This document discusses navigating privacy and security considerations for medical researchers dealing with health data. It summarizes that the national medical data facility stores petabyte-scale research data across four nodes from various health organizations. It manages data using several platforms and protects human-derived data at a higher level. Researchers must consider relevant privacy legislation, ethics approval, informed consent requirements, and identifiability of data. Controls are needed to protect health information in research, including following national standards and guidelines regarding legislative frameworks, best practices, IT security, and roles and responsibilities of data custodians and users. An online use guide and wizard is proposed to simply navigate researchers through these complex issues.