The Department of Health is committed to maintaining privacy. In addition to multiple layers of protection already provided by the Department of Health WA, the following are applied:

  • A strong professional culture among staff that values the protection of individual privacy. Data Engineers in Data Linkage Services are employed under the Public Sector Management Act 1994 (WA) and are bound by its privacy and confidentiality provisions. Staff also undergo Criminal Record Screening.
  • All Data Linkage staff members sign confidentiality acknowledgements required to link sensitive data.
  • The content information provided to Data Applicants (such as details of diagnosis or treament) are stored and worked on separately to the identifying information used for linkage (such as name, date of birth and address) – see ‘The Separation Principle’ below.
  • A stringent review process is enforced to ensure formal approval for the project has been granted by the Data Custodian/s (the person who manages that dataset).


The Separation Principle

A separation principle was developed to address privacy concerns and enable Data Custodians to retain control over access to information in their care. This protocol, described in Kelman (2002), is now referred to as “best practice protocol” and is used widely by a number of linkage centres around the world.

Data Linkage Services aims to protect privacy by restricting access to personal identifying information through proper application of the Separation Principle.

The principle consists of four distinct steps. In this way, access to identifying information is restricted to a specialised Linkage Team who perform the first and second steps. Data Custodians are involved in the third step. Data Applicants are only involved in the last step and therefore do not need to access any personal identifying information.

1. Data Engineers within the Data Linkage team create, store and manage links in a dynamic Linkage System using confidential personal demographic information.

2. Data Engineers within the Data Linkage team extract subsets of links from the Linkage System, then encrypt these “linkage keys” differently for each particular project.

3. Encrypted “linkage keys” are used to merge with clinical or service details (known as ‘content data’) for that particular project.

4. Data Applicants receive content data to conduct their analyses.

To find out more about application of the separation principle, we recommend reading this article published by the Australian Government National Statistical Service.