SECONDARY USE OF DATA IN HEALTH RESEARCH: ETHICS AND PRIVACY CONSIDERATIONS. Donna Roche & Sandra Veenstra

Similar documents
Control Alt Delete: Control Data, Use Alternatives, and Delete Risks

I. Researcher Information

Report of the Information & Privacy Commissioner/Ontario. Review of the Cardiac Care Network of Ontario (CCN):

A PHIPA Update from the IPC

DUTIES OF A CUSTODIAN

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

pic National Prescription Drug Utilization Information System Database Privacy Impact Assessment

Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital

Report of the Information & Privacy Commissioner/Ontario. Review of Cancer Care Ontario:

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

IVAN FRANKO HOME Пансіон Ім. Івана Франка

Self-Assessment Tools for Informed Consent and Documentation. NLASW Professional Issues Committee May 2017

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector. ANN CAVOUKIAN, Ph.D. COMMISSIONER

(Type inside gray boxes, cells will expand) A. EIGHT POINT CRITERIA for IRB Review

Privacy and Management of Health Information

REVIEWED BY Leadership & Privacy Officer Medical Staff Board of Trust. Signed Administrative Approval On File

Getting Ready for Ontario s Privacy Legislation GUIDE. Privacy Requirements and Policies for Health Practitioners

MASSACHUSETTS DEPARTMENT OF PUBLIC HEALTH POLICY ON THE RETENTION, STORAGE, AND USE OF NEWBORN SCREENING DATA AND RESIDUAL SPECIMENS DECEMBER 2015

Health Information Privacy Policies and Procedures

Compliance with Personal Health Information Protection Act

Technology Standards of Practice

POPULATION DATA BC. Privacy in Health Research. Caitlin Pencarrick Hertzman Population Data BC University of British Columbia CFRI, April 2012

Waiver of Informed Consent when Using Medical Records or Other Secondary Data or Specimens UNC-CH OHRE Guidance Document

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice.

Health Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living

HIPAA Policies and Procedures Manual

PRIVACY AND ANTI-SPAM CODE FOR OUR ORGANIZATION

Overview of Privacy Legislation in Ontario

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

Common Rule Overview (Final Rule)

Accountability Framework and Organizational Requirements

PRIVACY BREACH MANAGEMENT GUIDELINES. Ministry of Justice Access and Privacy Branch

Preliminary Questionnaire

The Duty to Record: Ethical, Legal, and Professional Considerations for Pennsylvania Psychologists

UA New Common Rule Implementation

Reporting and Investigating Privacy Breaches and Complaints Approval: Original Signed by R. Cloutier. Date: September 2017

Clostridium difficile Colonization in Ontario (COLON): Acute Care Hospital Pilot Feasibility Study, Preliminary Findings

Changes to the Common Rule

Overview of the Revised Common Rule

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

UNIVERSITY OF PENNSYLVANIA HEALTH SYSTEM

A Privacy Compliance Checklist: Organizing for Privacy Management

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

TRICARE Management Activity s Human Research Protection Program, Data Sharing Agreement Program, and the TMA Privacy Board

CLINICIAN S GUIDE TO HIPAA PRIVACY

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

Privacy Toolkit for Social Workers and Social Service Workers Guide to the Personal Health Information Protection Act, 2004 (PHIPA)

HANDBOOK FOR THE INDIGENOUS ECONOMIC DEVELOPMENT FUND. January 2018

Recruiting subjects for clinical research outside the academic setting

Institutional Review Board Application for Exempt Status Determination

Version 1.3 March 17, 2009 DATA STEWARDSHIP PRINCIPLES INFORMATION SHARING AGREEMENTS

Title: Investigator Responsibilities. SOP Number: 1501 Effective Date: June 2, 2017

Developing a framework for the secondary use of My Health record data WA Primary Health Alliance Submission

Southwest Acupuncture College /PWFNCFS

Signature (Patient or Legal Guardian): Date:

Use And Disclosure Of Protected Health Information (PHI) For Research

The Revised Common Rule

Eastern Ontario Development Program

Patient Privacy Requirements Beyond HIPAA

Challenging Behaviour Program Manual

CHI Mercy Health. Definitions

Notice of Privacy Practices

Mandatory Reporting and Breach Notification Changes to PHIPA and what you need to know

