Appendices

 

CIHR Best Practices for Protecting Privacy in Health Research (September 2005)

[ HTMLPDF (856 KB) | Help ]

A-1 CIHR Privacy Advisory Committee

Members Privacy commissioners
David Loukidelis
Information and Privacy Commissioner of British Columbia

(Privacy-enhancing Technologies)
Debra Grant
Senior Health Privacy Specialist Information and Privacy Commissioner/Ontario

Research ethics boards (REBs)
Sharon Buehler
Co-Chair, Research Ethics Board, Memorial University

Don Willison
(CIHR-funded research on REBs) Scientist, Centre for Evaluation of Medicines, McMaster University

Health researchers
Charlyn Black (Health Services Research)
Director, BC Centre for Health Services and Policy Research

Colin L. Soskolne (Epidemiology)
Professor, Department of Public Health Sciences,
University of Alberta

Voluntary health organizations
Roy West
Co-Chair, Science and Research Committee,
Health Charities Council of Canada

Patients/consumers
Mary Vachon
Psychotherapist and Consultant in Private Practice
Professor, Depts. of Psychiatry and Public Health Science,
University of Toronto
Clinical Consultant, Wellspring

Phil Upshall
Chair, Canadian Alliance on Mental Illness and Mental Health
President- The Mood Disorders Society of Canada

Policy-makers
Heather McLaren
Director, Legislative Unit
Manitoba Health

Data producers/custodians
Joan Roch
Former Chief Privacy Officer, CIHI
Privacy Consultant

Michael Wolfson
Assistant Chief Statistician
Statistics Canada

Aboriginal interests
Bronwyn Shoush
CIHR Institute Advisory Board Member- Institute of Aboriginal People's Health,
Director, Aboriginal Justice Initiatives Unit,
Alberta Solicitor General

Health service providers
Denis Cournoyer
Associate Physician, McGill University Health Centre;
Associate Professor, Dept. of Medicine and Oncology,
McGill University

Ethics/law
Brent Windwick
Partner, Field LLP
Former Executive Director, Health Law Institute

Bartha Maria Knoppers
Canada Research Chair in Law and Medicine;
Professor, Public Law Research Centre, Faculty of Law,
University of Montreal

Ex officio members

Interagency Advisory Panel on Research Ethics (PRE):
Pierre Deschamps, PRE member
Member of the Canadian Human Rights Tribunal

Social Sciences and Humanities Research Council of Canada (SSHRC)
Christian Sylvain (alternate : Jocelyn Girard)
Director, SSHRC Corporate Policy and Planning

National Council on Ethics in Human Research (NCEHR)
Fern Brunger, NCEHR Member
Assistant Professor, Health Care Ethics, Faculty of Medicine
Memorial University

Health Canada
Ross Hodgins/John Horvath
Privacy Division Information, Analysis & Connectivity Branch,
Health Canada

International advisor
William W Lowrance
International Consultant in Health Policy and Ethics, Geneva, Switzerland

Canadian Institutes of Health Research
Patricia Kosseim - Chair
Former A/Director, Ethics Office
General Counsel, Office of the Privacy Commissioner of Canada

Sheila Chapman
Senior Ethics Policy Advisor

Mylène Deschênes
Former Senior Ethics Policy Advisor

Sylvie Burion
Project Officer

 

Return to top

A-2 Drafting process and consultations in 2004

The Canadian Institutes of Health Research (CIHR) is Canada's main federal funding agency for health research. CIHR's mandate is to invest in research that has the potential to lead to improved health for Canadians, more effective health services and products, and a strengthened Canadian health care system. CIHR-funded health research must also meet the highest standards of scientific excellence and ethics.

Recognizing that one of the key ethical challenges for the health research community is to appropriately protect the privacy of those individuals whose information is used for research purposes, CIHR has initiated and promoted dialogue with the broad health research community on a range of privacy-related matters for many years. In particular, a multi-stakeholder workshop in November 2002 entitled Privacy in Health Research: Sharing Perspectives and Paving the Way Forward resulted in a number of recommendations including that CIHR initiate the development of privacy best practices and promote the harmonization of privacy laws and policies that impact on health research.

Following on these recommendations, CIHR established a Privacy Advisory Committee (PAC) in 2003 to advise CIHR on the development of privacy best practices for health research, and on strategies for consultation, communication and knowledge translation. CIHR, with the advice of PAC, developed Guidelines for protecting privacy and confidentiality in the design, conduct and evaluation of health research- Best Practices, Consultation Draft, April 2004.97 A wide range of stakeholders was consulted on this draft from March through September, 2004. The current version of the Privacy Best Practices was revised to reflect the feedback received.

Response to consultations in 2004

We thank the many organizations and individuals who provided feedback on the 2004 draft Guidelines.98 The consultation period extended from March through September, 2004, with some written comments being received through mid-October. There were three streams for providing feedback: (1) written comments received in response to invitations sent to key stakeholders, and through an on-line feedback questionnaire; (2) three multi-stakeholder workshops on specific themes aimed at addressing potential gaps in coverage; and (3) two small group dialogue sessions with citizens.

We heard that the broad health research community, including review and oversight bodies, were generally supportive of this initiative, while also making a number of suggestions for improvements of the draft Best Practices. We also were reminded that there is a diversity of points of view within and between stakeholder groups on privacy and confidentiality issues. Some respondents commented that the draft privacy best practices were too restrictive and could impede research, and others thought they were not restrictive enough. We heard from discussions with citizens that there appears to be generally strong support for health research, but also concern about potential unauthorized uses of personal information.

In response to feedback received, we have made the following main changes for this 2005 release:

  • A change in the title to: "Best Practices for Protecting Privacy in Health Research". Respondents noted that the previous title was too long, and combined both "guidelines" and "best practices" concepts. Also, it was noted that the document is meant to be recommended practices, which aspire in the future to the status of mandatory policy; thus there was general agreement that the term "best practices" was most appropriate at this stage.
  • A revision of the Executive Summary to better reflect the main text.
  • A clearer explanation of CIHR's mandate - to promote health research that meets the highest standards of excellence and ethics.
  • Addition of accompanying tables on relevant legal requirements, as guideposts for health researchers, research ethics boards and others, but not intended to serve as formal legal advice.
  • Addition of an accompanying table on different research areas, user groups, data collection methods, and activities, to demonstrate the applicability of this document to a wide range of target users.
  • Addition of an index to research methods covered in the Privacy Best Practices, to help researchers navigate the document to find relevant sections.
  • A more explicit acknowledgement of the different fundamental values in play, such as the rights and responsibilities of individuals, and the ethical framework articulated in the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS).
  • A clear recognition that the default position in health research should be the requirement for consent from individual participants.
  • Acknowledgement that the reality of researchers in such fields as health services and population health differs significantly from that of clinical researchers, with reference to CIHR Secondary Use of Personal Information in Health Research: Case Studies document.
  • Strengthened recognition of the privacy concerns of communities and groups.
  • Strengthened coverage of privacy issues for qualitative methods and inductive data collection and analysis.
  • Strengthened coverage of genetic data, and confirmation that the scope of the Privacy Best Practices does not extend to the management and governance of human biological materials.
  • Recognition of the tension between the principles of limiting access and retention of personal data, and the growing importance of making research data (particularly from publicly-funded research) available for broad research use and social benefit, with encouragement for researchers to think about these issues and to be explicit about what they plan to do with the data they collect.

Not surprisingly, given the extent of feedback received, the diversity in points of view, and the need to limit the scope and size of the document, not all requests for changes could be met. For example, these Best Practices do not specifically address privacy issues associated with health surveillance, program quality assurance studies, or private industry-funded research. Nevertheless, these Best Practices could serve as models for best practices developed in these other areas. And in response to requests for more focus on Aboriginal research and qualitative research methods, we provide some additional coverage in this 2005 document. However, we look forward to the more detailed work in these areas being coordinated through the Interagency Advisory Panel on Research Ethics.

As we note throughout this document, these Best Practices will need to continually evolve to reflect new best practices, refinements of existing practices, the findings of research on privacy, and changes in the legal and policy framework for health research in Canada.

 

 

Return to top

A-3 Real world case studies and links to the elements

In 2002, CIHR published Secondary Use of Personal Information in Health Research: Case Studies (November 2002).99 Nineteen case studies were developed to describe real-life examples of actual research involving secondary use of data in Canada. These case studies highlighted the practical challenges that arise when applying various legal and ethical norms in the specific context of population health and health services research. The case studies identified a number of ethical and legal issues that warranted further consideration and discussion.

The summary table of issues from the Case Studies is reprinted below, with an additional column on the far right providing a link to relevant sections of the Best Practices.100

 

