top of page

Data Governance

We take data seriously and uphold the values of security and trust, ensuring that data ethics and confidentiality are at the forefront of our practices.

Adherence to RACGP Guidelines 


We follow the principles of the RACGP guidelines for the secondary use of de-identified data. Our data governance strictly adheres to the GPRN Data and Clinical Governance Framework, guided by RACGP principles for the secondary use of de-identified data, considering legal, ethical, and technical perspectives. To assess risk, we employ the Five Safes framework, which evaluates five dimensions associated with data sharing or release proposals: Safe People, Safe Projects, Safe Settings, Safe Data, and Safe Outputs. We provide a Data Management Plan upon request. 


The GPRN adhers to the primary principle that data must be used for good purpose, where good purpose is defined according to the quintuple aim. Our clinical governance aligns with RACGP Standards for general practices (5th Edition) Guidelines, RACGP Guidelines on Secondary Use of Deidentified Data and NSQHS standards. Every research project undergoes rigorous review by the General Practice Research Network's Clinical and Data Governance committee for approval. All approved research projects must be in line with the GPRN Data Governance Framework. 

Data Security 

Data security is a multi-faceted endeavour, covering data storage security, platform and network security, proactive threat detection, auditing, and compliance with legislation, regulations, and industry-specific certifications. PenCS provides comprehensive security measures and encrypt data by default both during transmission and while at rest. Our software platforms are meticulously designed and structured to ensure the safety, integrity, and security of patient data. They are fully compliant with the Privacy Act 1988, Privacy Amendment Act 2012, and the Privacy Regulation 2013. In addition, PenCS is proudly ISO27001 Certified. 


Privacy Protection 


Patient data is de-identified, with no specific patient or clinician names, Medicare numbers, or other identifying data. The software is designed to safeguard the safety, integrity, and security of patient data. We strictly comply with the Privacy Act 1988, including the Australian Privacy Principles and all applicable privacy legislation. Furthermore, we have conducted a Privacy Impact Assessment, which is available upon request. 

bottom of page