Home About us Policy Frameworks Information Management

Information Management

Generating PDF

Policy framework statement

The Information Management Policy Framework specifies the information management requirements that all Health Service Providers (HSPs) must comply with in order to ensure effective and consistent management of health, personal and business information across the WA health system.

Purpose

The purpose of this policy framework is to:

optimise the value and quality of information to support the realisation of the WA health system's vision to deliver a safe, high quality, sustainable health system for all Western Australians
maximise access and use of information to achieve the System Manager and Health Service Provider functions in accordance with the Health Services Act 2016 and other written laws
enhance transparent public reporting and real-time access to information to support better services and outcomes, and a more accountable WA health system
minimise misuse and inappropriate disclosure of information
provide employees with the ability and knowledge to safely secure and protect sensitive, confidential and appropriately classified information
promote appropriate fit-for-purpose information management governance models and mechanisms
support the effective, efficient and consistent management of information through each stage of the information lifecycle
foster the adoption of contemporary best practice for data integrity and information management related processes, procedures and policies across the WA health system.

Applicability

This policy framework is binding on each HSP to which it applies or relates.

Principles

The key principles that underpin this policy framework are for information in the WA health system to be:

Valued

by facilitating better patient treatment, health care and public health
by better informing decision making
by providing opportunities to identify effectiveness and efficiency improvements
by enabling research related discoveries, innovations and enhancements.

Available

by collecting and storing relevant, timely and high quality information
by using methods to ensure stored information is migrated, preserved, and remains accessible and usable
by facilitating transparent public reporting and real-time information access
for the legal purposes stipulated the Health Services Act 2016, the Health Services (Regulations) Act 2017 and other written laws
for functions stipulated in the Health Services Act 2016 and other statutory requirements
through streamlined access protocols and mechanisms in accordance with the delegated authorities
for research purposes in accordance with the Health Services Act 2016 with approvals from the relevant Human Research Ethics Committee HREC that is constituted and acts in compliance with the National Statement on Ethical Conduct in Human Research.

Shared

for purposes that are directly related to, and necessary for, the activities of the Health Service Providers to manage, plan, evaluate or promote, protect and maintain the health of the community
for the legal purposes stipulated in the Health Services Act 2016, the Health Services (Regulations) Act 2017 or other written laws
for functions stipulated in the Health Services Act 2016 or other written laws
by adopted policies, processes and procedures that support a culture of information sharing in accordance with legal requirements
to reduce the need to collect the same information multiple times
appropriately in accordance with statutory, regulatory and mandatory policy requirements and delegated authorities.

Governed

through a clearly defined information management governance model(s) and mechanisms
at each stage of the information lifecycle
within information management systems where required and in accordance with legislative requirements
through transparent and accountable data governance and research ethics processes
in accordance with statutory, regulatory and mandatory policy requirements
to promote access to information for assurance purposes
by adopting effective models that are simple, fit for purpose and appropriate to the dataset or information being managed.

Trustworthy

by providing policies, processes and procedures to promote high quality information
by adopting common definitions, interpretations, data quality statements, formats and business rules
by incorporating best practice data integrity and information management processes
by utilising audits, information specialists and subject matter experts.

Secure and protected

by storing information in systems that are secure, protected and meet governance requirements
by adopting best practice for procurement, design, development, testing and implementation of information systems
in a manner that is transparent and accountable to protect against misuse, or the unauthorised or inappropriate collection, storage, transit, access, use, disclosure or disposal of information
by ensuring staff within the WA health system are informed and empowered to do everything reasonable and practicable to prevent the misuse or unauthorised access to or disclosure of information
by adopting security provisions to protect against unauthorised access, use, modification or disclosure
by ensuring information is disposed of appropriately and in accordance with any requirement for its retention and disposal
by mitigating and managing information breaches and security incidents
by ensuring compliance with statutory, regulatory and mandatory policy requirements for each stage of the information lifecycle.

Legislative context

This policy framework is made pursuant to ss 26(2)(k) of the Health Services Act 2016.

The Health Services Act 2016 refers to policy frameworks in ss. 26-27 and s. 34(2)(c). Other relevant part in the Act that relates specifically to this policy framework is Part 17.

The legislation below, may also apply:

Children and Community Services Act 2004
Commonwealth Privacy Act 1988 (Australian Privacy Principles)
Coroners Act 1996
Corruption, Crime and Misconduct Act 2003
Criminal Code Act Compilation Act 1913
Electronic Transactions Act 2011
Equal Opportunity Act 1984
Evidence Act 1906, Acts Amendment (Evidence) Act 2000
Freedom of Information Act 1992
Freedom of Information Regulations 1993
Health (Miscellaneous Provisions) Act 1911
Health and Disability Services (Complaints) Act 1995
Health Services (Information) Regulations 2017
Human Reproductive Technology Act 1991
Industrial Relations Act 1979
Mental Health Act 2014
National Health and Medical Research Council Act 1992
Public Health Act 2016
Health Services Act 2016
State Records Act 2000

Mandatory requirements

Under this policy framework HSPs must comply with all mandatory requirements* including:

Collection

Access, Use and Disclosure

Storage and Disposal

Governance

Information Management Governance Policy - MP 0152/21

Supporting information

There is no supporting information for this policy framework.

Policy framework custodian

Assistant Director General
Purchasing and System Performance

Enquiries relating to this Policy Framework may be directed to: PolicyFrameworkSupport@health.wa.gov.au

Review

Show allHide review details

This policy framework will be reviewed as required to ensure relevance and recency. At a minimum this policy framework will be reviewed within two years after first issue and at least every three years thereafter.

Version	Effective from	Effective to	Amendment(s)
45	8 March 2023	Current	Minor amendment to MP 0152/21 Information Management Governance Policy. Inclusion of statement to Section 3: Steward Recommendation within the Related Document forms: Recommendation of Sponsor Form, Recommendation of Custodian Form and Recommendation of Administrator Form.
44	16 February 2023	8 March 2023	Amendment to MP 0144/20 Information Retention and Disposal Policy. Amended Digitalization Specifications link within related document: Patient Information Retention and Disposal Schedule Requirements. Amended related document link: Digitalization Specifications link.
43	3 February 2023	16 February 2023	Amendment to MP 0164/21 Patient Activity Data Policy - minor amendment to one URL link within related documents: Hospital Morbidity Data Collection Data Specifications and Mental Health Data Collection Data Specifications.
42	31 August 2022	3 February 2023	Amendment to MP 0164/21 Patient Activity Data Policy - minor amendment to Supporting Information document Patient Activity Data Policy Information Compendium.
41	29 August 2022	31 August 2022	Amendment to MP 0164/21 Patient Activity Data Policy - minor amendments to Related Document Non-Admitted Patient Data Collection Data Dictionary.
40	26 July 2022	29 August 2022	Amendment to MP 0152/21 Information Management Governance Policy. Amendments to Related Documents and Supporting Information to reflect the Collection and Disclosure of Health Information Delegations 2022. Included updated definition for WA health system.
39	24 June 2022	26 July 2022	Amendment to MP 0144/20 Information Retention and Disposal Policy. Replaced the related document RD 2014001 Patient Information Retention and Disposal Schedule PIRDS with DA 2019-008 Patient Information Retention and Disposal Schedule. Included Patient Information Retention and Disposal Schedule Requirements as a related document.
38	22 June 2022	24 June 2022	Annual review and amendment to MP 0164/21 Patient Activity Data Policy - inclusion of 2022-2023 Related Documents and Supporting Information.
37	29 November 2021	22 June 2022	Amendment to MP 0015/16 Information Access, Use and Disclosure Policy - amendment to page 29 of Supporting Information document Information Access, Use and Disclosure Policy Resource Compendium. Removed reference to Data Practice Code document as no longer relevant.
36	9 September 2021	29 November 2021	Minor Amend to MP 0164/21 Patient Activity Data, revision and link update to Supporting Information - Contracted Care Supplementary Information - referenced in the Information Compendium.
35	19 August 2021	9 September 2021	MP 0146/20 Information Classification Policy - Amend links to the Related Document- Western Australian Information Classification Policy and to Supporting Information - Western Australian Information Classification Policy Assessment Flow Chart and Western Australian Information Classification Policy Business Impact Levels Tool.
34	23 July 2021	19 August 2021	Minor Amendment to MP 0015/16 v.2.2 Information Access Use and Disclosure Policy - amendment to one Supporting Information document Information Access, Use and Disclosure Policy Resource Compendium.
33	29 June 2021	23 July 2021	Minor Amendment to MP 0152/21 Information Management Governance Policy - addition of two new Supporting Information Documents (Templates).
32	15 June 2021	29 June 2021	New MP 0164/21 Patient Activity Data Policy, published in advance of implementation on 1 July 2021. New MP 0164/21supersedes:MP 0058/17 Admission Policy, MP 0056/17 Clinical Coding Policy, MP 0143/20 Emergency Department Data Collection and Reporting Policy, MP 0059/17 Hospital Morbidity Data Reporting Cycle and Edit Protocol Policy, MP 0088/18 Elective Services Wail List Data Collection Data Reporting Requirements Policy, MP 0087/18 Non-Admitted Activity Recording and Reporting Policy, MP 0036/16 Data Reporting Requirements for Episodes of Admitted Maintenance Care Policy, MP 0061/17 Data Reporting Requirements for Episodes of Admitted Palliative Care Policy.
31	10 June 2021	15 June 2021	Major amendment to MP 0144/20 Information Retention and Disposal Policy. Changes to Related Documents.
30	11 May 2021	10 June 2021	New MP 0157/21 Establishment and Workforce Data Policy to supersede MP 0091/18 Workforce Data Policy.
