Accessing patient information for research

Medical Records, eMR and Local Databases

Personal health information is collected, used or disclosed in the course of routine care. The primary purpose of collection of personal health information in the hospital setting is the provision of care.

The use of health information, including data from electronic and paper medical records, and departmental databases, for research is an example of a secondary purpose. The Health Records and Information Privacy Act 2002 External Link sets out limits on the use of health information (Health Privacy Principle 10) for purposes other than the primary purpose.

The Law

Projects that require access to patient information, including medical records (eMR/powerchart) and/or databases held locally by departments, must comply with the Health Records and Information Privacy Act 2002 (HRIP Act External Link ). The Act outlines how NSW public sector agencies and health service providers must manage personal health information. The HRIP Act sets out 15 Health Privacy Principles (HPPs) for the collection, use and disclosure of personal health information. Within the HPPs are exemptions for certain types of activity, for example, health management and research, which may allow you to access or use personal health information without seeking consent.

In addition to the HRIP Act, four PDF icon statutory guidelines External Link expand upon the HPPs within the HRIP Act. Their purpose is to guide organisations in their handling of health information and provide more detailed information regarding the scope of the HPPs. By law, both the statutory guidelines and the exemptions must be complied with. Failure to do so constitutes a breach under the Act.

Applying this to your ethics application

The statutory guideline on research requires research proposals to be submitted and reviewed by the Human Research Ethics Committee (HREC). The statutory guideline sets out the procedure for the preparation of proposals.

Organisations seeking to use or disclose health information (without the individual's consent) must comply with the guideline if they want to rely on the research exemption in HPP 10(1)(f) or 11(1)(f) schedule 1 HRIP.

Proposals will only be approved once the committee determines, as set out in the guidelines, whether the public interest in the research substantially outweighs the public interest in maintaining the level of privacy otherwise afforded by the HPPs.

It is important to note that the Act applies to both the use and disclosure of information. Medical record review involves use of health information, usually without consent, therefore you must address this in your application.

Applying this to your governance application

As part of the governance review process, where a project involves support and provision of services such as access to data from other departments within the hospital, the Principal Investigator (PI) must obtain declaration of support from these heads of these departments via REGIS.

Access to Medical Records/eMR

Health practitioners have access to medical records for the provision of clinical care. As stated above, the use of medical records for research is a secondary purpose, for which patients may not have provided consent.

Access to records for a purpose other than clinical care, without the appropriate authority, is a serious breach of the NSW Health Code of Conduct and use of eMR is randomly audited.

Process for Health Information Services (HIS) sign-off

If a project requires records from HIS, a declaration of support must be obtained from HIS by the PI through REGIS. The PI or the editor of the SSA must add ‘Health Information Services’ as a department in ‘Part C’ of the SSA within REGIS. This will enable the relevant signatory to receive a notification via email to record their decision in REGIS.

Obtaining Head of Department (HoD) support for the site application is the responsibility of the applicant.

Further information on how to request HoD support for the site application through REGIS can be found here.

Please click here for HIS contact details.

Access to medical records can only be provided once both ethics approval and governance authorisation have been issued.

Accessing Supporting Departments and Local Department Databases

For access to local departmental databases you should approach the relevant data custodian prior to application submission, to discuss the requirements of the study. This may include time requirements to pull and de-identify data.

Once there is agreement with the data custodian, add the relevant department within the SSA ‘Part C’ via REGIS. This will auto-populate the appropriate signatory within the SSA. REGIS will send an email notification to the nominated ‘Head of Department/ Data Custodian’ to record their decision via REGIS.

Some databases under NSLHD may require custodian approval for the specific data required. In these cases custodian approval must be sought and uploaded under the supporting documents section in REGIS for RGO review.

NSLHD Performance Unit

If you require admitted patient data (eMR) or Emergency Department data (FirstNet) then the assistance of the Performance Unit will be required.

To obtain this data, the NSLHD Performance Unit require the completion and submission of a Research Data Request Form and a standard fee of $135.74 applies for the provision of data (additional fees may apply).

Please email the Performance Unit at NSLHD-APU@health.nsw.gov.au for a Research Data Request Application Form.

eMaternity Data

eMaternity is the NSW wide clinical database that records maternity care from booking-in, through labour and birth, discharge and community midwifery care.

The original 'ObstetriX' database was de-activated in 2017 and Researchers are now required to request maternity data using 'eMaternity' database.

At NSLHD the Maternity clinical database is managed by the data custodian, Kristen Rickard (Kristen.Rickard@health.nsw.gov.au) or ph: 02 946 32177.