NOTICE OF PRIVACY PRACTICES

A Principal Investigator s Guide to Responsibilities, Qualifications, Records and Documentation of Human Research University of Kentucky

DATA PROTECTION POLICY (in force since 21 May 2018)

Privacy and EHR Information Flows in Canada

Human Subjects Research Policy Update. Naomi Coll Director of Research Policy and Compliance

YORK REGION DISTRICT SCHOOL BOARD. Policy and Procedure #158.0, Information Access and Privacy Protection

2514 Stenson Dr Cedar Park TX Fax

PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms.

CCSS: HIPAA-Compliant Recruitment. Dennis Deapen, DrPH CCSS Annual Investigators Meeting Memphis, TN October 9-11, 2005

National Health Information Privacy and Security Week. Understanding the HIPAA Privacy and Security Rule

HIPAA & Research Overview for the Privacy Board March 22, UAMS HIPAA Office Vera M. Chenault, JD

Lou Eckart, Ph.D. and Associates Licensed Clinical Psychologists 22 Mill St. Suite 305 Arlington, MA

Notice of Privacy Practices

Proposed amendments to the Marihuana for Medical Purposes Regulations

Session Number G24 Responding to a Data Breach and Its Impact. Karen Johnson Chief Deputy Director California Department of Health Care Services

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY A. 38

Privacy Rule Overview

PRIVACY BREACH GUIDELINES

Ethics for Professionals Counselors

HIPAA Notice of Privacy Practices DFD Russell Medical Center Effective April 14, 2003 Updated April 10, 2013

OREGON HIPAA NOTICE FORM

REQUEST TO ACCESS EXISTING MEDICAL RECORDS, CHARTS OR DATABASES FOR RESEARCH

Massachusetts Department of Public Health. Privacy of Health Data

Call for Applications for the development of pre-commercial clean-energy projects and technologies

Senior Care Pharmacy Wichita

Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders

PATIENT BILL OF RIGHTS & NOTICE OF PRIVACY PRACTICES

Module: Research and HIPAA Privacy Protections ( )

POLICY STATEMENT PRIVACY POLICY

Protecting Patient Privacy It s Everyone s Responsibility

Three Year Business Plan

REVISION EFFECTIVE DATE N/A

Standard Operating Procedures (SOP) Research and Development Office

SUMMARY OF NOTICE OF PRIVACY PRACTICES

Nursing Contribution to End-of-Life Care Decisions and Medical Assistance in Dying in Canada

The Personal Health Information Act (PHIA) Access and Privacy Office

Transcription:

1 SECONDARY USE OF DATA IN HEALTH RESEARCH: ETHICS AND PRIVACY CONSIDERATIONS Donna Roche & Sandra Veenstra

Outline 2 Landscape oversight Privacy best practices Ethics considerations Chicken and egg problem And that s not all! Where to from here?

Secondary Use of Data 3 Secondary use refers to the use of data originally collected for a purpose other than the current purpose. Accessing data that has already been collected for a different purpose to answer a research question (e.g. research using medical charts) Re-analyzing an existing research data set to answer a different research question

Landscape legislation 4 Provincial health-specific privacy legislation (NL PHIA) Establish rules for the collection, use and disclosure of personal health information (PHI) Balances an individuals right to privacy with the practical requirements of the health care system to collect, use and disclose PHI

Landscape - approvals 5 Typically access to data for secondary use research requires two approvals: Research Ethics Board (REB) approval; and Approval from the data custodian (i.e. organizational approval/data access committees). Ethics = ethical acceptability of the study (principles based review) with the aim of protecting research participant s rights Data access committees = permitted under legislation, privacy considerations, operational impact, feasibility

REB and Data Access 6 REB application: Identify data sources Data custodians Variables Identifiable? Data flow Front end access or disclosure? Linking? Code? Who has access? Privacy Organizational safeguards Technical safeguards Physical safeguards

Ethics - consent 7 Privacy legislation permits the disclosure of PHI without consent for research purposes when REB approval is obtained (NL) Most lax standard compared to other provinces TCPS2, Chapter 3: consent Waiver of consent considerations

