The Clinical Audit Tool (CAT4 and the family of CAT products) is a population health tool which extracts data from the practice clinical system and presents that data to the practice in a population context using graphs and reports that allow the practice to find patient cohorts for preventative care or management.
CAT and its extracted files reside within the practice network. No data is sent outside of the practice network without practice intervention.
The ten National Privacy Principles (NPPs) contained in schedule 3 of the Privacy Act 1988 (Privacy Act) regulate how large businesses, all health service providers and some small businesses and non-government organisations handle individuals’ personal information. The Australian Privacy Principles have replaced the NPPs from 12 March 2014.
Both principles place the responsibility for the use and protection of personal information with the organisation collecting the data.
Users of CAT are responsible for the safety of the extracted data just as they are responsible for any other patient data collected in a clinic. To minimise the potential for misuse of the CAT extract files CAT has a number of data security features built in:
- When the practice staff presses the ‘Collect’ Button in Classic CAT, to create a report, two files are produced
- The two files produced by CAT are encrypted to ensure the data can only be viewed within CAT.
- A de-identified data file can be created within CAT using the ‘de-identify dataset’ tool. This is the only data file that can be exported and taken offsite either by
- using the CAT 'Send To' function (recommended) or
- copying the file to a USB stick (not recommended).
Option 1 is recommended as it
- provides password protection and encryption options so the file can be sent securely,
- keeps a history log of where and when the file has been sent and by which user login, and
- ensures that the practice has control over sending the file.
Patients who have withdrawn their consent to share data can be flagged in CAT. This will remove them from the de-identified data file. CAT is used extensively by ACCHOs/PHNs and Research Organisations around Australia to report on trends and health service provision within their catchment or research area. To create these reports no personal patient information is required and the de-identified data provided contains sufficient data to meet these needs.
This policy will be updated in line with the Privacy Act and any other Acts pertaining to the Medical records in Australia.
References:
National Privacy Principles: http://www.oaic.gov.au/privacy/privacy-act/national-privacy-principles
Australian Privacy Principles: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/australian-privacy-principles- and-national-privacy-principles-comparison-guide