29	28 April 2021	11 May 2021	Minor amendment to MP 0135/20 Information Breach Policy for Related document Information Breach Notification Form.
28	18 March 2021	28 April 2021	Major Amendment to include additional Related document to MP 0144/20 Information Retention and Disposal Policy.
27	18 February 2021	18 March 2021	IC 0179/14 Guidelines for the Transmission of Personal Health Information by Facsimile Machine superseded by MP 0067/17 Information Security Policy.
26	16 February 2021	18 February 2021	New MP 0152/21 Information Management Governance Policy to supersede MP 0011/16 Data Stewardship and Custodianship Policy.
25	4 December 2020	16 February 2021	Publish MP 0145/20 Information Storage Policy to supersede OD 0559/14 Information Storage and Disposal Policy. Publish MP 0146/20 Information Classification Policy to supersede OD 0537/14 Information Classification Policy.
24	1 December 2020	4 December 2020	Publish New MP 0144/20 Information Retention and Disposal Policy to supersede MP 0002/16 Patient Information Retention and Disposal Schedule Policy and OD 0583/15.
23	22 October 2020	1 December 2020	Rescinded OD 0558/14.
22	21 September 2020	22 October 2020	New MP 0143/20 Emergency Department Data Collection and Reporting Policy superseded OD 0205/09. Rescinded OD 0464/13.
21	10 August 2020	21 September 2020	Rescindment of OD 0122/08 and OD 0574/14.
20	13 July 2020	10 August 2020	Major Amendment to MP 0058/17 Admission Policy.
19	29 June 2020	13 July 2020	Minor Amendment to remove the WA Data Linkage Branch Access and Charging Policy from Mandatory requirements.
18	15 June 2020	29 June 2020	Rescindment of OP 1944/05 from Mandatory requirements.
17	7 May 2020	15 June 2020	Rescindment of IC 0208/14 from Supporting Information.
16	6 May 2020	7 May 2020	New MP 0135/20 Information Breach Policy.
15	17 October 2019	6 May 2020	Major Amendment MP 0015/16 Information Access, Use and Disclosure Policy. Rescindment of IC 0177/14 from Supporting Information.
14	17 September 2019	17 October 2019	Aboriginal standardised position information added to Request Form (Related Document) and Information Compendium (Supporting Information).
13	6 August 2019	17 September 2019	Amendment to the Framework resulting from consultation and research include: purpose, principles (including key elements within the principles), realignment of the mandatory policy groupings, definitions, and addition of the General Disposal Authority for State Government Information.
12	30 July 2019	6 August 2019	Major Amendment MP 0087/18 Non-Admitted Activity Recording and Reporting Policy.
11	11 July 2019	30 July 2019	Rescindment of OD 0557/14 and Department of Health Recordkeeping Plan 2013.
10	18 October 2018	11 July 2019	Rescindment of IC 0200/14 from Supporting Information and Major Amendment to MP 0058/17 Admission Policy.
9	11 October 2018	18 October 2018	Rescindment of OD 0564/14 from Mandatory Requirements
8	26 September 2018	11 October 2018	New MP 0091/18 Workforce Data Policy, superseded OD 1435/01, OD 0567/14, OD 0568/14 and MP 0042/16 Standardised Position Titles Policy.
7	27 June 2018	26 September 2018	New MP 0087/18 Non Admitted Activity Recording and Reporting Policy, superseded MP 0068/17 Non-Admitted Activity Recording and Reporting Policy. New MP 0088/18 Elective Services Wait List Data Collection Data Reporting Requirements Policy, superseded MP 0014/16 Elective Services Wait List Data Collection (ESWLDC): Data Reporting Requirements for Health Service Providers.
6	22 February 2018	27 June 2018	Rescinded OD 0272/10, OD 0132/08 and OD 0131/08 from Mandatory Requirements.
5	4 October 2017	22 February 2018	New MP 0068/17 Non-Admitted Activity Recording and Reporting Policy, superseded OD 0621/15 and OD 0622/15. Rescinded OD 0621/15 and OD 0622/15 from Mandatory Requirements.
4	2 August 2017	4 October 2017	New MP 0061/17 Data Reporting Requirements for Episodes of Admitted Palliative Care.
3	1 July 2017	2 August 2017	New MP 0058/17 Admission Policy, superseded OD 0540/14. New MP 0056/17 Clinical Coding Policy, superseded OD 0620/15. New MP 0059/17 Hospital Morbidity Data Reporting Cycle and Edit Protocol Policy, superseded OD 0136/08 and OD 0137/08. Rescinded OD 620/15, OD 0380/12, OD 0136/08, and OD 0137/08 from Mandatory Requirements and OD 0540/14 from Supporting Information.
2	30 June 2017	1 July 2017	Major Amendment to MP 0036/16 Data Reporting Requirements for Episodes of Admitted Maintenance Care, Major Amendment to MP 0015/16 Information Access, Use and Disclosure Policy.
1	1 July 2016	30 June 2017	Original version

Show allHide review details

Approval

This policy framework has been approved and issued by the Director General of the Department of Health as the System Manager.

