Go to whole of WA Government Search
Home About us Policy Frameworks Information Management

Information Management

Generating PDFGenerating PDF

Policy framework statement

The Information Management Policy Framework specifies the information management requirements that all Health Service Providers (HSPs) must comply with in order to ensure effective and consistent management of health, personal and business information across the WA health system.

Purpose

The Director General (DG) of the Department of Health is the System Manager responsible for the overall management, strategic direction and stewardship of the WA health system. The DG will use policy frameworks to ensure a consistent approach to a range of matters undertaken by HSPs.  Policy frameworks must be complied with and implemented as a part of ongoing operations.

The purpose of this policy framework is to ensure:

  • optimise the value and quality of information to support the realisation of the WA health system's vision to deliver a safe, high quality, sustainable health system for all Western Australians
  • maximise access and use of information to achieve the System Manager and Health Service Provider functions in accordance with the Health Services Act 2016 and other written laws
  • enhance transparent public reporting and real-time access to information to support better services and outcomes, and a more accountable WA Health System
  • minimise misuse and inappropriate disclosure of information
  • provide employees with the ability and knowledge to safely secure and protect sensitive, confidential and appropriately classified information
  • promote appropriate fit-for-purpose information management governance models and mechanisms
  • support the effective, efficient and consistent management of information through each stage of the information lifecycle
  • foster the adoption of contemporary best practice for data integrity and information management related processes, procedures and policies across the WA health system

Applicability

This policy framework is binding on each HSP to which it applies or relates.

Principles

The key principles that underpin this policy framework are for information in the WA health system to be:

Valued

  • by facilitating better patient treatment, health care and public health
  • by better informing decision making
  • by providing opportunities to identify effectiveness and efficiency improvements
  • by enabling research related discoveries, innovations and enhancements

Available

  • by collecting and storing relevant, timely and high quality information
  • by using methods to ensure stored information is migrated, preserved, and remains accessible and usable
  • by facilitating transparent public reporting and real-time information access
  • for the legal purposes stipulated the Health Services Act 2016, the Health Services (Regulations) Act 2017 or other written laws
  • for functions stipulated in the Health Services Act 2016 and other statutory requirements
  • through streamlined access protocols and mechanisms in accordance with the delegated authorities
  • for research purposes in accordance with the Health Services Act 2016 with approvals from the relevant Human Research Ethics Committee HREC that is constituted and acts in compliance with the National Statement on Ethical Conduct in Human Research

Shared

  • for purposes that are directly related to, and necessary for, the activities of the Health Service Providers to manage, plan, evaluate or promote, protect and maintain the health of the community
  • for the legal purposes stipulated in the Health Services Act 2016, the Health Services (Regulations) Act 2017 or other written laws
  • for functions stipulated in the Health Services Act 2016 or other written laws
  • by adopted policies, processes and procedures that support a culture of information sharing in accordance with legal requirements
  • to reduce the need to collect the same information multiple times
  • appropriately in accordance with statutory, regulatory and mandatory policy requirements and delegated authorities

Governed

  • through a clearly defined information management governance model(s) and mechanisms
  • at each stage of the information lifecycle
  • within information management systems where required and in accordance with legislative requirements
  • through transparent and accountable data governance and research ethics processes
  • in accordance with statutory, regulatory and mandatory policy requirements
  • to promote access to information for assurance purposes
  • by adopting effective models that are simple, fit for purpose and appropriate to the dataset or information being managed

Trustworthy

  • by providing policies, processes and procedures to promote high quality information
  • by adopting common definitions, interpretations, data quality statements, formats and business rules
  • by incorporating best practice data integrity and information management processes
  • by utilising audits, information specialists and subject matter experts

