The Lumos program has many controls to minimise privacy risks and promote transparency and accountability across the program. Below are some measures in place. 
Ethical approval
Lumos is ethically approved by the NSW Population and Health Services Research Ethics Committee (PHSREC ref 2019/ETH00660) to link data for the planning, funding, management and evaluation of health services.
Operating under ethical approval means that an independent panel has assessed the potential risks, benefits and integrity of the program. Any major changes to the program must be reviewed and approved by the ethics committee.
Built on collaboration and strong governance
The Lumos team operates in collaboration with representatives from a wide range of organisations, including:
- Primary Health Networks (PHNs) (Lumos partners with NSW Health)
- Local Health Districts (LHDs)
- Consumer representatives
- General practitioners
- Aboriginal Health and Medical Research Council (AH&MRC)*
- Centre for Aboriginal Health (CAH)*
- The Centre for Health Record Linkage (CHeReL)
- Royal Australian College of General Practitioners (RACGP)
- Australian Medical Association (AMA)
The range of organisations involved with Lumos helps to ensure there are appropriate levels of transparency and accountability. Participation occurs across the Lumos Data Governance Committee (DGC), Stakeholder Reference Group (SRG), Aboriginal Community Engagement Working Group* and ad hoc across projects. For further information, please read the Lumos Data Governance Framework .
*Lumos does not currently have ethical approval to include Aboriginal Medical Services and to flag Aboriginality across the dataset. Aboriginal sector-led engagement on this issue is underway to embed Aboriginal data sovereignty and governance in Lumos operations.
Consumer representation
Our program works with PHNs, LHDs and NSW Health pillars and divisions to ensure the voice of consumers are well represented. In addition, Lumos DGC and SRG consumer representatives impart a strong voice to the Lumos program.
Our team also engages with the NSW Health Engagement Leaders Network and NSW Health Consumer, Carer and Community Advisory Council for appropriate consumer and community input.
For more information on Lumos consumer representatives, read Partnering with consumers and our community.
Privacy preserving record linkage (PPRL)
Lumos uses technology developed by Curtin University to protect patient privacy during extraction and during record linkage. Information that could identify individual people is encoded at source (it is de-identified), meaning no personal identifiers leave participating general practices. Therefore, individual people are not identified in the Lumos data asset at any stage of the linkage process.
Information on how can data be linked if it is de-identified can be found under the Lumos FAQ.
The implementation of PPRL methods in Australia is a practical solution for improving data access for policy, planning and population health planning. Additional information on Implementing privacy preserving recording linkage: Insight from Australian use cases is available online.
Use of PPRL aligns with the Australian Medical Association (AMA) Position Statement on Data Governance and Patient Privacy in Healthcare and Royal Australian College of General Practitioners (RACGP) principles for secondary data use, which require patient data to be de-identified before use. AMA and RACGP principles guide our work and our partnerships to deliver insights for better health outcomes.
Secure storage
Lumos data are securely stored in a centralised cloud solution called the Secure Analytics Primary Health Environment (SAPHE). The SAPHE complies with strict NSW eHealth privacy and security requirements to ensure data in the Lumos program are thoroughly protected. All requests to export data from the SAPHE are manually vetted to ensure patients cannot be identified.
Access to the SAPHE is limited to approved users and overseen by the Lumos DGC, which includes representation from PHNs, LHDs, GPs and consumers. The Lumos DGC is guided by the 
Lumos Data Governance Framework.
Independent privacy impact assessment
A privacy impact assessment (PIA) offers a systematic way of measuring the privacy impact posed by legislative, policy and technological initiatives. The Lumos program conducts PIAs across the lifecycle of the program.
Lumos has been subject to two PIAs, in 2020 and 2022, by Salinger Privacy. These independent reports provided detailed assessments of Lumos' privacy and security protections, including data extraction, linkage, storage, governance and communications processes, and compliance to relevant privacy laws.
For more information on the Lumos PIA, see Report findings.
