When to make a Public Health Act (PHA) application

Information about applying

Information held by Queensland Health includes personal and confidential information. There are strict laws in place to prevent the use and sharing of that information without appropriate permission.

A researcher who wishes to use information held by Queensland Health may be required to apply for that information under the Public Health Act 2005. We can only provide information held by Queensland Health. We don’t have jurisdictional authority or administrative responsibility for information held by the private health sector or the Commonwealth Government.

When do you need to make a PHA application?

If the information you are seeking is protected by laws relating to confidentiality or privacy, a legal authority must be identified before the information can be disclosed. Legislation protects information that could identify an individual.

The best practice and preferred basis for seeking disclosure of information is with the informed consent of the person whom the information relates, or where applicable, a substitute decision maker.

Provisions allowing disclosure in Part 7 of the Hospital and Health Boards Act 2011 may be applicable to your project, depending on the type of information being sought, the requestor's role or position and the purpose of disclosure.

Approval under the PHA allows information to be disclosed for research under strict conditions, irrespective of whether the individual to whom the information relates has provided consent.

You will need to make a PHA application if:

• the information you are seeking is protected by legislation, and
• there is no other lawful basis for the information to be disclosed to you (such as consent).

A data custodian may also request you get PHA approval before giving you any information.

The Queensland Health Guideline for Disclosure of Confidential Information for Research (PDF 261 kB) provides further information in relation to legal protections applicable to confidential and personal information, and the pathways available for disclosure. This includes information and links to resources to help assess whether an individual could be identified from the imformation sought to be disclosed.

Who can apply for PHA approval

A PHA application may be made by either:

• the coordinating principal investigator (CPI) for multi-centre research, and on behalf of all sites
• the principal investigator (PI) for single-site research – this is the person who has been given HREC approval.

Human Research Ethics Committee (HREC)

Your application must include a copy of the HREC review letter and state:

• the views of the HREC about the research
• contact details for the committee.

The research project can only be reviewed by a fully constituted HREC registered with the National Health and Medical Research Council (NHMRC). This means it can’t be reviewed by a standalone low risk research committee.

The National Statement on Ethical Conduct of Research in Humans (National Statement) on the NHMRC website has information about qualifying for waiving conditions of consent.

Waiver of consent versus PHA approval

A waiver of consent is granted by an ethics committee after due consideration and justification for the waiver by the research applicant. It’s a decision based on ethical principles set out in the National Statement. When an HREC grants a Waiver of Consent, it doesn’t overrule state or national laws relating to privacy and confidentiality. You may still require a PHA approval to be given the information.

Your application

Initial application

• The title of your research project must be the same on your HREC approval letter and your PHA application.
• Your project scope must be the same in both your HREC documentation, including the approved protocol, and your PHA application.
• All members of the research team who will be using the information must be named on the application form.

Applying for an amendment

Changes to the research team

If there will be more people using the information than have been named in your application, you must amend your PHA application as soon as possible. The amended application must be re-signed by the CPI or the PI. The information can’t be used by anyone who hasn’t been named in your application.

To amend your PHA application, you must:

• make changes in your original form, highlighting or using tracked changes showing the change in researchers
• have the CPI or PI re-sign and date the Undertaking of Confidentiality
• include a copy of the HREC amendment approval - if approval is needed.

Email the amended application to PHA@health.qld.gov.au.

All other changes

If your project changes after you’ve received HREC approval, you may need to get the changes approved by the HREC before we consider your application.

To do this you’ll need to submit an amendment request to the HREC, as per their preferred process. Please check with the HREC administrator if you are unsure.

For these other changes, you’ll need to submit a new PHA application:

• using your original application form with changes highlighted or using track changes
• with the undertaking of confidentiality re-signed by the CPI or PI, including the date of re-signing
• including a ‘clean’ - not highlighted or tracked copy of your changed application
• including a copy of the HREC amendment approval - if approval is needed.