Secure and protected

  • by storing information in systems that are secure, protected and meet governance requirements
  • by adopting best practice for procurement, design, development, testing and implementation of information systems
  • in a manner that is transparent and accountable to protect against misuse, or the unauthorised or inappropriate collection, storage, transit, access, use, disclosure or disposal of information
  • by ensuring staff within the WA health system are informed and empowered to do everything reasonable and practicable to prevent the misuse or unauthorised access to or disclosure of information
  • by adopting security provisions to protect against unauthorised access, use, modification or disclosure
  • by ensuring information is disposed of appropriately and in accordance with any requirement for its retention and disposal
  • by mitigating and managing information breaches and security incidents
  • by ensuring compliance with statutory, regulatory and mandatory policy requirements for each stage of the information lifecycle

Legislative context

The Health Services Act 2016 refers to policy frameworks in ss. 26-27 and s. 34(2)(c). The other relevant part in the Act that relates specifically to this policy framework is Part 17.

The legislation below, may also apply:

  • Children and Community Services Act 2004
  • Commonwealth Privacy Act 1988 (Australian Privacy Principles)
  • Coroners Act 1996
  • Corruption, Crime and Misconduct Act 2003
  • Criminal Code Act Compilation Act 1913
  • Electronic Transactions Act 2011
  • Evidence Act 1906, Acts Amendment (Evidence) Act 2000
  • Freedom of Information Act 1992
  • Freedom of Information Regulations 1993
  • Health (Miscellaneous Provisions) Act 1911
  • Health and Disability Services (Complaints) Act 1995
  • Health Services (Information) Regulations 2017
  • Human Reproductive Technology Act 1991
  • Industrial Relations Act 1979
  • Mental Health Act 2014
  • National Health and Medical Research Council Act 1992
  • Public Health Act 2016
  • Private Hospitals and Health Services Act 1972
  • State Records Act 2000

Mandatory requirements

Under this policy framework HSPs must comply with all mandatory requirements* including:

*Any mandatory requirement document that references the Hospitals and Health Act 1927 must be interpreted as a requirement under the Health Services Act 2016.

Policy framework custodian

Assistant Director General
Purchasing and System Performance

Enquiries relating to this policy framework may be directed to:
PolicyFrameworkSupport@health.wa.gov.au

Review

This policy framework will be reviewed as required to ensure relevance and recency. At a minimum this policy framework will be reviewed within two years after first issue and at least every three years thereafter.

Version Effective from Effective to Amendment(s)
1 1 July 2016 30 June 2017 Original version
2 30 June 2017 1 July 2017 Major Amendment to MP 0036/16, Major Amendment to MP 0015/16.
3 1 July 2017 2 August 2017 New MP 0058/17, superseded OD 0540/14. New MP 0056/17 superseded OD 0620/15. New MP 0059/17 superseded OD 0136/08 and OD 0137/08. Rescinded OD 620/15, OD 0380/12, OD 0136/08, and OD 0137/08 from Mandatory Requirements and OD 0540/14 from Supporting Information.
4 2 August 2017 4 October 2017 New MP 0061/17.
5 4 October 2017 22 February 2018 New MP 0068/17, superseding OD 0621/15 and OD 0622/15. Rescinded OD 0621/15 and OD 0622/15 from Mandatory Requirements.
6 22 February 2018 27 June 2018 Rescinded OD 0272/10, OD 0132/08 and OD 0131/08 from Mandatory Requirements
7 27 June 2018 26 September 2018 New MP 0087/18 superseding MP 0068/17. New MP 0088/18 superseding MP0014/16.
8 26 September 2018 11 October 2018 New MP 0091/18 superseding OD 1435/01, OD 0567/14, OD 0568/14 and MP 0042/16.
9 11 October 2018 18 October 2018 Rescindment of OD 0564/14 from Mandatory Requirements
10 18 October 2018 11 July 2019 Rescindment of IC 0200/14 from Supporting Information and Major Amendment to MP 0058/17
11 11 July 2019 Current Rescindment of OD 0557/14 Information Lifecycle Management Policy and Department of Health Recordkeeping Plan 2013

Approval

This policy framework has been approved and issued by the Director General of the Department of Health as the System Manager.

Approval byDr David Russell-Weisz, Director General, Department of Health
Approval date01 July 2016
Date published19 July 2019
File numberF-AA-40150

Compliance

This policy framework is binding on those to whom it applies or relates. Implementation at a local level will be subject to audit.

