Lumos is a healthcare data program that combines patient information from different healthcare services to understand how patients use the health system in NSW.
It is important to know that personal information like names, addresses and birth dates from patient data at a participating general practice are removed before they leave the general practice and are never entered into Lumos. These ‘de-identified’ patient data are then combined with other health service data, like hospital records. This means we can see a patient's journey, but we can't identify who the patient is. We call this combined information the Lumos Data Asset.
For more information de-identified data, see Information and Privacy Commission of NSW Fact Sheet on de-identification of person information.
The Lumos Data Asset help us understand how patients move between different healthcare services. With this information, we can find ways to improve patient care and make sure patients get the right services at the right time and place.
The Australian healthcare system is one of the best in the world, offering safe and affordable care to everyone in Australia. It is a huge system supported by all levels of government and includes many different services and settings, including the private sector. Because it is so big and complex, it is hard to see how Australians use the health system and how it can best meet the needs of the changing population.
Often, the results of care in one service are mostly seen in another. Without linking data to explain these connections, it is hard to provide the highest quality health care. Connecting patient data held in general practice records with other health records is unique to the Lumos initiative.
Lumos helps by giving health planners in NSW a more complete view of the health system. By combining health information from different services and settings, Lumos helps to make better health decisions and shows insights on how care in one place affects care in another, for example by demonstrating the impact of visiting a general practice after being in the hospital – see Care in general practice can affect hospital visits.
Lumos is specific to the health system in NSW. However, work is underway to develop programs with similar goals in all Australian states and territories.
My Health Record is a national health record that doctors, nurses and other health professionals can use to see a specific, identified patient’s health information from different services. My Health Record can be used by staff who provide clinical care to patients for clinical decision making. You can also review your own individual My Health Record to see what health services you have used.
The Single Digital Patient Record (SDPR) is a planned single medical record for patients throughout NSW, regardless of which NSW Health hospital they attend. It will be used by staff who provide clinical care to patients for clinical decision making. The SDPR will overcome current challenge of separate systems and records between Local Health Districts (LHDs).
By contrast, Lumos data are used by policymakers, service planners and clinicians to understand areas for improvement in the health system. Lumos data cannot be used to identify individuals and therefore is not used directly in patient care. However, Lumos data are valuable for determining the range of services needed to provide care and for monitoring the impacts of existing services.
For more information on how Lumos differs from (and complements) other data initiatives, see Lumos in the Health Data Landscape.
For more information on the SDPR, see What Is the Single Digital Patient Record?
The Lumos program connects patient data from general practices (with identifiable information removed) with data from public hospitals, emergency departments, ambulance, cancer services, causes of death, outpatient services, and others. These data include health information like diagnoses, medications, and tests. See What current data collections are available in Lumos? for more detailed information.
Lumos does not collect or use information that could identify patients, such as names, addresses, or birth dates, phone numbers, driver’s license details, Medicare numbers, insurance details, or financial information.
Every piece of data used in Lumos has been approved for inclusion by the NSW Population and Health Services Research Ethics Committee who are certified to perform independent ethics reviews.
Lumos data currently includes patient records from the following datasets*:
*This list is subject to change. Please refer to the Lumos Data Book for up to date data collection information.
General practices who provide patient data to Lumos have agreed to participate in this program. These practices have worked with their local Primary Health Network to understand the benefits of Lumos and the security measures in place to protect patient data. They support sharing their patients’ data (with names, addresses and dates of birth removed) to help improve the health system.
When you go to a general practice for the first time, you will sign a consent form for a healthcare professional to provide you with medical treatment and care. The consent form will include whether you agree to have your data used for secondary purposes. Sharing data with Lumos to improve the health system is an example of a secondary purpose.
Lumos has what is called an ethical waiver of individual consent granted under guidelines for the Management of Health Services. This means that patients do not have to give individual consent to participate in Lumos because the general practice has provided consent to share their patients’ data for the management of health services. The conditions of the ethics approval are strictly governed by the Lumos Data Governance Committee.
