Synthetic Health Data Governance Framework (DRAFT v1.02)
A comprehensive governance framework for safely, legally, and ethically generating and using synthetic health data in Australia.
Overview
The Synthetic Health Data Governance Framework (SHDGF) provides a structured, evidence-based approach to generating and using synthetic health data while protecting privacy, ensuring legal compliance, and maximising public benefit. It enables the safe, lawful, and efficient use of synthetic data for health research, education, and system improvement.
The Framework gives data custodians, health organisations, researchers, and their collaborators a clear, risk-based pathway for creating and applying synthetic health data across current and future use cases. It is designed to strengthen -- not replace -- existing governance controls by focusing exclusively on the synthetic-data lifecycle: creation, use, and ongoing handling.
By sequencing defined assessments and documentation, the Framework ensures that every benefit is unlocked only when privacy, ethical, and legal safeguards are satisfied. All stages must be completed and recorded before access to synthetic health data is approved.
Who Is This For?
Data Requestor / End User
DRI need synthetic health data for research, education, or development.
- Check eligibility for synthetic data use
- Specify data needs and requirements
- Understand data use obligations
- Generate request specification
Data Custodian / Provider
DPI manage and govern synthetic health data generation and sharing.
- Assess use cases and impacts
- Validate source data quality
- Document synthesis approach
- Manage re-identification risks
- Approve safe data sharing
Data Scientist / Ethics Committee
DSI provide technical expertise or ethical oversight.
- Lead technical assessments
- Evaluate re-identification risk results
- Review lawful pathways and controls
- Support ethics review and approval
How It Was Built
The SHDGF was developed through extensive collaboration between the Digital Health CRC (DHCRC), the SynD Community of Practice, and a national network of data custodians, privacy experts, researchers, and community representatives. It builds on recognised models such as the Five Safes, the OAIC De-identification Guidelines, and international best practices in synthetic data governance. Designed to be practical, scalable, and adaptable, the Framework can be applied across diverse health-data contexts while maintaining rigorous privacy and ethical standards.
Main Principles
Privacy and Legal Integrity
Every synthetic-data activity begins with a commitment to privacy. Rigorous re-identification risk assessment, lawful handling, and compliance with Australian privacy, ethics, and data-protection standards ensure individuals’ information remains fully protected at all times.
Public Benefit and Social Value
Synthetic health data is only created and used when it serves a clear public good. The Framework prioritises outcomes that improve health research, innovation, and system performance -- always grounded in community trust and transparency.
Transparency and Accountability
Open processes, clear documentation, and visible governance decisions build confidence among stakeholders. Every stage of data creation, testing, and use is recorded and explainable, ensuring ethical accountability across institutions.
Structured, Risk-Based, and Complementary Governance
The Framework provides a consistent, stepwise process that scales with project risk. It strengthens -- not replaces -- existing organisational governance, embedding privacy safeguards, ethical review, and operational evidence into every step of synthetic-data workflows.
Benefits of Synthetic Health Data
- Enable secondary use of health data without exposing personal information.
- Protect privacy and dignity while still supporting research and better health management.
- Reduce privacy-related harms from misuse, unauthorised access, or data loss.
- Let communities benefit from faster, safer healthcare innovation.
- Build public trust in ethical, responsible health-data use.
- Simplify data request and approval processes via safe synthetic alternatives.
- Minimise legal and privacy risks while staying compliant with governance standards.
- Create representative, bias-reduced datasets for modelling and analysis.
- Provide customisable datasets tuned to purpose and risk tolerance.
- Strengthen stewardship credentials through transparent processes.
- Safely develop and test digital health technologies and AI systems.
- Validate proof-of-concept and pre-deployment work with realistic, non-identifiable data.
- Cut operational and reputational risk during innovation cycles.
- Support training and continuous improvement across clinical and admin settings.
- Enhance organisational capacity for secure, privacy-conscious innovation.
- Access privacy-safe datasets for hypothesis testing and model development.
- Collaborate across institutions without breaching confidentiality obligations.
- Promote reproducibility and transparency in health research.
- Expand education pathways for data science and analytics training.
- Strengthen AI, ML, and analytics innovation pipelines.
- Reduce ethical tension between privacy protection and social value.
- Shift deliberations toward proportionality and research integrity, not just privacy risk.
- Increase consistency and confidence in governance decisions.
- Lower reliance on complex mitigation measures tied to real data.
- Demonstrate responsible innovation and ethical leadership.