Case study # Title of case study Collection / use / linkage of data Issues raised Relevant to Privacy Best Practices Element #:
  1 The computerization of medical practices for the enhancement of therapeutic effectiveness Collection and use of coded data from patient medical records contained in doctors' offices; no direct patient contact involved; implied consent with possibility of opting out. Prior contact by original data custodian. Form of consent required 3, 4, 6 , 7
  2 Seasonal patterns of Winnipeg hospital use Linkage and analyses of coded data contained in provincial databases routinely collected for other purposes (i.e. hospital discharge data and population registry file); no direct contact involved; no consent obtained. Impracticability of obtaining consent. Long-term retention of data for future research purposes. 3, 7, 8, 9
  3 Assessing the accuracy of the Nova Scotia health survey Linkage and analyses of coded data contained in provincial databases routinely collected for other purposes (i.e. hospital discharge data and physician claims database); no direct contact involved; no consent obtained. Impracticability of obtaining consent. 3, 4, 7, 8
  4 National diabetes surveillance system Creation of a national diabetes database of aggregate data by linking and assembling coded data contained in provincial databases routinely collected for other purposes (i.e. hospital files, physician billing records and drug claims data); no direct contact involved; no consent obtained. Impracticability of obtaining consent. Need for harmonization of laws and policies across jurisdictions. Long-term retention of data for future research purposes. 3, 7, 8, 9, 10
  5 Use of RFLP molecular epidemiology to find out how tuberculosis is spread among people infected with HIV Linkage and analyses of TB bacteria grown from individual sputum samples in a public health laboratory, with non-identifying demographic data held by the province's health ministry; no direct contact involved; no consent obtained. What constitutes personal information. Form of consent required. 2, 3, 4, 7, 8
  6 HIV seroprevalence among women undergoing abortion Linkage of non-identifying questionnaires with non-identifying test results of blood samples obtained for therapeutic abortion purposes; direct patient contact; written consent obtained. Form of consent required. Need for harmonization of laws and policies across jurisdictions. 3, 4, 6, 10
  7 New use of anti-arrhythmia drugs in Saskatchewan Linkage and analyses of coded data contained in provincial databases routinely collected for other purposes (i.e. drug claims database, hospital discharge data and physician billing records); no direct contact involved; no consent obtained. Impracticability of obtaining consent. 3, 7, 8
  8 Barriers to accessing health care in Canada: is the System Fair? Linkage and analyses of personal information contained in Statistics Canada's National Population Health Survey, with provincial databases routinely collected for other purposes (i.e. hospital discharge data and physician billing data); direct contact involved; express consent obtained. Validity of informed consent. Need for harmonization of laws and policies across jurisdictions. 5, 7, 8, 10
  9 Needle stick injuries in nursing and laboratory staff Collection and use of non-identifying questionnaires, combined with general statistics at each participating hospital; direct contact involved; express consent obtained. Prior contact by original data custodian. Mandatory reporting and the researchers' duty of confidentiality. 4, 6, 7, 9
10 A randomized controlled trial of call/recall of 'hard-to-reach' women for Pap tests Linkage of personal information from electronic medical records, with provincial cancer and cytology registries for purpose of assembling study population; direct contact involved; no individual consent obtained but physician authorization granted. Prior contact by original data custodian. Impracticability of obtaining consent. Long-term retention of data for consistent research purposes. 6, 7, 8, 9
11 The impact of having elderly and welfare patients in Quebec pay a greater share in the costs of their prescription drugs Linkage and analyses of coded data routinely collected in provincial databases for other purposes (i.e. prescriptions claims data, hospital discharge data, physician billing data and mortality data); no direct contact involved; no consent obtained. Distinction between policy evaluation and research. Impracticability of obtaining consent. 2, 3, 8
12 A randomized drug policy trial with camouflaged contacting of patients Linkage of coded data routinely collected in provincial databases for other purposes (i.e. prescriptions claims data, hospital discharge data, physician billing data and mortality data) for the purpose of assembling a study population; quality of life questionnaires then sent to potentially eligible research subjects through camouflaged contacting method; consent obtained for linking questionnaires with administrative data. Distinction between policy evaluation and research. Prior contact by original data custodian. 5, 6, 8
13 Cancer and other health problems associated with breast implants Linkage and analysis of personal information obtained from hospital records and clinical records, with data obtained from provincial cancer registries and registrars of vital statistics; no direct contact involved; no individual consent obtained, but nation-wide publicity program conducted. Unique legal status of cancer registries. Prior contact by original data custodian. Impracticability of obtaining consent. 2, 3, 4, 7
14 Second cancers following treatment for non-Hodgkin lymphoma Linkage and analysis of personal information obtained from a provincial cancer registry with personal information contained in hospital and radiotherapy center records; no direct contact involved; no individual consent obtained as 75% of the study cohort had died. Unique legal status of cancer registries. Prior contact by original data custodian. Impracticability of obtaining consent. 3, 5, 6
15 Ontario familial colon cancer registry Reviewing tumour pathology report forwarded to a provincial cancer registry, as validated by attending surgeons, in order to first identify and invite eligible patients and families for inclusion in the registry; survey data and tissue samples then collected; direct contact involved; consent obtained. Unique legal status of cancer registries. Prior contact by original data custodian. Implications of assembling genetic information as a particularly sensitive category of personal information. 2, 5, 6, 7
16 Rapid surveillance of cancer in neighbourhoods and near point sources of pollution Linkage and analysis of personal information contained in a provincial cancer registry with a provincial property assessment file and mortality database; no direct contact involved; no consent obtained; community-wide publicity and consultation process are planned. Unique legal status of cancer registries. Impracticability of obtaining consent. Community interests. 2, 3, 7, 8
17 Patient outreach via PharmaNet Automatic flagging of eligible research subjects in the province's drug claims database through the use of a computerized algorithm in order to assemble a study population without any human intervention; direct patient contact involved; consent obtained. Prior contact by original data custodian. 3, 6
18 The registry of the Canadian Stroke Network Creation of a national stroke registry by collecting, linking and assembling patients' survey data, health care utilization data and mortality data; direct patient contact involved; consent obtained. Prior contact by original data custodian. Validity of informed consent. Long-term retention of data for future research purposes. Need for harmonization of laws and policies across jurisdictions. 3, 4, 5, 7, 10
19 Studying the health of health care workers Linkage and analyses of coded health data contained in provincial databases routinely collected for other purposes (i.e. hospital records, physician billing data, and drug claims data); no direct contact involved; no consent obtained. Impracticability of obtaining consent. Long-term retention of data for future research purposes. 3, 7, 8, 9

Return to top

A-4 Diversity of health research and future considerations

To understand the scope of these Best Practices, it is helpful to consider the multi-faceted landscape of CIHR-funded health research in this country.

Health research projects span a spectrum of disciplines and methods.

These Best Practices are intended to address the full spectrum of CIHR-funded research.101 CIHR categorizes health research in four broad themes, as defined in its Grants and Awards Guide:102

  • Bio-medical research
    Research with the goal of understanding normal and abnormal human functioning, at the molecular, cellular, organ system and whole body levels, including development of tools and techniques to be applied for this purpose; developing new therapies or devices that improve health or the quality of life of individuals, up to the point where they are tested on human subjects. Studies on human subjects that do not have a diagnostic or therapeutic orientation.

     

  • Clinical research
    Research with the goal of improving the diagnosis, and treatment (including rehabilitation and palliation), of disease and injury; improving the health and quality of life of individuals as they pass through normal life stages. Research on, or for the treatment of, patients.

     

  • Health services research
    Research with the goal of improving the efficiency and effectiveness of health professionals and the health care system, through changes to practice and policy. Health services research is a multidisciplinary field of scientific investigation that studies how social factors, financing systems, organizational structures and processes, health technologies, and personal behaviours affect access to health care, the quality and cost of health care, and, ultimately, Canadians' health and well-being.

     

  • Social, cultural, environmental and population health
    Research with the goal of improving the health of the Canadian population, or of defined sub-populations, through a better understanding of the ways in which social, cultural, environmental, occupational and economic factors determine health status.

CIHR encourages multi-disciplinary research that cuts across these broad thematic areas.

CIHR-funded health research also spans a range of research methods, including quantitative methods (typically based on large numbers of participants, involving hypothesis generation and testing, and statistical analyses of data) and qualitative methods (typically not involving the testing of hypotheses, but rather more open-ended and inductive analysis and collaborative observation techniques, often with smaller numbers of individuals).103

Health research projects may cross community, provincial, territorial or national boundaries.

Health research may involve particular cultural groups or communities, such as Aboriginal groups or remote communities.

A single health research study may have multiple sites in more than one province or territory. Research teams may be composed of a network of investigators drawn from across the country and across disciplines. CIHR's 13 "virtual" institutes are founded on this model, promoting collaboration among investigators in various jurisdictions, working on similar questions from different perspectives.

And, because health is a global issue, health research can have an international dimension. Researchers collaborate with colleagues in other countries as they have in the multi-year international Human Genome Project and in CIHR's Global Health initiative.

Health research is conducted in various settings, often supported by a mix of public and private funds.

A great deal of research is based at universities where investigators may have both public and private funding sources. Governments and affiliated research or statistical agencies conduct research on such things as emerging public health issues and the effectiveness of the health care system. They increasingly look for private-public partnerships in sponsorship. Statistical and research agencies with a public mandate conduct research within their agencies and frequently also serve as data stewards permitting, under strict controls, access to their data by external researchers such as those with CIHR funding.

Potential data sources for health research are also diverse.

Individuals are one essential source of health-related data. Individuals are recruited, for example, for clinical trials of new treatments and therapies; and for surveys (conducted by telephone, by mail or in person) on personal lifestyles and attitudes and on the health status of the population. Sometimes the interactions of individuals or groups are simply observed and documented.

Existing databases that were not originally created for research purposes are also important sources of data for health research. These databases have the potential to provide data that are difficult to obtain or cannot be obtained directly from individuals, such as physician diagnoses and records of hospital treatment (in health administrative databases), official registration of births, deaths and cause of death (in population registries), and disease trends and geographic "hot spots" in the population over time (in health surveillance databases).

Thus, these Best Practices have a broad scope, encompassing the wide spectrum of CIHR-funded health research intended to contribute generalizable knowledge to protect and improve human health.

For a more detailed description of the diversity of health research methods, the tables in this section provide examples of studies recruiting individuals or communities, and the wide range of important sources of research data.

Table 1: Examples of studies recruiting individuals or communities

Examples of participants Examples of data items collected Examples of research potential Examples of data collection methods
Residents of a rural community
  • Age, sex and other demographic information
  • Length of residence
  • Attitudes toward a new teen drop-in health service
  • Use of new service
  • Health history
  • To identify factors that influence community acceptance and use of teen drop-in health services
  • To assess the impact over time of the new clinic on reducing health problems and teen pregnancies among teens in rural communities
  • Observation of teen activities or review of service records in a number of rural communities, some with new teen health services and some without
  • Interviews with health care providers and patients
  • Interviews or surveys of teens and adults in the community
Individuals with asthma
  • Age, sex and other demographic information
  • History of asthma and other medical conditions
  • Medication history
  • Meaning of illness
  • To assess the impact on health of a new asthma drug
  • To identify barriers to proper use of a drug
  • To identify the impact of asthma on quality of life
  • To explore the meaning of illness in asthma patients
  • Clinical trials (see TCPS, Section 7 for more information about clinical trials)
  • Interviews with asthma patients and parents
  • Survey of asthma patients
  • Focus groups of clinic personnel
Individuals with colon cancer
  • Age, sex and other demographic information
  • Family history
  • Health and treatment history
  • Dietary habits
  • Exposures to cancer risks in the environment
  • Blood sample
  • Meaning of "hereditary" and "risk", in relation to genetic screening
  • To examine interactions of genes and the environment in causing cancer
  • To determine the need for education materials (for physicians and patients) about the risk of inheriting cancer
  • To assess the impact on family members of screening for disease
  • Telephone or mailed surveys
  • In-depth interviews
  • Laboratory analyses of blood samples collected at the time of the interview
  • Long-term follow up by telephone or mail
Tamil refugees in the Greater Toronto area
  • Age, sex and other demographic information
  • Length of residence
  • Refugee status
  • Health history
  • Use of health resources
  • To identify barriers to accessing health care
  • To identify psychosocial and health issues associated with resettlement
  • To assess use of complementary and alternative medicines
  • Participant observation research
  • In-depth interviews
  • Analysis of patient files
  • Analysis of personal letters and journals

Table 2: Examples of databases with research potential, held in diverse settings

Databases Examples of data104 Examples of research potential Examples of data holders
Health administrative databases
  • Health insurance registration
  • Physician diagnoses in billing records for provincial health insurance plans
  • Hospital records
  • To examine interactions between the environment and health
  • To describe trends in disease and wellness over time
  • To evaluate the impact of changes in the health care system
  • Government Ministries of Health
  • Hospitals
  • Statistical agencies
Population registries
  • Records of all births, deaths, cause of death in a geographically defined population (e.g. a province)
  • To assess the burden of disease in a geographic area
  • Linked with health records, to assess prenatal and post-natal care and health outcomes, and long-term outcomes of health conditions (e.g. length of survival and cause of death)
  • Provincial and Territorial registrars
  • Statistical agencies
Disease registries
  • A database that holds permanent, ongoing personal data about a population group affected by a particular disease (e.g. cancer) or condition, for statistical, surveillance and/or research purposes.
  • To identify potential research participants
  • To look at trends in new cases of disease
  • To look for associations of disease and risk factors
  • To assess the effectiveness of treatment
  • Linked with death records, to assess survival and ultimate cause of death
  • Government agencies
  • Disease agencies
  • Hospitals
  • Statistical agencies
Clinical research databases
  • Detailed data on medical history, psychosocial factors, patient status, care and associated health outcomes
  • To identify potential research participants
  • To evaluate the efficacy of treatment
  • To look at continuity of care
  • Physicians
  • Disease clinics and institutes (e.g. diabetes, heart disease)
  • Industry sponsors
Human genetic material banks
  • Primary materials (blood, bone and cultured tissue)
  • Secondary materials (copies of primary samples such as cellular protein)
  • Tertiary materials (electronically stored information such as DNA sequences)
  • Linked clinical information
  • To develop diagnostic methods
  • To assess the genetic basis of variability in drug efficacy and safety (pharmacogenetics)
  • To discover the genetic and biochemical causes of disease (often linked to hospital data and/or genealogy information)
  • Government public health and research laboratories
  • Private companies
  • Universities
  • Hospitals
  • Clinical genetics clinics
Health surveillance databases
  • Public health data on chronic and communicable disease
  • Reports of adverse health effects from marketed products
  • To search for causes of disease outbreaks or increasing numbers of new cases
  • To document the burden of disease in populations
  • To describe long-term trends in health status at the community or population level.
  • Government Ministries of Health
  • World Health Organization
  • Statistical agencies
Survey databases
  • Demographic information, workplace conditions, health services availability
  • Self-reported personal behaviours, health status, medical conditions, lifestyle, attitudes, values, and experiences
  • To describe and assess the broad determinants of health (individual, biological, social, cultural, and environmental) and their impact on populations and individuals
  • To describe and assess psychosocial factors in illness and disease and their individual, biological, social, cultural and environmental determinants
  • Government departments
  • Statistical agencies
  • Researchers
  • Universities
  • Research centres

