing occurs.

Users can opt-in or opt-out of MD Heart at anytime by accessing the Settings within MD Clinical.
What does de-identified mean?
De-identification is the process used to prevent an individual’s identity from being connected with a dataset.
Before we analyse any patient data from within our networks (70 million patient encounters each year), we strip it of all information that could be used (alone or in combination with other data) to identify unique individuals.

To ensure the privacy of patient information, we only report on aggregate data, and only at a level of specificity far removed from the individual patient.

On top of this, only GPs’ access details can activate the MD Heart clinical de-identified data-sharing process. At no point does MD heart take any patient’s identifiable information.

The software doesn’t allow any de-identified data to be uploaded without GP consent.

Can the data be ‘re-identifiable’ back to individual patients?
No. The de-identified data that MedicalDirector collects cannot be ‘re-identifiable’ back to individual patients or put patient identities at any risk.

We take privacy of our customers and their patients very seriously. MedicalDirector will only ever access de-identified data and uses a stringent process to ensure the data cannot be linked back to an individual.

We make sure this data is anonymous by using principles and algorithms that are consistent with applicable guidelines provided by the Office of the Australian Information Commissioner to remove personal information.

For example, we will not collect progress notes as they could contain personally identifiable data.

The data is de-identified before it leaves your system, as we do not collect the fields that contain personally identifiable information. The de-identified data is then encrypted and securely transferred to MedicalDirector cloud solutions hosted in Australia on the Microsoft Azure platform.

How does MedicalDirector ensure the data is appropriately stored and is secure?
MedicalDirector has ensured that its data extraction process does not collect any files or tables from MedicalDirector Clinical that we know will contain personally identifiable information, such as your progress notes or patient names etc.

As a second line of privacy, MedicalDirector has also adopted the Data61 (CSIRO) framework for data de-identification. MedicalDirector regularly reviews industry standards for data management and implements testing and updates to its processes and techniques as required.

When collecting or storing multiple data sets in de-identified form, MedicalDirector treats the data sets as personal information unless appropriate security measures and de-identification techniques have been implemented to ensure that the data sets cannot reasonably be combined or matched to re-identify subject individuals.

Is the method of data collection ethical?
Yes. This de-identified data is used to conduct research and data analysis, in the interests of enhancing medical information resources, education, and health communication services.

MedicalDirector has chosen to utilise the clinicians network rather than traditional qualitative or self-assessment to ensure scientific reliability and validity.

MedicalDirector’s data collection methods are 100% ethical and legally compliant.

MedicalDirector does not sell any data or information to any third parties.

What if I have data pertaining to Aboriginal or Torres-Strait Islander services?
We take compliance with adhering to the Aboriginal Health and Medical Research Council of NSW (AH&MRC) guidelines seriously and do not capture the information of anyone who identifies as Aboriginal or Torres-Strait Islander.

Why was MD Heart created?
MD Heart is a population health and analytics tool that will enable you to benchmark your patients’ health with de-identified patient data from your local community and across the country, delivering near real-time insights into population health and research into clinical pathways and health demands.

MD Heart has been created to deliver regular medical insights to GPs across the country to support better health outcomes for Australians. The program is free, and GPs can decide to sign up on a voluntary basis.

If they do, they will share de-identified data with us through our software, that will be analysed by our Data & Insights team, and partnering academics and researchers.

The type of insights we will be giving back to the medical community is potentially wide.

For instance, diabetes is a national epidemic and one that we need to understand at both micro and macro level. Our first set of reports are designed to help you manage your practices’ diabetic patients and compare them to national averages aiding you in better health outcomes for your patients.

As a stakeholder in the healthcare ecosystem, we feel we also have the responsibility to improve healthcare services for Australians, and this is the philosophy that drove the launch of MD HEART.

What types of de-identified data does MD Heart collect?
From the clinicians that are using our software and participating in our network, the following types of de-identified data is extracted:

  • Prescription Information
  • Pathology and Diagnostic requests
  • Immunisation records
  • Consult & prescription reasons
  • Diagnostic information (excludes clinical notes and medical images)
  • Basic demographic information (excludes all identifiable information)
  • Diagnosis and test outcomes

We do not collect any data for users of MD Clinical, if they are not a part of MD HEART or GPRN.
Need more information?
Please contact your Account Manager or call MedicalDirector on 1300 300 161.