Technology and Data Security Charter
BioGrid Australia Ltd is a not-for-profit company limited by guarantee with charity status owned by the Australian medical research industry. Company members are those parties that have signed the BioGrid Australia Collaboration Agreement and include a number of Australian health service organisations, medical research institutes and universities. Data governance and patient privacy are at the core of BioGrid’s federated data sharing platform that securely links patient level clinical, bio-specimen, genetic variance, imaging and administrative datasets from multiple sources for the purpose of ethically approved medical research.
An independent Board of Directors governs BioGrid. BioGrid’s Member Management Committee provides direction to the BioGrid management team in accordance with the provisions of the Collaboration Agreement.
BioGrid empowers data-driven decisions by connecting health information enabling researchers to ethically capture, link, analyse privacy-protected data more efficiently and cost-effectively than ever before. BioGrid provides vital governance and technical support to researchers across Australia by providing them with authorised access to coded (i.e. with personally identifying information removed) real time clinical, genomic, imaging and administrative data from health institutions and jurisdictions across Australia.
Only authorised researchers with approval from data custodians as well as approval from an accredited Human Research Ethics Committee for their research study are permitted to access coded (i.e. with personally identifying information removed) data from BioGrid; this is managed through BioGrid’s Access Request System. Personal identifiers are stored separately from clinical information within BioGrid and are inaccessible to researchers; researchers can only access coded data through BioGrid.
BioGrid is highly committed to protecting the security of data it manages and the privacy and confidentiality of participants to whom the data pertains. Significant efforts have been made to minimise the risk of a breach of data security. State of the art techniques are used to encrypt and transmit data when accessed for research. BioGrid has implemented systems and processes to ensure the privacy and confidentiality of participant data within its research platform. This covers regular monitoring and management of all systems such as monitoring access including unsuccessful attempts to access the BioGrid network and applying relevant security patches across the BioGrid ICT network.
Information and data within the BioGrid secure ICT network is only made available for authorised researchers to access if the following is in place:
- Researchers must agree to the BioGrid Australia Terms and Conditions of Access to Data, which requires that they do not provide the data to unauthorised researchers and that they may use the data only for ethically approved projects; and
- Researchers must obtain approval from an accredited Human Research Ethics Committee for their research project that wishes to access data through BioGrid.
BioGrid uses a proven Information Security Risk Management framework that fully complies with, and in some areas, exceeds the requirements specified in the international standard, ISO 27005. BioGrid has regular independent security audits conducted and has documented and manages the residual risks identified. External audits assess BioGrid for its compliance to policy and examine practices in remote access, network, side channels and virtual private networks. In addition, the external audit assesses and reports on the practices BioGrid Australia has in place for monitoring and reporting the state of the ICT security.
BioGrid has implemented several security systems and processes to protect data against misuse, loss and unauthorised access. Security measures include:
- Source databases are held on a secure server and a copy of the source data is stored on a separate, secure Research Repository server. BioGrid accesses the copy of the data to protect the source data against loss or corruption via BioGrid. Authorised researchers access coded (i.e. with personally identifying information removed) data from the secure Research Repository server which stores a copy of the source data.
- All data connections and transfers within the BioGrid infrastructure are performed over secure network connections, preventing unauthorised data access.
- Participant identifiers are stored separately from clinical information and are inaccessible to researchers through BioGrid. Researchers can only access coded data (i.e. with personally identifying information removed) through BioGrid.
- Data can only be accessed through BioGrid using BioGrid-supplied authentication details. These login details are only provided to authorised researchers after ethical approval has been granted and they have agreed to the BioGrid Australia Terms and Conditions.
Data security is of the utmost importance to BioGrid. Should you have any further queries regarding the security of data within BioGrid or how BioGrid manages authorised access to data, please contact us.