Glossary of terms

Term Meaning
Access The direct access by authorised users (both internal and external to the WA health system) to information within data collections managed by the Department or Health Service Providers. Typically, direct access is gained via a network and/or system login and password to a front-end information system or to a back-end database.
Business information Includes, but is not limited to, administration, corporate, workforce, human resources, financial or accounting information that may contain personal information.
Confidentiality Obligation imposed on persons by common law, statute and/or equity which requires that information of a certain character (e.g. personal or otherwise sensitive information) be treated in confidence by those to whom it is made known or becomes known.
Data The term 'data' generally refers to unprocessed information, while the term 'information' refers to data that has been processed in such a way as to be meaningful to the person who receives it. In this policy the terms 'data' and 'information' have been used interchangeably and should be taken to mean both data and information.
Data linkage A complex technique connecting data records within and between datasets thought to relate to the same person, place, family or event. Data linkage typically uses demographic data (for example: name, date of birth, address, sex, medical record number) and facilitates analysis of linked information in a way that protects individual privacy.
Disclosure A person discloses information if they: cause the information to appear, allow the information to be seen, make the information known, reveal the information or lay the information open to view.
Disposal Refers to the action or process to destroy.
Duty of confidentiality Obligation imposed on persons by common law, statute and /or equity which requires that information of a certain character (e.g. personal or otherwise sensitive information) be treated in confidence by those to whom it is made known or becomes known.
Health information Has the meaning given in the Health Services Act 2016 in section 213 as: (a) information, or an opinion, that is also personal information, about:
  1. the health (at any time) of an individual; or
  2. a disability (at any time) of an individual; or
  3. an individual's expressed wishes about the future provision of health services to the individual; or
  4. a health service provided, or to be provided, to an individual; or

(b) other personal information collected to provide, or in providing, a health service.
Health Service Provider Health Service Provider means a health service provider established under section 32 of the Health Services Act 2016 and may include North Metropolitan Health Service (NMHS), South Metropolitan Health Service (SMHS), Child and Adolescent Health Service (CAHS), WA Country Health Service (WACHS), East Metropolitan Health Service (EMHS), Quadriplegic Centre, PathWest and Health Support Services (HSS).
Human Research Ethics Committee (HREC) A human research ethics committee constituted in accordance with, and acting in compliance with, the National Statement on Ethical Conduct in Human Research.
Information Refer to data.
Information Governance Refers to the processes used to manage the availability, usability, integrity and security of information assets.
Information Lifecycle Information lifecycle is the sequence of operational activities for managing information from creation to disposal. The activities within the information lifecycle are collection, storage, access/disclosure, use and disposal.
Information Management Refers the management of information across all stages of the information lifecycle.
National Statement Refers to the National Statement on Ethical Conduct in Human Research which are a series of guidelines that are produced in accordance with the National Health and Medical Research Council Act 1992 (Cwlth) clause 7(1) (a).
Personal information

Has the meaning given in the Freedom of Information Act 1992 in the Glossary clause 1:

Means information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual, whether living or dead -

(a) whose identity is apparent or can reasonably be ascertained from the information or opinion; or

(b) who can be identified by reference to an identification number or other identifying particular such as a fingerprint, retina print or body sample.

Privacy1 An individual's right or expectation that their information will be maintained securely and in confidence.
Secure/Protected Refers to information that is secured and protected from unauthorised access or misuse across all stages of the information lifecycle.
Use A person ‘uses’ information if they: employ the information for some purpose, put the information into service, turn the information to account, avail themselves of the information or apply the information for their own purposes.
WA health system Pursuant to section 19(1) of the Health Services Act 2016, means the Department of Health, Health Service Providers and to the extent that Contracted Health Entities provide health services to the State, the Contracted Health Entities.

1National Health and Medical Research Council - Principles for Accessing and Using Publicly Funded Data for Health Research Canberra
https://www.nhmrc.gov.au/principles-accessing-and-using-publicly-funded-data-health-research
wa.gov.au