Future considerations: The changing landscape of health research

The research landscape is an evolving one, as our knowledge and technological capacities continue to advance. In particular, the impact of new developments on research is still to be determined in areas such as:

  • the projected implementation of electronic health records across Canada over the next decade;
  • discoveries in genomics and research on genetic-environmental interactions;
  • emerging standards for Aboriginal research;105
  • increasing use of health-related databases, such as hospital and vital statistics records, for multiple purposes including patient care and management, program management, public health functions and services (e.g. cancer screening, vaccinations, chronic disease risk factor surveillance, obesity interventions) and research; and
  • government-led initiatives toward a harmonized legal framework for protecting the privacy and confidentiality of health information across all jurisdictions in Canada.

 

Return to top

A-5 Selected documents and web links

Selected international and national guidelines

For other key guidance documents see the Interagency Advisory Panel for Research Ethics web site.

Privacy legislation

Disclosure controls

Related documents

 

 

Return to top

A-6 Glossary

The following terms are defined here as used in this document. Readers should be aware, however, that these terms are not yet standardized and may be used somewhat differently in other contexts.

Aggregate data. The data have been averaged or grouped into ranges (e.g. 5 or 10-year age groupings).

Camouflaged contacting. This is an approach to sampling and contacting patients with particular medical conditions in such a way that the individual making the contacting is not aware of the health status of that individual at the time of contacting. Records of individuals with and without the condition of interest are sampled in some pre-determined proportion from the original source (e.g. administrative or clinical records). Contact information about the combined-sample group is then released without any information about the health status of the individual being disclosed to the person making contact (by telephone or mail). The health status of the individual remains concealed until such time as the individual agrees to participate in the research and to disclose whether or not he or she has the condition of interest.

Coded data. Single code: A participant's data are assigned a random code. Direct identifiers are removed from the dataset and held separately. The key linking the code back to direct identifiers is available only to a limited number (e.g. senior members) of the research team. Double or multiple codes. Two or more codes are assigned to the same participant's data held in different datasets (e.g. health administrative data, clinical data, genetic samples and data). The key connecting the codes back to participants' direct identifiers is held by a third party (such as the data holder) and is not available to the researchers. Coded data refers to data that are at least single coded. (See Element #2, Section 2.2.2, Box-Definition of terms).

Consent. Agreement to participate in research (which may include the collection, use or disclosure of personal data) by a legally competent person, or by authorized third parties on behalf of those who lack legal competence. Consent, to be valid, must be voluntary and informed. For consent to be voluntary, the consent must be given without the exertion of undue influence on the person, and with the option of withdrawing from the research at any time without penalty. For consent to be informed, the person must be given information about the research, and must understand this information. (See TCPS, Section 3)

Confidentiality. Confidentiality is the obligation of an organization or custodian to protect the information entrusted to it and not misuse or wrongfully disclose it. (From The Pan-Canadian Health Information Privacy and Confidentiality Framework, January 27, 2005. Accessible on the Health Canada- Health and the Information Highway Division- eHealth Resource Centre web page, under Reports 2005).

Data. Facts or figures from which conclusions can be drawn. Data can take various forms, but are often numerical, such as daily weight measurements of each person in a group (ref. Statistics: Power from data! - Statistics Canada On-line. See also definitions for Information.

Data custodian. See Data holder.

Data holder. The Data holder may have custodianship and/or stewardship functions. These functions may be executed within the same institution/body or may be delegated to distinct but coordinated institutions/bodies. Data custodianship relates primarily to responsibility for data storage and integrity. Data stewardship relates primarily to responsibility for data definition and access authorization, particularly data access and disclosure to third parties.

Data steward. See Data holder.

Data subject. The individual who is the subject of personal data/information collected for research purposes. Distinguished from Research Participant.

Direct collection. Collection of data directly from individuals.

Direct identifiers. These are variables such as name and address, health insurance number, etc., that provide an explicit link to a respondent. (Statistics Canada)

Indirect identifiers. These are variables such as date of birth, sex, marital status, area of residence, occupation, type of business, etc. that, in combination, could be used to identify an individual. (Adapted from Statistics Canada)

Impracticable. For the purposes of this document, "impracticable" means a degree of difficulty in doing something under present conditions, where the degree of difficulty is greater than would arise if something is merely inconvenient to do but may be less than if something is impossible. The conditions for assessing "impracticability" of consent are described in Element #3.

Information. Data that have been recorded, classified, organized, related, or interpreted within a framework so that meaning emerges. Information, like data, can take various forms. An example of the type of information that can be derived from data is the number of persons in a group in each weight category or changes in weight over time.(ref. Statistics: Power from data! - Statistics Canada On-line. See also definitions for Data and Statistics.

Member-checking. This is when a researcher provides participants with the opportunity to look at transcripts of what they have said or done, and to delete or footnote what they consider to be inaccurate or sensitive information.

Non-identifiable data. Any element or combination of elements that allows direct or indirect identification of an individual was never collected or has been removed, although some elements may indirectly identify a group or region. There is no code linking the data back to the individual's identity. (See Element #2, Section 2.2.2, Box- Definition of terms)

Personal data/information. Personal data or information may contain a direct link to a specific individual (e.g. name and street address, personal health number, etc.) or any element or a combination of elements that allows indirect identification of an individual (e.g. if birth date combined with postal code and other personal information on the record such as ethnicity could lead to the identification of an individual). The scope of personal information covered in these Privacy Best Practices includes personal information derived from blood and other human biological materials (e.g. information such as blood type, DNA code and the presence or absence of disease), but not the materials themselves.

Privacy. Privacy includes a right to be free from intrusion and interruption. It is linked with other fundamental rights such as freedom and personal autonomy. In relation to information, privacy involves the right of individuals to determine when, how and to what extent they share information about themselves with others. (From The Pan-Canadian Health Information Privacy and Confidentiality Framework, January 27, 2005. Accessible on the Health Canada- Health and the Information Highway Division- eHealth Resource Centre web page, under Reports 2005).

Research. Research is defined in the TCPS as "a systematic investigation designed to develop or establish principles, facts or generalizable knowledge" (TCPS, pg. 1.1). The range of research requiring ethics review in the TCPS is listed in Appendix 1 (TCPS, pg. A.1).

Research participant. The individual who consents to participation in research and who is the subject of personal data or information collected for research. See Data Subject.

Secondary use of data for research. The data may have been collected originally for (i) a non-research purpose (e.g. for health care administrative purposes or for health care insurance billing purposes), or (ii) a different research purpose (e.g. for a study on a different but related disease).

Sensitivity. The sensitivity of personal data is related to the potential for harm or stigma that might attach to the identification of an individual because of the nature of the information. The type of information that an individual may consider sensitive could relate to: sexual attitudes, practices and orientation; use of alcohol, drugs, or other addictive substances; illegal activities; suicide; sexual abuse; sexual harassment; an individual's psychological well-being or mental health; some types of genetic information (e.g. information that predicts future illness or disability and raises concerns around future employability or insurability); and any other information that, if released, might lead to social stigmatization or discrimination. Researchers should also be aware of information that communities may consider sensitive because, for example, of its potential to stigmatize a community.

 

 

Return to top

A-7 Tables of concordance with privacy legislation

Explanatory note106

  • The Tables of Concordance supplement key provisions of the Privacy Best Practices with cross-references to related requirements under Canadian privacy legislation. The Tables also briefly summarize requirements under Canadian privacy legislation which are supplemental to the Privacy Best Practices. A full text of the provisions referred to in the Tables of Concordance can be found in the CIHR's "Compendium of Canadian Legislation Respecting the Protection of Personal Information in Health Research".107
  • The Tables are for reference purposes only and are intended to be read in conjunction with the Privacy Best Practices. References to specific Tables are found throughout the Privacy Best Practices.
  • The requirements under privacy legislation will vary depending on the factual circumstances. As such, the Tables should not be relied upon as legal advice. Readers should consult the relevant privacy statute(s) and, depending on the circumstances, other applicable legal requirements as well as professional codes of ethics.
  • The Tables only refer to Canadian federal, provincial and territorial privacy legislation. Municipal and local public sector privacy statutes have also been included.
  • The legislation included in the Tables is current through to June 2005.

Application of canadian privacy legislation

Jurisdiction Legislation Entities covered by Legislation
Federal Personal Information Protection and Electronic Documents Act
  • Organizations that collect, use and disclose personal information in the course of a commercial activity (e.g., health care providers in private practice, pharmacies, pharmaceutical companies, etc.)108 which takes place within a province unless the province has enacted legislation deemed by the Governor in Council to be substantially similar to the Act.109
  • Federal works, undertakings and businesses that collect, use or disclose personal information, including personal information about employees in any province or territory.
  • All personal information collected, used or disclosed in cross-border commercial transactions.
  • Does not apply to government institutions subject to the Privacy Act.
Privacy Act
  • Federal government institutions (any department or ministry of state of the Government of Canada listed in the schedule to the Act or any body or office listed in the schedule to the Act).
British Columbia Personal Information Protection Act
  • All organizations (e.g., health care providers in private practice, pharmacies, pharmaceutical companies, not-for-profit organizations).
  • Does not apply to personal information if Freedom of Information and Protection of Privacy Act applies.
Freedom of Information and Protection of Privacy Act
  • Public bodies (e.g., governmental bodies, health authorities, hospitals, mental health facilities and universities).
Alberta Health Information Act
  • Applies to custodians with respect to health information (e.g., health professionals, health care facilities, regional health authorities, provincial health boards).
  • Legislation also impacts ethics committees and researchers.
Personal Information Protection Act
  • All organizations, including not-for-profit, corporations, professional regulatory associations.
  • Does not apply to health information (as defined in the Health Information Act) where the information is collected, used or disclosed by an organization for health care purposes including health research and management of the health care system.
Freedom of Information and Protection of Privacy Act
  • Public bodies (e.g., government departments, educational bodies, health care bodies and designated agencies, boards and commissions).
  • Does not apply to health information in records of a public body that is a custodian as defined in the Health Information Act.
Municipal Government Act
  • Municipalities.
Saskatchewan The Health Information Protection Act
  • Trustees with respect to personal health information (e.g., government institutions, regional health authorities, health professionals, health care organizations, professional regulatory bodies).
  • Legislation also impacts researchers.
Freedom of Information and Protection of Privacy Act
  • Government institutions (e.g., government departments, Crown Corporations, designated provincial boards, bodies and agencies).
  • Does not apply to information that constitutes personal health information as defined in The Health Information Protection Act.
The Local Authority Freedom of Information and Protection of Privacy Act
  • Local authorities (e.g., municipalities, universities, regional health authorities, special care homes, designated boards, commissions and bodies).
  • Does not apply to information that constitutes personal health information as defined in The Health Information Protection Act.
Manitoba The Personal Health Information Act
  • Trustees with respect to personal health information (e.g., health professionals, health care facilities, public bodies (including government departments and universities), health services agencies).
  • Legislation also impacts health information privacy committees, the institutional research review committees and researchers.
The Freedom of Information and Protection of Privacy Act
  • Public bodies (e.g. universities, certain hospitals, regional health authorities, municipalities, government departments and agencies).
  • Does not apply to personal health information to which The Personal Health Information Act applies.
Ontario Personal Health Information Protection Act
  • Health information custodians, and agents of health information custodians, with respect to personal health information (e.g., Ontario Ministry of Health and Long-Term Care, public health units, hospitals, health care practitioners who provide health care, long-term care facilities, pharmacies, medical laboratories, ambulances, community health and mental health programs whose primary purpose is health care, Canadian Blood Services).
  • Legislation also provides rules for research ethics boards, health data institutes, prescribed registries, persons who provide goods and services that enable a custodian to use electronic means to collect, use, modify, disclose, retain or dispose of personal health information, recipients of health information (e.g. researchers, employers and insurers).
  • The legislation also applies to all persons with respect to the collection, use and disclosure of the health number.
Freedom of Information and Protection of Privacy Act
  • Institutions (e.g., ministries, agencies, boards and most commissions of the government of Ontario, community colleges).
  • Where a health information custodian is also an institution under the Freedom of Information and Protection of Privacy Act ("FIPPA") or a part of an institution under FIPPA, FIPPA continues to apply to such a health information custodian only in some circumstances.
  • Where a FIPPA institution is not a health information custodian, only FIPPA applies, even where information at issue is health information.
Municipal Freedom of Information and Protection of Privacy Act
  • Institutions (e.g. municipalities, boards of health, designated agencies, boards, commissions, corporations or other bodies)
Quebec An act respecting access to documents held by public bodies and the protection of personal information
  • Public bodies (e.g., universities, cegeps, health care facilities, government departments and agencies).
An act respecting the protection of personal information in the private sector
  • Persons carrying on an enterprise (e.g., health care providers in private practice, pharmacies and private research companies).
Prince Edward Island Freedom of Information and Protection of Privacy Act
  • Public bodies (e.g., government departments, agencies, boards, designated education and health bodies).
Nova Scotia Freedom of Information and Protection of Privacy Act
  • Public bodies (e.g., universities, hospitals, government departments and agencies).
Municipal Government Act
  • Municipalities.
New Brunswick Protection of Personal Information Act
  • Public bodies (e.g., government departments, school boards, regional health authorities).
Newfoundland and Labrador Access to Information and Protection of Privacy Act110
  • Public bodies (e.g., universities, health boards, municipalities, government departments).
Yukon Access to Information and Protection of Privacy Act
  • Public bodies (e.g., government departments, agencies, boards, commissions and corporations).
Northwest Territories Access to Information and Protection of Privacy Act
  • Public bodies (e.g., government departments, agencies, boards).
Nunavut Access to Information and Protection of Privacy Act
  • Public bodies (e.g., government departments, agencies, boards).

 

Return to top

ELEMENT #1 - DETERMINING THE RESEARCH OBJECTIVES AND JUSTIFYING THE DATA NEEDED TO FULFILL THESE OBJECTIVES

Element #1 provides that researchers should, at the outset of the research design process, identify and document research objectives as a basis for determining what data will be needed for the research. The precise identification and documentation of the purposes for collection, use and disclosure of personal (health) information is critical for the purpose of complying with various requirements under privacy legislation, including requirements relating to the principles of limiting collection of personal information, obtaining consent for collection, use and disclosure of personal (health) information, and accountability and transparency. Statutory references to each of these requirements under Canadian privacy legislation can be found in the following concordance tables in this section:

  • Element #2 - Limiting the Collection of Personal Data
  • Element #4 - Managing and Documenting Consent
  • Element #5 - Informing Prospective Research Participants about the Research
  • Element #10 - Ensuring Accountability and Transparency in the Management of Personal Data

Return to top

ELEMENT #2 - LIMITING THE COLLECTION OF PERSONAL DATA111,112ELEMENT #2 - LIMITING THE COLLECTION OF PERSONAL DATA
Jurisdiction Legislation Privacy Legislation Concordance
Federal Personal Information Protection and Electronic Documents Act Schedule 1, 4.4 (Limiting Collection)
Privacy Act

Section 4 (Collection of personal information)

Section 5 (Personal information to be collected directly from individual)

British Columbia Personal Information Protection Act

Section 11 (Limitations on collection of personal information)

Section 12 (Collection from source other than the individual)

Freedom of Information and Protection of Privacy Act

Section 26 (Purposes for which information may be collected)

Section 27(1) (How personal information is to be collected)

Alberta Health Information Act

Sections 18 to 21 (Collection of health information)

Section 22 (Duty to collect health information from individual directly)

Section 24 (Collection of health information by affiliate)

Section 57 (Duty to collect, use or disclose health information with highest degree of anonymity possible)

Section 58 (Duty to collect, use or disclose health information in a limited manner)

Section 68(a) (Health information to be used in data matching to be collected in accordance with the Act)

Health Information Regulation Section 5(2) (Persons authorized to collect personal health number)
Personal Information Protection Act

Section 7(1)(b) (Direct collection)

Section 11 (Limitations on collection)

Freedom of Information and Protection of Privacy Act

Section 33 (Purposes for which information may be collected)

Section 34(1) (Direct collection)

Municipal Government Act __
Saskatchewan The Health Information Protection Act

Section 11 (Collection of health numbers)

Section 23 (Collection on a need to know basis)

Section 24 (Restrictions on collection)

Section 25(1) (Direct collection)

The Freedom of Information and Protection of Privacy Act

Section 25 (Purpose of information)

Section 26 (Manner of collection)

The Local Authority Freedom of Information and Protection of Privacy Act __
Manitoba The Personal Health Information Act

Section 13(1) (Restrictions on collection)

Section 13(2) (Limit on amount of information collected)

Section 14 (Source of information)

Section 26 (Collection of health numbers)

The Freedom of Information and Protection of Privacy Act

Section 36 (1) (Purpose of collection)

Section 36(2) (Limit on amount of information collected)

Section 37(1) (Manner of collection)

Ontario Personal Health Information Protection Act

Section 30 (Extent of information)

Section 34 (2) (Limits on collecting health numbers)

Section 36(1) (Indirect collection)

Freedom of Information and Protection of Privacy Act

Section 38(2) (Collection of personal information)

Section 39(1) (Direct collection)

Municipal Freedom of Information and Protection of Privacy Act __
Quebec An act respecting the protection of personal information in the private sector

Section 5 (Necessary information)

Section 6 (Collection from the person concerned)

An act respecting access to documents held by public bodies and the protection of personal information Section 64 (Unnecessary information)
Prince Edward Island Freedom of Information and Protection of Privacy Act

Section 31 (Purpose of Collection of Information)

Section 32 (Direct collection)

Nova Scotia Freedom of Information and Protection of Privacy Act Section 24(1) (Treatment of Personal Information)
Municipal Government Act __
New Brunswick Protection of Personal Information Act

Schedule A, Principle 4 (Limiting Collection)

Schedule B, Principle 4 (Individuals from whom personal information may be collected)

Newfoundland and Labrador Access to Information and Protection of Privacy Act113

Section 32 (Purpose for which personal information may be collected)

Section 33 (How personal information is to be collected)

Yukon Access to Information and Protection of Privacy Act

Section 29 (Purpose for which personal information may be collected)

Section 30 ( How personal information is to be collected)

Northwest Territories Access to Information and Protection of Privacy Act

Section 40 (Purpose of collection of information)

Section 41 (Collection of information from individual concerned)

Nunavut Access to Information and Protection of Privacy Act

Section 40 (Purpose of collection of information)

Section 41 (Collection of information from individual concerned)

Return to top

ELEMENT #3 - DETERMINING IF CONSENT FROM INDIVIDUALS IS REQUIRED
Conditions For Use And Disclosure For Research Purposes Without Consent114
Jurisdiction Legislation Privacy Legislation Concordance
Federal Personal Information Protection and Electronic Documents Act115

Sections 7(2)(c): Conditions for use by an organization for statistical, or scholarly study or research purposes:

  • purpose cannot be achieved without using the information;
  • information is used in a manner that ensures confidentiality;
  • impracticable to obtain consent; and
  • organization informs the Commissioner of the use before information is used.

Section 7(3)(f): Conditions for disclosure by an organization for statistical, or scholarly study or research purposes:

  • purpose cannot be achieved without disclosing the information;
  • impracticable to obtain consent; and
  • organization informs the Commissioner of the disclosure before information is disclosed.
Privacy Act

Section 8(2)(j): Conditions for use and disclosure by a government institution for research or statistical purposes:

Head of the government institution:

  • is satisfied that the purpose for disclosure cannot reasonably be accomplished unless the information is provided in identifiable form; and
  • obtains from the person or body a written undertaking that no subsequent disclosure of the information will be made in identifiable form.
British Columbia Personal Information Protection Act

Section 21: Conditions for disclosure by organizations:

  • Research purpose cannot be accomplished unless the personal information is provided in an identifiable form;
  • information will not be used to contact persons to ask them to participate in the research;
  • linkage of the personal information to other information is not harmful to the individuals and the benefits to be derived from the linkage are clearly in the public interest;
  • the organization to which the personal information is to be disclosed has signed a data sharing agreement; and
  • it is impracticable for the organization to seek the consent of the individual.
Freedom of Information and Protection of Privacy Act

Section 35: Conditions for disclosure by public bodies:

  • Research purpose cannot reasonably be accomplished unless information is provided in identifiable form or research purpose is approved by Commissioner;
  • information is disclosed on condition that it not be used to contact a person to participate in the research;
  • any record linkage is not harmful to the individuals and the benefits to be derived from the record linkage are clearly in the public interest;
  • head of the public body concerned has approved conditions relating to (i) security and confidentiality; (ii) removal or destruction of individual identifiers at the earliest reasonable time; (iii) prohibition of any subsequent use or disclosure of the information in individually identifiable form without express authorization of the public body; and
  • recipient has signed an agreement to comply with the approved conditions, the Act and any of the public body's policies and procedures relating to the confidentiality of personal information.
Alberta Health Information Act

Sections 27(1)(d) and 35(1)(a): Conditions for use and disclosure by a custodian:

  • Custodian submits a proposal to an ethics committee;
  • ethics committee is satisfied with respect to importance of research, qualifications of researcher, safeguards and that it is not reasonable or practical to obtain consent; and
  • custodian has complied with/agreed to conditions suggested by the ethics committee.