Consent - principles 8 TCPS2 PHIA Free Informed Ongoing Not obtained through deception and coercion Knowledgeable Of the individual

Consent - elements 9 TCPS2 (informed) PHIA (knowledgeable) Assurance that participants are under no obligation to participate, are free to withdraw, information that is relevant to decision to continue or withdraw consent, including limitations of withdrawal of data Individual may give or hold consent An indication of what info will be collected and for what purposes, who can access the information, anticipated uses, duty to disclose and how confidentiality will be maintained Information on use and disclosure Statement of research purpose, identity of researcher, identity of the funder, the duration and nature of participation, description of research procedures, explanation of the responsibilities of the participant The purpose of the collection

Ethics privacy 10 TCPS2, Chapter 5: privacy and confidentiality Privacy: Minimal data used Limit use of personal identifiers Confidentiality: Limit access to personal identifiers Limit access to analytic data files Release of aggregate results Security: Secure transmission of files Files on secure server (analysis & storage)

Request Process - NLCHI 11 Intake and Assessment Central Intake (Information Request Coordinator) Consultation meeting Gather requirements/determine feasibility Study information: study design, study sample, objectives, groups of interest, outcomes, time period Identify data sources Identify data elements Type of data (de-identified vs. identifiable) Data flow Cost estimate and Agreement Initiated Resource planning (extraction/linkage)

Request Process - NLCHI 12 Application Review Key considerations: Permitted under legislation Type of data (de-identified vs. identifiable) Minimum amount of PHI requested Data accuracy Ethics approval obtained and information in application corresponds to ethics application Consent requirements Data flow, data management, data storage, retention, and disposal, etc.

Request Process - NLCHI 13 Approval Agreement/Letter of Approval Future uses and/or disclosures require additional approval Do not attempt to re-identify information Do not publish cell counts <5 Data must be stored on an organization asset Research team must comply with their organization s policies and procedures Data retention disposal Notify NLCHI of changes with the research study or research team Secure transfer Data Preparation and Data Review Compare prepared dataset against what was approved Cell count/re-identification risk assessment

REB Review vs. Custodian Privacy Review 14 Conceptually parallel processes that require similar content Review elements Data sources Data elements Data flow Identifiability/re-identifiability Data storage and disposal Data retention Limits of use Privacy safeguards Where does one mandate end and the other begin? And are there any gaps? NS research plan, how is this managed?

15 Classic and problem 1. All custodians in NL require REB review and approval prior to consideration of access request. 2. NS Emergency Health Services (EHS) steering committee requires the protocol and REB application be submitted to them PRIOR to sending to the REB. 3. Health Data NS(HDNS) application to the HDNS committee can occur prior to, at the same time, or after applying to the REB. 4. NS Department of Health and Wellness Data Access Committee conducts preliminary review and issues feasibility review letter to support application to REB, once approved by ethics return for final review.

Pros and Cons 16 PROS CONS 1. REB approval first? REB heavy lifting/poor quality submissions Amendments Time consuming No other approvals required 2. Data access review first Better quality applications to REB Institutions that are not well resourced carry the review load Out of order? Time consuming 3. Either/or Flexibility for researchers Inconsistent process Difficult to regulate 4. Preliminary data access review prior to REB approval, then finalize?happy medium for REB and custodian Back and forth for researchers/administrative burden

But that s not all! 17 Several initiatives in 2017 shed light on some other issues we seem to be having with secondary use of data: PHIA review Provincial Secondary Use Working Group OIPC Guidance piece

Common Misconceptions 18 Privacy legislation is a barrier to research. Approvals not required if using de-identified data. If ethics approval is obtained, no other approvals are required.

Challenges 19 Custodians Lack of resources required to process research requests Inconsistent processes between organizations Researchers Find it difficult to identify data custodians Custodians individuals or organizations who have custody or control of PHI to perform their power or duties

Where to from here? 20 Next steps: Listserv? Source document for Maritimes? Risks? Privacy breaches in research context?

Contact 21 Donna Roche, Manager, Health Analytics, NLCHI (donna.roche@nlchi.nl.ca) Sandra Veenstra, Ethics Director, HREA (ethicsdirector@hrea.ca) THANK YOU!

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback