1 / 30

Privacy Rules for Clinical Researchers

Privacy Rules for Clinical Researchers. Catherine Tully A/Executive Director Office of the Information and Privacy Commissioner of British Columbia January 2010. Why Privacy Matters The Statutory Framework Privacy Rules for Researchers. Overview.

debbie
Download Presentation

Privacy Rules for Clinical Researchers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Rules for Clinical Researchers Catherine Tully A/Executive Director Office of the Information and Privacy Commissioner of British Columbia January 2010

  2. Why Privacy Matters The Statutory Framework Privacy Rules for Researchers Overview

  3. Privacy is a right with constitutional underpinnings Privacy is essential to the dignity and integrity of individuals Why Privacy Matters

  4. Privacy is essential to maintaining patient trust Opinion polls and clinical research Why Privacy Matters

  5. FIPPA PIPA E-Health Act PODSA Statutory Framework In BC

  6. FIPPA • In effect since October 1993 • Applies to “public bodies” including Ministry of Health & Health Authorities • Rules for collection, use, disclosure, security & retention of personal information • Special rules for disclosure for research purposes

  7. PIPA • In effect since Jan. 1, 2004 • Applies to “organizations” = businesses, non profits including medical labs, doctors in private practice • Consent based rules for collection, use, disclosure of personal information • Special rules for disclosure for research purposes

  8. Most provisions in effect since Nov. 2008, some in effect June 2009 Legislative framework for protection of phi Process for designation of databases as “health information banks” (hib) E-Health ActE-Health (Personal Health Information Access and Protection of Privacy) Act

  9. Once a hib – may only disclose for health related purposes Provides for “disclosure directives” for hibs Provides specific process to facilitate health research E-Health Act

  10. PODSAPharmacy Operations and Drug Scheduling Act • Privacy rules governing PharmaNet data • Lists purposes of PharmaNet including: • scientific, health service delivery or drug use research • health policy research, planning or evaluation related to drug use

  11. PODSAPharmacy Operations and Drug Scheduling Act • Limits who may access records • Disclosures require approval of the PharmaNet Stewardship Committee

  12. Privacy Rules for Researchers • FIPPA – all MOH , Health Authority & other government held databases • PIPA – all privately held databases • E-Health –special rules for PLIS & any other hib & ministry databases • PODSA – special rules for PharmaNet

  13. no disclosure of personal information unless authorized under s. 33 of FIPPA disclosure is discretionary, not mandatory s. 33.2(k) disclosure for research purposes is authorized in Canada only FIPPA & Clinical Research

  14. S. 33.2(k): public bodies may disclose personal information “in accordance with s. 35” S. 35 contains 4 rules for disclosure – all must be satisfied FIPPA & Clinical Research

  15. Rule #1 – may only disclose if the research purpose cannot be reasonably accomplished unless the information is provided in individually identifiable form or the research purpose is approved by the Commissioner s. 35 FIPPA

  16. Rule #2 – the information may only be disclosed on condition that it not be used to contact the person to participate in research unless… s. 35 FIPPA

  17. Rule #2 – applies unless the research is in relation to a health issues, and the Commissioner approves the research purpose, the contact & the manner of contact s. 35 FIPPA

  18. Rule #3 – any record linkage is not harmful to the individuals and the benefits are clearly in the public interest s. 35 FIPPA

  19. Rule #4 – the head of the public body has approved conditions relating to: Security & confidentiality Removal or destruction of individual identifiers at the earliest reasonabletime The prohibition against any subsequent use or disclosure without express authorization of the public body s. 35 FIPPA

  20. Rule #4 continued – and the researcher must sign an agreement to comply with the approved conditions, FIPPA and any privacy policies of the public body s. 35 FIPPA

  21. No disclosure without consent (deemed, implied or actual) unless specifically authorized All disclosures discretionary Disclosure for research purposes permitted without consent (s. 21 of PIPA) PIPA & Clinical Research

  22. 6 rules for research: Research purposed cannot be accomplished Personal information cannot be used to contact persons to participate Linkages are not harmful & clearly in the public interest s. 21 PIPA

  23. The researcher signs an agreement to comply with the following: PIPA The confidentiality policies & procedures of the disclosing organization Security and confidentiality conditions A requirement to destroy the individual identifiers at the earliest opportunity A prohibition against any subsequent use or disclosure without express agreement s. 21 PIPA

  24. It is impractical for the organization to seek the consent of the individual for the disclosure 6. Organizations cannot use a s. 21 agreement to disclose personal information for market research purposes s. 21 PIPA

  25. Researchers must submit requests to the data stewardship committee (hibs & Ministry databases) Preconditions: For hibs, designation order must authorize research For health research must comply with s. 15 For disclosures outside of Canada must have express written consent E-Health Act & Clinical Research

  26. 4 rules for research: Health research purpose cannot reasonably be accomplished unless phi is disclosed PHI is not used to contact persons to participate unless the Commissioner approves the purpose, contact and manner of contact s. 15 E-Health Act

  27. 3. Any record linkage is not harmful and clearly in the public interest. The data stewardship committee has imposed conditions relating to: Security & confidentiality Removal or destruction of individual identifiers Prohibition against subsequent use or disclosure s. 15 E-Health Act

  28. PODSA and Clinical Research • Researchers must submit requests to the PharmaNet stewardship committee • 2 specific research related rules (s. 16): • Cannot use to contact patient or practitioner unless approved by the Commissioner • Cannot be used for market research

  29. Conclusions • Consistent set of research rules across all 4 pieces of legislation • Specific rules regarding contacting potential participants • Significant limitations on linking data, on any further use or disclosure and on market research

  30. Questions?

More Related