See also section 49 (Research proposal), section 50 (Role of ethics committee), section 51 (Bar to research), section 52 (Application for disclosure of health information), section 53 (Conditions and consents), section 54 (Agreement between custodian and researcher) and section 55 (Consent of the individual is required if additional information is needed).

Personal Information Protection Act Regulation

Section 12(2): Conditions for disclosure by an archival institution:

  • Disclosure is necessary for the research purpose;
  • disclosure is not harmful to the individual concerned;
  • research purpose is not contrary to the purposes and intent of the Act; and
  • either (i)a reasonable person, taking into consideration all relevant circumstances, would find that disclosure of the personal information was appropriate at the time, or (ii) the information is disclosed under a research agreement.

Section 14(3): Conditions for disclosure by an organization that is not an archival institution:

  • Research agreement required;
  • recipient agrees to comply with the same requirements as those established in respect of archival institutions;
  • research has been approved by a research ethics review committee; and
  • researcher has agreed to any additional conditions imposed by the ethics review committee.
Freedom of Information and Protection of Privacy Act

Section 42: Conditions for disclosure by public bodies:

  • Research purpose cannot reasonably be accomplished unless that information is provided in identifiable form or research purpose has been approved by Commissioner,
  • record linkage is not harmful to individuals and benefits to be derived from record linkage are clearly in public interest,
  • head of public body has approved conditions relating to (i) security and confidentiality, (ii) removal or destruction of identifiers at the earliest reasonable time, and (iii) prohibition of subsequent use or disclosure without express authorization of that public body, and
  • recipient signed an agreement to comply with approved conditions, Act and public body's policies and procedures relating to confidentiality of personal information.
Municipal Government Act __
Saskatchewan The Health Information Protection Act

Section 29(2): Conditions for disclosure by a trustee or designated archive:

  • Only where not reasonably practicable for consent to be obtained and if:
    1. research purposes cannot reasonably be accomplished using de-identified personal health information or other information;
    2. reasonable steps are taken to protect privacy of individual by removing all personal health information that is not required for the purposes of the research;
    3. in the opinion of research ethics committee, the potential benefits of the research project clearly outweigh the potential risk to the privacy of the individual; and
    4. (i) in the opinion of the trustee or designated archive, the research project is not contrary to public interest; (ii) research project is approved by a research ethics committee approved by minister; and (iii) recipient enters into an agreement with trustee or designated archive.
The Freedom of Information and Protection of Privacy Act

Section 29(2)(k): Conditions for disclosure by public body:

  • Head of public body must be satisfied that purpose for disclosure is not contrary to public interest and cannot reasonably be accomplished unless information is provided in identifiable form; and
  • agreement must be signed by recipient not to make a subsequent disclosure of the information in identifiable form.
The Local Authority Freedom of Information and Protection of Privacy Act

Section 28(2)(k): Conditions for disclosure by local body:

  • Head of local body must be satisfied that purpose for disclosure is not contrary to public interest and purpose cannot reasonably be accomplished unless information is provided in identifiable form; and
  • recipient provides written agreement not to make subsequent disclosure of the information in identifiable form.
Manitoba The Personal Health Information Act

Section 24: Conditions for disclosure by trustees:

  • Research project must be approved by:
    1. health information privacy committee if personal health information is maintained by government or a government agency; and
    2. institutional research review committee, if personal health information is maintained by a trustee other than the government or a government agency.
  • Approval may be given only if applicable committee has determined that:
    1. research is of sufficient importance to outweigh the intrusion into privacy;
    2. research purpose cannot reasonably be accomplished unless personal health information is provided in identifiable form;
    3. unreasonable or impractical for researcher to obtain consent; and
    4. research project contains (i) reasonable safeguards to protect confidentiality and security of the personal health information, and (ii)procedures to destroy the information or remove all identifying information at earliest opportunity consistent with the purposes of the project.
  • Agreement required between trustee and recipient.
  • Consent required for direct contact with individuals except where information consists only of individuals' names and addresses.
The Freedom of Information and Protection of Privacy Act

Section 47(4): Conditions for disclosure by public body:

  • Advice requested from review committee has been received and considered;
  • head is satisfied that (i) the information is requested for bona fide research purpose, (ii) research cannot reasonably be accomplished unless information is provided in identifiable form, (iii) unreasonable or impractical for recipient to obtain consent, and (iv) disclosure of information, and any information linkage, is not likely to harm individuals and benefits to be derived from research and any information linkage are clearly in the public interest;
  • head of public body has approved conditions relating to (i)protection of personal information, including use, security and confidentiality, (ii) removal or destruction of identifiers at earliest reasonable time, and (iii) prohibition of subsequent use or disclosure of personal information in identifiable form without written authorization of the public body; and
  • recipient has entered into a written agreement to comply with approved conditions.
Ontario Personal Health Information Protection Act

Section 44(1): Conditions for use by health information custodians and disclosure by health information custodians to researchers:

  • Researcher must submit to custodian (i) an application in writing, (ii) a research plan, and (iii) a copy of the decision of a research ethics board that approves research plan; and
  • researcher must enter into an agreement with custodian agreeing to comply with conditions and restrictions that custodian may impose relating to use, disclosure, return or disposal of information.

See also sections 34(2) and (3) (Use and disclosure of health numbers) 37(1)(j) and (3) (Permitted use for research), section 44(2) (Elements of Research plan), section 44(3) and (4) (Consideration and decision of board), section 44(5) (Content of research agreement), section 44(6) (Compliance by researcher), sections 44(10) and (11) (Research approved outside Ontario) and section 50(1)(b) (Disclosure outside Ontario).

See also section 39(1)(c) (Disclosure to prescribed person who compiles or maintains a registry of personal health information for purposes of facilitating or improving the provision of health care or that relates to the storage or donation of body parts or bodily substances), section 45 (Disclosure to prescribed entities for planning and management of health systems) and section 47 (Disclosure for analysis of health system).

Personal Health Information Protection Act, General Regulation

Section 12 (Disclosure of health number):

  • Researchers with custody or control of health numbers, by reason of a use or disclosure authorized under the Act for research purposes, may disclose the health number to a registry prescribed under the Act, an entity prescribed for the purposes of planning and management of health systems or another researcher if,
    • the disclosure is part of a research plan approved under the Act, or
    • the disclosure is necessary for the purpose of verifying or validating the information or the research.

Section 15 (Requirement for research ethics board)

Section 16 (Requirement for a research plan)

Section 17 (Disclosure by researcher)

Section 18(3) and (4) (Rules applicable to section 45 prescribed entities for use and disclosure of personal health information for research purposes)116

Section 13(4) and (5) (Rules applicable to registries of personal health information for use and disclosure of personal health information for research purposes)117

Freedom of Information and Protection of Privacy Act

Section 21(1)(e): Conditions for disclosure by public body:

  • Disclosure is consistent with conditions or reasonable expectations of disclosure under which the personal information was provided, collected or obtained;
  • research cannot be reasonably accomplished unless information is provided in identifiable form; and
  • recipient has agreed to comply with the conditions relating to security and confidentiality prescribed by the regulations.118
Municipal Freedom of Information and Protection of Privacy Act __
Municipal Freedom of Information and Protection of Privacy Act, General Regulation

Section 10(1): Terms and conditions a person must agree to before a head may disclose personal information to that person for a research purpose:

  • Person shall use the information only for a research purpose set out in the agreement or for which the person has written authorization from the institution;
  • the person shall name in the agreement any other persons who will be given access to personal information in a form in which the individual to whom it relates can be identified;
  • before disclosing personal information to other persons, the person shall enter into an agreement with those persons to ensure that they will not disclose it to any other person;
  • the person shall keep the information in a physically secure location to which access is given only to the person and to the persons given access;
  • the person shall destroy all individual identifiers in the information by the date specified in the agreement; the person shall not contact any individual to whom personal information relates directly or indirectly without the prior written authority of the institution;
  • the person shall ensure that no personal information will be used or disclosed in a form in which the individual to whom it relates can be identified without the written authority of the institution; and
  • the person shall notify the institution in writing immediately if the person becomes aware that any of the conditions set out in this section have been breached.
Quebec An act respecting the protection of personal information in the private sector

Section 21: Conditions for disclosure:

  • Written request must be made to the commission.
  • Commission must be satisfied that (i) intended use is not frivolous and the ends contemplated cannot be achieved unless the information is communicated in identifiable form and (ii) information will be used in manner that ensures its confidentiality.
  • Authorization is granted for such period and on such conditions as may be fixed by the Commission. It may be revoked before the expiry of the period granted if Commission has reason to believe that the authorized person or body does not respect the confidentiality of the information disclosed or the other conditions.
An act respecting access to documents held by public bodies and the protection of personal information

Section 125: Conditions for disclosure:

  • Same conditions as above.
Prince Edward Island Freedom of Information and Protection of Privacy Act

Section 39: Conditions for disclosure by public body:

  • Research purpose cannot reasonably be accomplished unless information is provided in identifiable form or research purpose has been approved by Commissioner;
  • any record linkage is not harmful to individuals and benefits to be derived from record linkage are clearly in public interest;
  • head of a public body has approved conditions relating to (i) security and confidentiality, (ii) removal or destruction of individual identifiers at earliest reasonable time, and (iii) prohibition of subsequent use or disclosure of information in identifiable form without express authorization of that public body; and
  • recipient signs agreement to comply with approved conditions, Act and public body's policies and procedures relating to confidentiality of personal information.
Nova Scotia Freedom of Information and Protection of Privacy Act

Section 29: Conditions for disclosure by public body:

  • Research purpose cannot reasonably be accomplished unless information is provided in identifiable form;
  • any record linkage is not harmful to individuals and benefits to be derived from record linkage are clearly in public interest;
  • head of a public body has approved conditions relating to (i) security and confidentiality, (ii) removal or destruction of individual identifiers at earliest reasonable time, and (iii) prohibition of subsequent use or disclosure of information in identifiable form without express authorization of that public body; and
  • recipient signs agreement to comply with approved conditions, Act and public body's policies and procedures relating to confidentiality of personal information.
  Municipal Government Act

Section 485(4): Conditions for disclosure by municipality:

  • Research purpose cannot reasonably be accomplished unless information is provided in individually identifiable form;
  • any record linkage is not harmful to individuals the information is about and the benefits to be derived from record linkage are clearly in the public interest;
  • the responsible officer has approved conditions relating to (i) security and confidentiality, (ii) the removal or destruction of individual identifiers at the earliest reasonable time, and (iii) the prohibition of any subsequent use or disclosure of that information in individually identifiable form without the express authority of the municipality; and
  • the person to whom the information is disclosed has signed an agreement to comply with the approved conditions, this Part of the Act, and any of the municipality's policies and procedures relating to the confidentiality of personal information.
New Brunswick Protection of Personal Information Act Schedule B, section 3.4: Consent not required when public body collects, uses or discloses personal information for purposes of legitimate research in the interest of science, of learning or of public policy, or for archival purposes.
Newfoundland and Labrador Access to Information and Protection of Privacy Act

Section 41: Conditions for disclosure by public body:

  • Same conditions as for Nova Scotia
Yukon Access to Information and Protection of Privacy Act

Section 38: Conditions for disclosure by public body:

  • Same conditions as for Nova Scotia
Northwest Territories Access to Information and Protection of Privacy Act

Section 49: Conditions for disclosure by public body:

  • Same conditions as for Nova Scotia
Nunavut Access to Information and Protection of Privacy Act

Section 49: Conditions for disclosure by public body:

  • Same conditions as for Nova Scotia

Return to top

ELEMENT #4 - MANAGING AND DOCUMENTING CONSENT119
Part 1 - Consent Requirement and Elements of Consent
Jurisdiction Legislation Privacy Legislation Concordance and Selected Supplemental Requirements
Federal Personal Information Protection and Electronic Documents Act

Schedule 1, 4.3 and 4.3.1 (Consent Requirement)

Schedule 1, 4.3.4, 4.3.6 and 4.3.7 (Form of Consent)

Schedule 1, 4.3.2, 4.3.5, 4.3.8 (Elements of Consent)

Privacy Act Sections 7 and 8 (Consent Requirement)
British Columbia Personal Information Protection Act

Sections 6 and 7 (Consent Requirement)

Section 8 (Form of Consent)

Section 9 (Elements of Consent)

Freedom of Information and Protection of Privacy Act Sections 32(b) and 33.1(1)(b) (Consent Requirement)
Freedom of Information and Protection of Privacy Regulation

Section 6 (Form of Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

Consent to disclosure of personal information must be in writing and specify to whom the personal information may be disclosed and how the personal information may be used.