Email the amended application to PHA@health.qld.gov.au.

Sometimes changes don’t need further HREC or PHA approval, but you should check with your HREC and contact us for advice.

Who will access the information to be provided to the researchers?

As per s281 of the Public Health Act 2005, only a 'relevant person', or chief executive can provide the required information to the research team after PHA approval has been given.

Read more about the definition of a relevant person in the Public Health Act 2005 s281(4).

Please note, even if an employee has direct access to patient information (e.g. the ieMR) for clinical purposes, they will need to identify a legal authority if seeking to access and use that information for research purposes.

Access to Queensland Health information systems containing confidential information may be given to external persons in the limited circumstances permitted in the legislation (e.g. for prescribed health professionals). Legal advice is recommended if the method of disclosure for research is proposed to be by 'access' to a Queensland HEalth information system.

Who will be using the information?

You must include the names of anyone who will be seeing or using the information requested in your application. This includes information that’s identifiable, re-identifiable or potentially identifiable.

Only the people who need to use the information for research should be named. However, if requested, you must be able to justify why each person needs to see the patient information.

The risk of a breach of patients’ privacy and confidentiality increases with the number of people who are given patient information.

Rationale for why the giving of information is in the public interest per section 284 of PHA

When we’re considering your application, we must decide if the release of patient information is in the public’s best interest.

You’ll need to explain how being given the information potentially benefits the public and outweighs any potential risk to the public.

Date range for information sought

You must include a start and end date for the period of time from which you want to receive information. This question is asking about the date range for the data you want, not the actual date on which you want to be given the data.

For future data, the date range can either be 5 years from the date of ethics approval, or the expiry date of the HREC approval - whichever is sooner. Approval won’t be given for a date range beyond the HREC expiry date.

Duration of the PHA approval

Your PHA approval dates are the same as your HREC approval dates.

If your ethics approval has an expiry date, your PHA approval also expires on this date.

Some HRECs give an ongoing approval, provided that an annual report is submitted by a due date. If you don’t submit the annual report, the ethics approval will lapse and so will the PHA approval. If the PHA approval lapses, you’re not allowed to use the information provided to you under the PHA.

You must provide us with a copy of the HREC documentation that confirms they’ve received your annual report and that the HREC approval is ongoing. This must be submitted to the PHA office within 60 days of the date specified by your HREC for the annual report.

If your application has an expiry date or extension

If your HREC approval has an expiry date and you want an extension, you must submit an amendment request to the HREC.

If you also want to extend your PHA approval, you’ll need to submit the following to the PHA Office:

• evidence of HREC approval of the extension to our office
• your request for an extension of the PHA approval.

You must do this before your current approval expires.

If you don’t do this, your PHA grant will expire, and you won’t be able to use the information given under the PHA grant.

Describing the information you need

In the PHA application, you must include a description of the data items, datasets and databases you need information from.

Check with the relevant data custodians (PDF 227 kB) that the information is available and identified correctly. Before a data custodian signs your application form, they should understand what information you’re asking for and how it will be used. This includes where the data will come from and who will be using it.

The data custodian can only provide the data described in your approved application. The names of the dataset and databases should be identified clearly in the section where they sign to approve the giving of the information.

All references to data items must be consistent throughout your application form.

Privacy, confidentiality and security of information

You must specify how the security and confidentiality of patient information will be managed, including:

• which applicants will be given the information from Queensland Health in the first instance
• who the information will be shared with
• how you’ll transfer the information securely
• how the information will be held, stored and accessed securely
• where the information will be held, stored and accessed.

We also need to know how information will be stored long term and the eventual destruction of the data.

Undertaking of Confidentiality

Make sure the CPI or the PI signs and dates the Undertaking of Confidentiality which sits at the end of your application.

The person to whom the HREC approval is addressed is the CPI or the PI for the purposes of the PHA application.

If you’d like to more about the terms used in research, you can read our glossary.