Approval by	Dr David Russell-Weisz, Director General, Department of Health
Approval date	01 July 2016
Date published	19 July 2019
File number	F-AA-40150

Compliance

This policy framework is binding on those to whom it applies or relates. Implementation at a local level will be subject to audit.

Glossary of terms

Term	Meaning
Access	The direct access by authorised users (both internal and external to the WA health system) to information within data collections managed by the Department or Health Service Providers. Typically, direct access is gained via a network and/or system login and password to a front-end information system or to a back-end database.
Business information	Includes, but is not limited to, administration, corporate, workforce, human resources, financial or accounting information that may contain personal information.
Confidentiality	Obligation imposed on persons by common law, statute and/or equity which requires that information of a certain character (e.g. personal or otherwise sensitive information) be treated in confidence by those to whom it is made known or becomes known.
Data	The term 'data' generally refers to unprocessed information, while the term 'information' refers to data that has been processed in such a way as to be meaningful to the person who receives it. In this policy the terms 'data' and 'information' have been used interchangeably and should be taken to mean both data and information.
Data linkage	A complex technique connecting data records within and between datasets thought to relate to the same person, place, family or event. Data linkage typically uses demographic data (for example: name, date of birth, address, sex, medical record number) and facilitates analysis of linked information in a way that protects individual privacy.
Disclosure	A person discloses information if they: cause the information to appear, allow the information to be seen, make the information known, reveal the information or lay the information open to view.
Disposal	Refers to the action or process to destroy.
Duty of confidentiality	Obligation imposed on persons by common law, statute and /or equity which requires that information of a certain character (e.g. personal or otherwise sensitive information) be treated in confidence by those to whom it is made known or becomes known.
Health information	Has the meaning given in the Health Services Act 2016 in section 213 as: (a) information, or an opinion, that is also personal information, about: (i) the health (at any time) of an individual; or (ii) a disability (at any time) of an individual; or (iii) an individual's expressed wishes about the future provision of health services to the individual; or (iv) a health service provided, or to be provided, to an individual; or (b) other personal information collected to provide, or in providing, a health service.
Health Service Provider	Health Service Provider means a health service provider established under section 32 of the Health Services Act 2016 and may include North Metropolitan Health Service (NMHS), South Metropolitan Health Service (SMHS), Child and Adolescent Health Service (CAHS), WA Country Health Service (WACHS), East Metropolitan Health Service (EMHS), Quadriplegic Centre, PathWest and Health Support Services (HSS).
Human Research Ethics Committee (HREC)	A human research ethics committee constituted in accordance with, and acting in compliance with, the National Statement on Ethical Conduct in Human Research.
Information	Refer to data.
Information Governance	Refers to the processes used to manage the availability, usability, integrity and security of information assets.
Information Lifecycle	Information lifecycle is the sequence of operational activities for managing information from creation to disposal. The activities within the information lifecycle are collection, storage, access/disclosure, use and disposal.
Information Management	Refers the management of information across all stages of the information lifecycle.
National Statement	Refers to the National Statement on Ethical Conduct in Human Research which are a series of guidelines that are produced in accordance with the National Health and Medical Research Council Act 1992 (Cwlth) clause 7(1) (a).
Personal information	Has the meaning given in the Freedom of Information Act 1992 in the Glossary clause 1: Means information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual, whether living or dead - (a) whose identity is apparent or can reasonably be ascertained from the information or opinion; or (b) who can be identified by reference to an identification number or other identifying particular such as a fingerprint, retina print or body sample.
Privacy¹	An individual's right or expectation that their information will be maintained securely and in confidence.
Secure/Protected	Refers to information that is secured and protected from unauthorised access or misuse across all stages of the information lifecycle.
Use	A person ‘uses’ information if they: employ the information for some purpose, put the information into service, turn the information to account, avail themselves of the information or apply the information for their own purposes.
WA health system	Pursuant to section 19(1) of the Health Services Act 2016, means the Department of Health, Health Service Providers and to the extent that Contracted Health Entities provide health services to the State, the Contracted Health Entities.

¹National Health and Medical Research Council - Principles for Accessing and Using Publicly Funded Data for Health Research Canberra
https://www.nhmrc.gov.au/about-us/publications/principles-accessing-and-using-publicly-funded-data-health-research

Back to the top