Alberta Health Information Act

Section 34(1) and (3) (Consent Requirement)

Section 34(2), (4), (5) and (6) (Form of Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

Consent to disclosure of personal health information must be in writing or be provided electronically and must include:

  1. authorization for custodian to disclose the health information specified in the consent;
  2. purpose for which the health information may be disclosed;
  3. identity of person to whom health information may be disclosed;
  4. acknowledgment that individual providing consent has been made aware of reasons why the health information is needed and the risks and benefits to the individual of consenting or refusing to consent;
  5. date consent is effective and date, if any, on which consent expires; and
  6. statement that consent may be revoked at any time by the individual providing it.120
  • Revocation of consent must be provided in writing or electronically.
Health Information Regulation

Section 6(2) (Electronic Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

An electronic consent or a revocation of an electronic consent is valid only if the level of authentication is sufficient to identify the individual who is granting the consent or revoking the consent, as the case may be.

Personal Information Protection Act

Section 7 (Consent Requirement)

Section 8 (Form of Consent)

Section 9 (Withdrawal or variation of consent)

Section 10 (Consent obtained by deception)

Freedom of Information and Protection of Privacy Act Sections 39(1)(b) and 40(1)(d) (Consent Requirement)
Freedom of Information and Protection of Privacy Regulation

Section 6(1) (Form of Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

Consent to use or disclosure of personal information must be in writing and must specify to whom the personal information may be disclosed.

Municipal Government Act __
Saskatchewan The Health Information Protection Act

Sections 5, 26 and 27 (Consent Requirement)

Sections 6(1) and (2), and 7 (Elements of Consent)

Sections 6(3),(4) and (5) (Form of Consent)

The Freedom of Information and Protection of Privacy Act Sections 28 and 29 (Consent Requirement)
The Freedom of Information and Protection of Privacy Regulations

Section 18 (Form of Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

Consent to be in writing unless the head of the public body determines that it is not reasonably practicable.

The Local Authority Freedom of Information and Protection of Privacy Act __
The Local Authority Freedom of Information and Protection of Privacy Regulations

Section 11 (Form of Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

Consent to be in writing unless the head of the local body determines that it is not reasonably practicable.

Manitoba The Personal Health Information Act Sections 21(b) and 22(1)(b) (Consent Requirement)
The Freedom of Information and Protection of Privacy Act Sections 43(b) and 44(1)(b) (Consent Requirement)
Ontario Personal Health Information Protection Act

Section 29 (Consent Requirement)

Sections 18(1), 18(5), 18(6) and 19 (Elements of Consent)

Section 18(2), (3) and (4) (Form of Consent)

Freedom of Information and Protection of Privacy Act Section 41(a) and 42(b) (Consent Requirement)
Municipal Freedom of Information and Protection of Privacy Act __
Quebec An act respecting the protection of personal information in the private sector

Sections 12 and 13 (Consent Requirement)

Section 14 (Elements and Form of Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

Consent must be manifest, free and enlightened121

An act respecting access to documents held by public bodies and the protection of personal information Section 53(1) and 59 (Consent Requirement)
Prince Edward Island Freedom of Information and Protection of Privacy Act Section 36(1)(b) and 37(1)(c) (Consent Requirement)
Freedom of Information and Protection of Privacy Act, General Regulations

Section 6 (Form of Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

Consent to use or disclose personal information must (a) be in writing and (b) specify to whom the personal information may be disclosed and how the personal information may be used.

Nova Scotia Freedom of Information and Protection of Privacy Act Sections 26(b) and 27(b) (Consent Requirement)
Freedom of Information and Protection of Privacy Regulations

Sections 7(2) and 8 (Form of Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

Consent to use of personal information must (i) be in writing, (ii) identify the information, and (iii) specify to whom the information may be disclosed and how the information may be used.122

Municipal Government Act __
New Brunswick Protection of Personal Information Act

Schedule A, Principle 3 (Consent Requirement)

Schedule B, 3.1 and 3.2 (Form of Consent)

Newfoundland and Labrador Access to Information and Protection of Privacy Act123 Sections 38(1)(b) and 39(1)(b) (Consent Requirement)
Yukon Access to Information and Protection of Privacy Act Sections 35 (b) and 36 (b) (Consent Requirement)
Access to Information Regulation

Section 2 (Consent to disclosure of personal information)

Supplemental Requirement to CIHR Privacy Best Practices:

Consent to disclosure to be in writing and specify to whom the personal information may be disclosed and how it may be used.

Northwest Territories Access to Information and Protection of Privacy Act Sections 43 (b) and 48 (b) (Consent Requirement)
Access to Information and Protection of Privacy Regulations

Section 5 (Form of Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

The consent of an individual to a public body's use or disclosure of his or her personal information must be in writing and specify to whom the personal information may be disclosed and how it may be used.

Nunavut Access to Information and Protection of Privacy Act Sections 43 (b) and 48 (b) (Consent Requirement)
Access to Information and Protection of Privacy Regulations Section 5 (Form of Consent)

Supplemental Requirement to CIHR Privacy Best Practices:

The consent of an individual to a public body's use or disclosure of his or her personal information must be in writing and specify to whom the personal information may be disclosed and how it may be used.

 

Return to top

ELEMENT #4 - MANAGING AND DOCUMENTING CONSENT
Part 2 - Consent by Substitute Decision Makers124
Jurisdiction Legislation Privacy Legislation Concordance
Federal Personal Information Protection and Electronic Documents Act Schedule 1, 4.3.6 - (Consent by authorized representatives)
Privacy Act Privacy Regulations Section 10 (Exercise of rights on behalf of minors, persons deemed incompetent, or deceased persons)
British Columbia Personal Information Protection Act Regulations

Section 2 (Who may act for minors and others)

Section 3 (Who may act for deceased persons)

Section 4 (Determination of nearest relative)

Freedom of Information and Protection of Privacy Regulation Section 3 (Who can act for young people and others)
Alberta Health Information Act Section 104(1) (Exercise of rights by other persons)
Personal Information Protection Act Section 61(1) (Exercise of rights by other persons)
Freedom of Information and Protection of Privacy Act Section 84 (Exercise of rights by other persons)
Saskatchewan The Health Information Protection Act Section 56 (Exercise of rights by other persons)
The Freedom of Information and Protection of Privacy Act Section 59 (Exercise of rights by other persons)
Manitoba The Personal Health Information Act Section 60 (Exercising rights of another person)
The Freedom of Information and Protection of Privacy Act Section 79 (Exercising rights of another person)
Ontario Personal Health Information Protection Act

Section 5 (Substitute decision-maker)

Sections 23 and 26 (Persons who are entitled to consent to the collection, use, or disclosure of personal health information)

Section 25 (Authority of substitute decision-maker)

Section 27 (Appointment of representative)

Freedom of Information and Protection of Privacy Act Section 66 (Exercise of rights of deceased, etc., persons)
Quebec An act respecting the protection of personal information in the private sector   -
An act respecting access to documents held by public bodies and the protection of personal information Section 53 (Person with parental authority may authorize disclosure for a minor)
Prince Edward Island Freedom of Information and Protection of Privacy Act Section 71 (Exercise of rights by other persons)
Nova Scotia Freedom of Information and Protection of Privacy Act Section 43 (Exercise of right or power by other persons)
New Brunswick Protection of Personal Information Act Schedule B, section 3.3 (Consent can be given by a parent, guardian or other representative of the individual in appropriate circumstances)
Newfoundland and Labrador Access to Information and Protection of Privacy Act125 Section 65 (Exercising rights of another person)
Yukon Access to Information and Protection of Privacy Act Section 62 (Personal Representation)
Northwest Territories Access to Information and Protection of Privacy Act Section 52 (Exercise of Rights by other persons)
Nunavut Access to Information and Protection of Privacy Act Section 52 (Exercise of Rights by other persons)

Return to top

ELEMENT #5 - INFORMING PROSPECTIVE RESEARCH PARTICIPANTS ABOUT THE RESEARCH126
Jurisdiction Legislation Privacy Legislation Concordance and Selected Supplemental Requirements
Federal Personal Information Protection and Electronic Documents Act

Schedule 1, 4.2 (Purpose for collection must be identified at the time of collection and must be documented)

Schedule 1, 4.3.2 (Knowledge and consent)

Privacy Act Section 5(2) (Individual to be informed of purpose of collection)
British Columbia Personal Information Protection Act Section 8(3) 10(1), 14 and 17 (Notice requirements for collection, use and disclosure)
Freedom of Information and Protection of Privacy Act

Section 27(2) (Information to be given regarding purposes for collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual must be told of the legal authority for collecting the information.

     

Alberta Health Information Act

Sections 21(2) and 22(3) (Information to be given regarding purposes for collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual must be told of the specific legal authority for the collection.
Personal Information Protection Act Section 8(3) and 13 (Notification requirements for collection, use and disclosure)
Freedom of Information and Protection of Privacy Act

Section 34(2) (Information to be given regarding purpose for collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual must be told of the legal authority for collecting the information.
Municipal Government Act __
Saskatchewan The Health Information Protection Act Sections 6 and 9 (Individual must be informed of purposes for collection use, and disclosure of the individual's personal health information)
The Freedom of Information and Protection of Privacy Act Section 26(2) (Individual must be informed of the purposes for the collection)
The Local Authority Freedom of Information and Protection of Privacy Act

Section 25(2) (Individual to be informed of purposes of collection)

Section 57(l) (Lieutenant Governor in Council may make regulations prescribing any matter to be included in notice)

Manitoba The Personal Health Information Act Section 15 (Notice of collection practices)
The Freedom of Information and Protection of Privacy Act

Section 37(2) (Individual must be informed of the purposes for the collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual must be told of the legal authority for collecting the information
Ontario Personal Health Information Protection Act Section 18(5) and (6) (Knowledge of purposes of collection)
Freedom of Information and Protection of Privacy Act

Section 39(2) (Information to be given regarding purpose for collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual must be told of the legal authority for collecting the information.
Municipal Freedom of Information and Protection of Privacy Act

Section 29(2) (Individual must be informed of primary purposes of collection)

Supplemental Requirement to CIHR Best Practices:

  • Individual must be told of the legal authority for collecting the information
Municipal Freedom of Information and Protection of Privacy Act, General Regulation

Section 4(1) (When notice not required)