This means that if you go to a general practice that participates in Lumos and you gave consent for secondary use of your data when you enrolled, your health records from that practice are included and are already helping to improve the services you and other patients receive.
Lumos collects patient data from participating general practices every six months. At the time of each collection, the newly collected data replaces all existing data in the Lumos Data Asset. This means that any general practices who no longer want to participate will no longer have their data included in the Lumos Data Asset, and all previously included data will be removed. General practices can stop participating in Lumos at any time.
If you have any questions about your enrolment and consent, please talk to the reception staff at your general practice.
The Lumos program applies the principle of 'Privacy by Design', an approach whereby privacy compliance related to personal information is designed into the project from the start, rather than 'retro-fitting'.
Lumos removes any identifiable information from patient data before it leaves general practices, using a technology called Privacy Preserving Record Linkage (PPRL; developed by Curtin University). We also never collect any information that has been typed into a record manually – just in case names are accidentally included.
Additional measures to protect patient privacy include storing the Lumos data in a centralised, highly secure NSW Health storage location that is heavily regulated, with strict protocols for accessing Lumos data. The Lumos Data Asset is stored in the Secure Analytics Primary Health Environment (SAPHE).
To ensure there are appropriate levels of transparency and accountability across the program, Lumos operates in collaboration with representatives from a wide range of organisations, including:
Participation occurs across the Lumos Data Governance Committee (DGC), Stakeholder Reference Group (SRG), Aboriginal Community Engagement Working Group and ad hoc across projects. For further information, please read the Lumos Data Governance Framework.
The program has been subject to a Privacy Impact Assessment (PIA) twice, in 2020 and 2022, by Salinger Privacy. The detailed assessment of the privacy impacts of the Lumos program covered:
All PIA recommendations have been implemented.
For more information on what PIA is, please visit the NSW Information and Privacy Commission.
“The Lumos Program has been well designed to protect patient privacy to a very high degree” Anna Johnston, Salinger Privacy and Former NSW Deputy Privacy Commissioner, September 2020
“The Lumos Program has been well designed to protect patient privacy to a very high degree”
Before any patient data leaves a participating general practice, Lumos uses technology called Privacy Preserving Record Linkage (PPRL) to replace information that may identify patients with codes. This means any information that could identify a person, like their name, date of birth and address, is irreversibly turned into an anonymous code before it and the rest of the patient health data are uploaded to Lumos.
At the same time, PPRL technology is also used on health data collections from NSW Health. The anonymous codes are then matched together, allowing GP and hospital data collections to be linked, creating the Lumos Data Asset.
The PPRL technology used by Lumos links data based on likeliness and has about a 95% accuracy rate. This provides a reliable snapshot of how the NSW population uses health services. However, because there is a potential for 5% difference, Lumos is only used for planning and analysing health services, and is never used for clinical decision-making.
Individuals are not identified in the Lumos data asset at any stage of the linkage process.
The implementation of PPRL methods in Australia is a practical solution for improving data access for policy, system management and population health planning. Additional information on Implementing privacy preserving recording linkage: Insight from Australian use cases is available online.
Use of PPRL aligns with the Australian Medical Association (AMA) Position Statement on Data Governance and Patient Privacy in Healthcare and Royal Australian College of General Practitioners (RACGP) principles for secondary data use, which require patient data to be de-identified before use. AMA and RACGP principles guide our work and our partnerships to deliver insights for better health outcomes.
The Lumos program operates under ethical approval* which means that an independent group with expert skills has assessed the potential risks, benefits and integrity of the program. Any major changes to the program must be reviewed and approved by the ethics committee before the changes can be made.
Further information is available on NSW Population & Health Services Research Ethics Committee.
