The Centre for Victorian Data Linkage (CVDL) provides data linkage facilities and services to researchers and policymakers, while adhering to relevant legislation and information privacy principles, including:
The Privacy and Data Protection Act 2014 (PDP Act) - outlined in Schedule 1, are the 10 Information Privacy Principles (IPPs)
The Health Records Act 2001 created a framework to protect the privacy of individuals' health information by establishing the Health Privacy Principles (HPPs)
The Health Services Act 1988 and Public Health and Wellbeing Act 2008 are designed to protect the health of Victoria’s population.
Assessing the data linkage feasibility
Once the CVDL receives your data linkage application, it undergoes a feasibility assessment which involves checking:
the application against the Information Privacy and Health Privacy principles to ensure privacy is maintained and to assess the risk of potential re-identification
the availability of requested data items, technical considerations, data access requirements, and alignment with the department’s objectives.
Note: The timeframe to finalise a project is dependent on several factors such as linkage complexities, and approval requirements. The CVDL Client Services team will assist as much as possible to provide an indication on a project timeframe for you to plan your project.
Ethics approval by a National Health and Medical Research Council (NHMRC)-approved Human Research Ethics Committee (HREC) is required for all research projects. It is a key part of the consideration of the public interest in a research project and of the potential for harm to the participants who are the subject of the data. Cross-jurisdictional projects require approval from an HREC accredited under the National Mutual Acceptance scheme.
The Client Services team can provide input/or feedback on ethics applications related to accessing the linked data.
The ethics application needs to be clear that the data linkage process involves the use of personal information. Unit-record level data provided by the CVDL, while de-identified, should be considered as re-identifiable, and should be considered as part of the ethics application.
Both the ethics application and the approval letter must be supplied to the CVDL.
Projects where clear, informed consent has not been given by participants are to be specifically considered by the HREC, and an endorsed ‘waiver of consent’ should be provided, as per the National Statement guidelines on Ethical conduct for Human Research projects.
Approval from a HREC is one step in the data linkage request process and does not constitute final approval for a data linkage project.
Data Custodian approval
The use of each dataset must be approved by the relevant Data Custodian.
For datasets held by the Victorian Government: the CVDL Client Services team will seek approval for the use of specific datasets on behalf of the applicant. The Data Custodians are provided with the application, research protocol, ethics approval, the specific data variables requested, and any other supporting information including data flows. In considering the project, a Data Custodian will consider operational, policy and/or specific legislative requirements.
For datasets external to the Victorian Government: the applicant must provide evidence of the relevant data custodian approval. The CVDL can assist in this process if required. More information on the Data Custodian’s role can be found on the data custodian page.
Privacy Impact Assessment
The CVDL will undertake a privacy impact threshold assessment and, if required, a full Privacy Impact Assessment (PIA) for external research projects. These assessments are completed in conjunction with the applicant and the Information Sharing and Privacy Unit in the Department and may incur a cost.
Deed of Acknowledgment and Confidentiality
All applicants must complete the Department of Health Deed of Acknowledgment and Confidentiality which outlines the terms and conditions of access to the data. It must be signed by all recipients of the data and a representative from the organisation legally responsible for the project and returned to the CVDL.
Approval to collect non-departmental data (if required)
It is a requirement of Victorian privacy legislation that the department may only collect health or personal information if it is necessary for one or more of the functions for activities of the department.
The CEO, Victorian Agency for Health Information must approve all collections of external data sources.
If the collection of external datasets(s) into the Department is approved, a Memorandum of Understanding may need to be negotiated between the Department and the external data custodians to outline obligations and conditions for the collection and use of the data.
The timeframe to finalise a project is dependent on a number of factors including number of existing projects, linkage complexities, and approval requirements. The CVDL Client Services team will assist as much as possible to provide an indication of a project timeframe to help plan your project.
Prior to publication
As part of the Department’s terms and conditions to access linked data, all analysis reports and/or presentation of linked data provided by the Department must be provided (via the CVDL Client Services team email) for review prior to submission for publication.