  • Institutions not required to give notice of collection if providing notice would frustrate purpose of the collection or might result in an unjustifiable invasion of another individual's privacy. Head of institution must make available a statement describing purpose of collection and reason why notice not given.
Quebec An act respecting the protection of personal information in the private sector Section 8 (Information to be given regarding purpose for collection)
An act respecting access to documents held by public bodies and the protection of personal information

Section 65 (Information to be given regarding purpose for collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Every person who, on behalf of a public body, collects nominative information from the person concerned or from a third person must first identify himself and inform the person concerned that the collection is either mandatory or optional and of the consequences of failing to provide the information.
Prince Edward Island Freedom of Information and Protection of Privacy Act

Section 32(2) (Right to be informed regarding purpose for collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual must be told of the legal authority for collecting the information.
Nova Scotia Freedom of Information and Protection of Privacy Regulations

Section 8 (Requirement before use)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Before information about an individual may be used, the individual must identify the information and give consent in writing specifying to whom the information may be disclosed and how the information may be used
Municipal Government Act __
New Brunswick Protection of Personal Information Act Schedule A, Principle 2 and Schedule B, section 2.1 (Purposes for collection must be identified)
Newfoundland and Labrador Access to Information and Protection of Privacy Act127

Section 33(2) (Information regarding purpose for collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual must be told of the legal authority for collecting the information.
Yukon Access to Information and Protection of Privacy Act

Section 30(2) (Information regarding purpose for collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual must be told of the legal authority for collecting the information.
Northwest Territories Access to Information and Protection of Privacy Act

Section 41(2) (Information regarding purpose for collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual must be told of the legal authority for collecting the information.
Nunavut Access to Information and Protection of Privacy Act

Section 41(2) (Information regarding purpose for collection)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual must be told of the legal authority for collecting the information.

Return to top

ELEMENT #6 - RECRUITING PROSPECTIVE RESEARCH PARTICIPANTS
Statutory Prohibitions to Secondary Use/Disclosure of Personal Information to Contact Individuals to Participate in Research128
Jurisdiction Legislation Privacy Legislation Concordance
Federal Personal Information Protection and Electronic Documents Act __
Privacy Act __
British Columbia Personal Information Protection Act Section 21(b): An organization may disclose, without the consent of the individual, personal information for a research purpose if the disclosure is on condition that it will not be used to contact persons to ask them to participate in the research.
Freedom of Information and Protection of Privacy Act Section 35 (a.1): A public body may disclose personal information for a research purpose without the consent of the individual only if the information is disclosed on condition that it not be used for the purpose of contacting a person to participate in the research.
Alberta Health Information Act Section 55: If the researcher wishes to contact the individuals who are the subjects of the information disclosed for research purposes to obtain additional health information, the custodian or an affiliate of the custodian must first obtain consents from those individuals to their being contacted for that purpose.
Personal Information Protection Act Regulation Section 12(3)(d): If personal information is to be disclosed by an organization under a research agreement, the person to whom the information is to be disclosed must agree to not contact any individual to whom the information relates.
Freedom of Information and Protection of Privacy Regulation Section 8(f): The agreement required by the Act for disclosure of personal information without consent of the individual for research purposes must include provision that recipient will not contact any individual to whom the personal information relates, directly or indirectly, without the prior written authority of the public body.
Municipal Government Act __
Saskatchewan The Health Information Protection Act __
The Freedom of Information and Protection of Privacy Act __
The Local Authority Freedom of Information and Protection of Privacy Act __
Manitoba The Personal Health Information Act Section 24(5): If a research project will require direct contact with individuals, a trustee must not disclose personal health information about those individuals without first obtaining their consent. Trustee need not obtain their consent if the information consists only of the individuals' names and addresses.
The Freedom of Information and Protection of Privacy Act __
Ontario Personal Health Information Protection Act Section 44(6)(e): Researcher shall not make contact or attempt to make contact with the individual, directly or indirectly, unless the custodian obtains the individual's consent to being contacted.129
Freedom of Information and Protection of Privacy Act, General Regulation Section 10(1)6: Before a head may disclose personal information for a research purpose to a person, that person must agree not to contact any individual to whom personal information relates, directly or indirectly, without the prior written authority of the institution.
Municipal Freedom of Information and Protection of Privacy Act __
Quebec An act respecting the protection of personal information in the private sector __
An act respecting access to documents held by public bodies and the protection of personal information __
Prince Edward Island  Freedom of Information and Protection of Privacy Act __
Nova Scotia Freedom of Information and Protection of Privacy Regulations Section 9: Research agreement must contain condition that recipient not contact any individual to whom personal information relates, directly or indirectly, without the prior written authority of the public body.
Municipal Government Act __
New Brunswick Protection of Personal Information Act __
Newfoundland and Labrador Access to Information and Protection of Privacy Act __
Yukon Access to Information and Protection of Privacy Act __
Northwest Territories Access to Information and Protection of Privacy Regulations Section 8: Research agreement must contain condition that the recipient must not contact any individual to whom the personal information relates, directly or indirectly, without the prior written authority of the public body.
Nunavut Access to Information and Protection of Privacy Regulations Section 8: Research agreement must contain condition that the recipient must not contact any individual to whom the personal information relates, directly or indirectly, without the prior written authority of the public body.

Return to top

ELEMENT #7 - SAFEGUARDING PERSONAL DATA130,131
Part 1 - General Safeguarding Requirements
Jurisdiction Legislation Privacy Legislation Concordance and Selected Supplemental Requirements
Federal Personal Information Protection and Electronic Documents Act

Schedule 1, 4.7 (Safeguards for protecting personal information)

Schedule 1, 4.1.4 (Policies and practices to be implemented to protect personal information)

Privacy Act Section 62 (Security Requirements)
British Columbia Personal Information Protection Act

Section 5 (Policies and practices)

Section 34 (Protection of personal information)

Freedom of Information and Protection of Privacy Act

Section 30 (Protection of personal information)

Supplemental Requirements to CIHR Privacy Best Practices:

  • Information must be stored in Canada and accessed only in Canada unless the individual the information is about has identified the information and has consented, in the prescribed manner132, to it being stored in or accessed from, as applicable, another jurisdiction or if it is stored in or accessed from another jurisdiction for the purpose of disclosure allowed under the Act (section 30.1).
  • Where a public body receives a foreign demand for disclosure, the head of the public body must inform the Minister responsible for the Act (section 30.2(2)).
Alberta Health Information Act

Section 60 (Duty to protect health information)

Section 63 (Duty to establish or adopt policies and procedures)

Health Information Regulation

Section 8 (Record of safeguards to be maintained)

Supplemental Requirements to CIHR Privacy Best Practices:

  • Written agreement required with respect to safeguards for health information that is to be stored, used or disclosed outside Alberta unless used for continuing treatment and care (section 8(4) and (5)).
Personal Information Protection Act

Section 6 (Policies and practice)

Section 34 (Protection of information)

Freedom of Information and Protection of Privacy Act

Section 38 (Protection of personal information)

Sections 40(1)(h)and(i) and 40(4) (Authorization to disclose personal information to officers and employees for purposes of carrying out their functions)

Municipal Government Act __
Saskatchewan The Health Information Protection Act

Section 16 (Duty to protect)

Section 23 (Collection, use and disclosure on a need-to-know basis)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Individual to be informed about disclosures of personal health information made without consent (section 10(1)).
The Freedom of Information and Protection of Privacy Act __
The Local Authority Freedom of Information and Protection of Privacy Act __
Manitoba The Personal Health Information Act

Section 18 and 19 (Security Safeguards)

Section 20(3) (Limitation on trustee's employees)

Personal Health Information Regulation

Section 2 (Written security policy and procedure)

Section 3 (Access restrictions and other precautions)

Section 4 (Additional safeguards for electronic health information systems)

Section 5 (Authorized access for employees and agents)

Section 6 (Orientation and training for employees)

Section 7 (Pledge of confidentiality for employees)

Section 8 (Audit)

Supplemental Requirements to CIHR Privacy Best Practices:

  • Audit of security safeguards to be conducted every 2 years (sections 2 and 8).
  • Each employee and agent must sign a pledge of confidentiality that includes an acknowledgement that he or she is bound by the policy and procedures and is aware of the consequences of breaching them (section 7).
The Freedom of Information and Protection of Privacy Act Section 41 (Protection of personal information)
Ontario Personal Health Information Protection Act

Section 10 (Information Practices)

Section 12 (Security)

Section 13 (Handling of Records)

Supplemental Requirements to CIHR Privacy Best Practices:

  • An individual shall be notified at the first reasonable opportunity if the information is stolen, lost, or accessed by unauthorized persons. However, a researcher shall not notify the individual unless the health information custodian obtains the individual's consent to having the researcher contact the individual and informs the researcher that the individual has given consent (section 12(2) and(3)).
  • A health information custodian may disclose personal health information to an entity prescribed pursuant to section 45 of the Act133, if the Commissioner has approved the practices and procedures of the entity (sections 45(3)).
  • The Commissioner must approve the practices and procedures of a health data institute (sections 47(9) and (10)).
Personal Health Information Protection Act, General Regulation

Section 6(3) (Prescribed requirements for health information network provider.)

Supplemental Requirements to CIHR Privacy Best Practices:

  • Health information custodian may transfer records of personal health information for archive purposes to a person who, (a) has put in place reasonable measures to ensure that personal health information in the person's custody or control is protected against theft, loss and unauthorized use or disclosure and to ensure that the records containing the information are protected against unauthorized copying, modification or disposal (section 14(1)).
  • Prescribed registries134 must put in place practices and procedures approved by the Commissioner and summary of the practices and procedures must be made available to the public (sections 13(2) and 13(3)).
Freedom of Information and Protection of Privacy Act, General Regulation Section 4 (Measures to protect records)
Municipal Freedom of Information and Protection of Privacy Act __
Quebec An act respecting the protection of personal information in the private sector

Section 10 (Safety measures)

Section 20 (Authorized employee access to personal information without consent for the performance of duties of employees)

An act respecting access to documents held by public bodies and the protection of personal information

Section 62 (Authorization to receive personal information for the discharge of duties)

Section 76 (Declaration to the Commission required when establishing a file on individual)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Anytime a file is established concerning an individual, the public body must make a declaration to the Commission containing, among other things, the categories of persons who have access to the file in carrying on their duties.
Prince Edward Island Freedom of Information and Protection of Privacy Act

Section 35 (Protection of personal information)

Section 37(1)(g) and (g.1) (Authorization to disclose personal information to officers and employees for purposes of carrying out their functions)

Nova Scotia Freedom of Information and Protection of Privacy Act

Section 24(3) (Treatment of personal information)

Section 27(f) (Authorization to disclose personal information to officers and employees for purposes of carrying out their functions)

Municipal Government Act __
New Brunswick Protection of Personal Information Act Schedule A and B, Principle 7 (Safeguards)
Newfoundland and Labrador Access to Information and Protection of Privacy Act135

Section 36 (Protection of personal information)

Section 39(1)(f) (Authorization to disclose personal information to officers and employees for purposes of carrying out their functions)

Section 51(e) (Commissioner's power to comment on privacy implications of using information technology in the storage of personal information)

Yukon Access to Information and Protection of Privacy Act

Section 33 (Protection of Personal Information)

Section 36(1)(f) (Authorization to disclose personal information to officers and employees for purposes of carrying out their functions)

Northwest Territories Access to Information and Protection of Privacy Act

Section 42 (Protection of Personal Information)

Section 48(k) (Authorization to disclose personal information to officers and employees for purposes of carrying out their functions)

Access to Information and Protection of Privacy Regulations Section 6 (Disclosure to employees and service providers)
Nunavut Access to Information and Protection of Privacy Act

Section 42 (Protection of Personal Information)

Section 48(k) (Authorization to disclose personal information to officers and employees for purposes of carrying out their functions)

Access to Information and Protection of Privacy Regulations Section 6 (Disclosure to employees and service providers)

Return to top

ELEMENT #7 - SAFEGUARDING PERSONAL DATA
Part 2 - Requirement for a Privacy Impact Assessment136
Jurisdiction Legislation Privacy Legislation Concordance
Federal Personal Information Protection and Electronic Documents Act __
Privacy Act __
British Columbia Personal Information Protection Act __
Freedom of Information and Protection of Privacy Act Section 69(5): Public bodies which are ministries (i.e., excludes regional health authorities and hospitals) are required to conduct a privacy impact assessment for all new enactments, systems, projects or programs to determine whether the requirements of the Act are met. The privacy impact assessment must be conducted in accordance with the process/tool referenced in Schedule A attached hereto.
Alberta Health Information Act

Sections 64, 70(2) and (3) and 71(2) and (3): Each custodian must prepare a privacy impact assessment and must submit it to the Information and Privacy Commissioner for review and comment before implementing any proposed administrative practices and information systems or any proposed change to any such existing practices and systems in accordance with the privacy impact assessment tool referenced in Schedule A attached hereto.