Ethics approval reference: PHSREC 2019/ETH00660
The Lumos program has been heavily and independently assessed to ensure that it meets the highest standards of data security and confidentiality, and to ensure that the risks and likelihood of data breaches and hacks are minimal. A data breach protocol has been developed with the Lumos Data Governance Committee, which has representation from a range of different organisations and consumer representatives.
In the unlikely event of a breach, this protocol will be followed as soon as the breach is identified. The protocol includes notifying the appropriate health care entity within 24 hours, investigating the breach and assessing the risk, and responding appropriately. Any data breach and the response will also be reviewed by the Lumos Data Governance Committee and Stakeholder Reference Group.
The data held in Lumos does not pose a risk of identity theft as it does not include any directly identifiable details (‘identifiers’) or codes that can be used to access direct identifiers. For instance, as well as not including patient names, Lumos does not hold phone numbers, driver’s license details, Medicare numbers, insurance details, financial information or any other details that could be used to steal and misuse an individual’s identity credentials. This significantly reduces possibility of misuse.
See more about how your data is safely stored at How secure is my personal information? and How can data be linked if it is de-identified?
General practices that participate in Lumos get information that is unique to their services. Doctors and other healthcare professionals can get a better understanding of their patients, provide more targeted care to their patients, and improve services to better meet the needs of their patients.
Some improvements that benefit patients at the practice include:
Other health care services are developed and supported with help from Lumos data, such as Urgent Care Services which provide in-person and virtual treatment and advice for people with urgent health issues.
Visit Lumos in Action for more information on how Lumos data are benefiting communities.
Participating general practices receive information from Lumos every 6 months that they can use to inform the services they provide. We regularly receive feedback from doctors that this information is unique and invaluable in supporting them to provide the best possible care to their patients.
Some feedback that has been received from doctors about Lumos include:
“[The report] gives us perspective on our patients who are ending up in hospital. We use it to develop our internal quality improvement projects.” “We look closely at our results, especially the hospital visits and we aim to reduce them by concentrating on the different areas reflected - it gives us goals e.g. reducing COPD (Chronic Obstructive Pulmonary Disease) presentations by 25% before the next report is published”.
“[The report] gives us perspective on our patients who are ending up in hospital. We use it to develop our internal quality improvement projects.”
“We look closely at our results, especially the hospital visits and we aim to reduce them by concentrating on the different areas reflected - it gives us goals e.g. reducing COPD (Chronic Obstructive Pulmonary Disease) presentations by 25% before the next report is published”.
More feedback from participating doctors can be found in the appendix of evaluation reports, available on Lumos publications.
Access to Lumos data is limited and heavily regulated by the Lumos Data Governance Committee. A small number of statistical analysts and subject matter experts from NSW Health and NSW Primary Health Networks can access the data for the specific purpose of improving healthcare in areas such as service planning, policy, and clinical protocols.
Data access by external parties (that is, by people who are not employees of NSW Health or NSW Primary Health Networks) is strictly governed and requires partnership with either NSW Health or a NSW Primary Health Network to ensure the data are used to drive system improvements.
To ensure patient privacy, general practices are not able to directly access the Lumos Data Asset. but may seek additional analysis from their PHN. GP researchers are welcome to apply for data use.
Find out more about Accessing Lumos data.
The Lumos program is a public health data linkage program and does not sell health data. Data access is strictly governed to ensure the data are used to drive health system improvements. Lumos does not collect information that could identify patients.
Selling personal data without explicit permission is against the law and can severely undermine trust. We take this very seriously.
Your personal information is protected under the Privacy and Personal Information Protection Act 1988 (PPIP) and health information under the Health Records and Information Privacy Act 2002 (HRIP Act). Further information is available on the NSW Health Privacy Management Plan.
For more information about Lumos, please send your queries to lumos@health.nsw.gov.au.
For more information about Primary Health Networks, please visit Australian Government Department of Health and Aged Care - New South Wales Primary Health Networks.