Section 46(5) (Requirement for the Department to conduct a privacy impact assessment in certain situations)

Personal Information Protection Act __
Freedom of Information and Protection of Privacy Act __
Municipal Government Act __
Saskatchewan The Health Information Protection Act __
The Freedom of Information and Protection of Privacy Act __
The Local Authority Freedom of Information and Protection of Privacy Act __
Manitoba The Personal Health Information Act __
The Freedom of Information and Protection of Privacy Act __
Ontario Personal Health Information Protection Act __
Personal Health Information Protection Act, General Regulation Section 6(3) subparagraph 5: A person who provides goods or services for the purpose of enabling a custodian to use electronic means to collect, use, modify, disclose, retain or dispose of personal health information shall perform, and provide to each applicable health information custodian a written copy of the results of, an assessment of the services provided to the health information custodians, with respect to, (i) threats, vulnerabilities and risks to the security and integrity of the personal health information, and (ii) how the services may affect the privacy of the individuals who are the subject of the information.
Freedom of Information and Protection of Privacy Act __
Municipal Freedom of Information and Protection of Privacy Act __
Quebec An act respecting the protection of personal information in the private sector __
An act respecting access to documents held by public bodies and the protection of personal information __
Prince Edward Island Freedom of Information and Protection of Privacy Act __
Nova Scotia Freedom of Information and Protection of Privacy Act __
New Brunswick Protection of Personal Information Act __
Newfoundland and Labrador Access to Information and Protection of Privacy Act137 < /EM> __
Yukon Access to Information and Protection of Privacy Act __
Northwest Territories Access to Information and Protection of Privacy Act __
Nunavut Access to Information and Protection of Privacy Act __

 

Return to top

Schedule A

 

Jurisdiction Privacy Impact Assessment Tools
Federal Treasury Board of Canada Secretariat - Privacy Impact Assessment Policy
British Columbia Ministry of Management Services for British Columbia, Information Policy and Privacy Branch - Privacy Impact Assessment (PIA) Process
Alberta Information and Privacy Commissioner of Alberta - Privacy Impact Assessment: Instructions and Annotated Questionnaire [ PDF (335 KB) | Help ]
Saskatchewan Office of the Saskatchewan Information and Privacy Commissioner - Privacy Impact Assessment (Short Form) [PDF (93 KB) | Help ]
Manitoba

Ombudsman Manitoba, Access and Privacy Division - Privacy Compliance Tool Checklist [ PDF (9,27 KB) | Help ]

Manitoba Health - Privacy Impact Assessment (PIA) Guide (Not available on-line)

Ontario

Information and Privacy Commissioner/Ontario - Privacy Diagnostic Tool (PDT) Workbook [ PDF (222 KB) | Help ]

Management Board of Cabinet - Privacy Impact Assessment Guidelines

Quebec Ministère des Relations avec les citoyens et de L'immigration (Québec) - Modèle de pratiques de protection des renseignements personnels - dans le contexte du développement des systèmes d'information par les organismes publics [ PDF (335 KB) | Help ]
Prince Edward Island  N/A
Nova Scotia N/A
New Brunswick N/A
Newfoundland and Labrador

Office of the Information and Privacy Commissioner for Newfoundland and Labrador - Privacy Audit, A Compliance Review Tool

Centre for Health Information - Privacy Impact Assessment for Researchers [ PDF | Help ]

Yukon N/A
Northwest Territories N/A
Nunavut N/A

Return to top

ELEMENT #8 - CONTROLLING ACCESS AND DISCLOSURE OF PERSONAL DATA
Part 1 - Specific Data Matching/Linkage Provisions138,139
Jurisdiction Legislation Privacy Legislation Concordance
Federal Personal Information Protection and Electronic Documents Act __
Privacy Act __
British Columbia Personal Information Protection Act Section 21 - Any linkage of personal information to other information must not be harmful to the individuals and the benefits to be derived from the linkage must clearly be in the public interest.
Freedom of Information and Protection of Privacy Act Section 35 - Any record linkage must not be harmful to the individuals and the benefits to be derived from the record linkage must clearly be in the public interest.
Alberta Health Information Act

Section 1(1)(g) (Definition of "data matching")140

Section 68 (General prohibition on data matching)

Section 69 (Permitted data matching by custodians)

Section 70 (Data matching between custodians; privacy impact assessment required)

Sections 71 and 32 (Data matching between custodians and non-custodians; privacy impact assessment required; obligation to notify Privacy Commissioner)

Section 72 (Data matching for research; obligation to comply with provisions regarding disclosure for research purposes without consent (sections 48-56))

Section 107(5) (Offence to fail to notify Commissioner)

Personal Information Protection Act __
Freedom of Information and Protection of Privacy Act Section 42(b) - Record linkages cannot be harmful to the individuals the information is about and the benefits to be derived from the linkage must be clearly in the public interest
Municipal Government Act __
Saskatchewan The Health Information Protection Act __
The Freedom of Information and Protection of Privacy Act __
The Local Authority Freedom of Information and Protection of Privacy Act __
Manitoba The Personal Health Information Act __
The Freedom of Information and Protection of Privacy Act

Section 46 - Approval must be obtained from head of the public body to use or disclose personal information for linking or matching purposes. The head may have to refer the proposal to the review committee for advice.

Section 47(4) - Any information linkage, must not be likely to harm individuals and benefits to be derived from research and any information linkage must clearly be in the public interest.

Ontario Personal Health Information Protection Act, General Regulation Section 16(3) - A research plan must include a description of how personal health information will be used in the research, and if it will be linked to other information, a description of the other information as well as how the linkage will be done.
Freedom of Information and Protection of Privacy Act __
Municipal Freedom of Information and Protection of Privacy Act __
Quebec An act respecting the protection of personal information in the private sector __
An act respecting access to documents held by public bodies and the protection of personal information

Section 68.1 (Permitted data matching/Requirement for written agreement)

Section 69 (Obligation to maintain confidentiality)

Section 70 (Submission of data matching agreements to Commission/ Public body; Tabling of agreement in National Assembly; Obligation to publish in Gazette)

Prince Edward Island Freedom of Information and Protection of Privacy Act Section 39(b) - Record linkages cannot be harmful to the individuals the information is about and the benefits to be derived from the linkage must be clearly in the public interest.
Nova Scotia Freedom of Information and Protection of Privacy Act Section 29(b) - Record linkages cannot be harmful to the individuals the information is about and the benefits to be derived from the linkage must be clearly in the public interest.
Municipal Government Act Section 485(4)(b) - Record linkages cannot be harmful to the individuals the information is about and the benefits to be derived from the linkage must be clearly in the public interest.
New Brunswick Protection of Personal Information Act __
Newfoundland and Labrador Access to Information and Protection of Privacy Act141

Section 41 - Record linkages cannot be harmful to the individuals the information is about and the benefits to be derived from the linkage must be clearly in the public interest.

Section 51(e) - Commissioner may comment on implications for protection of privacy of using or disclosing personal information for record linkage.

Yukon Access to Information and Protection of Privacy Act Section 38 - Record linkages cannot be harmful to the individuals the information is about and the benefits to be derived from the linkage must be clearly in the public interest.
Northwest Territories Access to Information and Protection of Privacy Act Section 49 - Record linkages cannot be harmful to the individuals the information is about and the benefits to be derived from the linkage must be clearly in the public interest
Nunavut Access to Information and Protection of Privacy Act Section 49 - Record linkages cannot be harmful to the individuals the information is about and the benefits to be derived from the linkage must be clearly in the public interest

Return to top

ELEMENT #8 - CONTROLLING ACCESS AND DISCLOSURE OF PERSONAL DATA
Part 2 - Data-sharing Agreements for Research Purposes142
Jurisdiction Legislation Privacy Legislation Concordance and Selected Supplemental Requirements
Federal Personal Information Protection and Electronic Documents Act Schedule 1, 4.1.3 (Organization must use contractual means to provide for comparable level of protection when personal information is being processed by a third party)
Privacy Act Section 8(2)(j) (Requirement and content of data sharing agreements)
British Columbia Personal Information Protection Act

Section 21(1) (Requirement and content of data sharing agreements)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Prohibition from using personal information to contact a person to participate in the research (section 21(1)(c)).
Freedom of Information and Protection of Privacy Act

Section 35 (Requirement and content of data sharing agreements)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Prohibition from using personal information to contact a person to participate in the research.
Alberta Health Information Act

Section 54(1) (Agreement between researcher and custodian)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Data sharing agreement must include obligation of recipient to pay the costs of (i) preparing information for disclosure, (ii) making copies of health information, and (iii) obtaining consents. Data sharing agreement must also contain obligation of researcher not to attempt to contact an individual who is the subject of the information in order to obtain additional information unless the individual has consented.
Health Information Regulation Section 8(4) (Additional requirements when health information is used or disclosed outside Alberta)
Personal Information Protection Act Regulation

Sections 12(2), 12(3) and 14(3) (Requirement and content of data sharing agreement)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Data sharing agreement must include obligation of recipient of information to not contact any individual to whom the personal information relates, directly or indirectly, without the prior written authority of the public body and that the person must notify the public body in writing immediately if the person becomes aware that any of the conditions set out in the agreement have been breached.
Freedom of Information and Protection of Privacy Act Section 42 (Requirement for data sharing agreement)
Freedom of Information and Protection of Privacy Regulation

Section 8 (Content of data sharing agreement)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Data sharing agreement must include obligation of recipient of information to not contact any individual to whom the personal information relates, directly or indirectly, without the prior written authority of the public body and notify the public body in writing immediately if the person becomes aware that any of the conditions set out in the agreement have been breached and that, if a person fails to meet the conditions of the agreement, the agreement may be immediately cancelled and that the person may be guilty of an offence pursuant to the Act.
Municipal Government Act __
Saskatchewan The Health Information Protection Act Section 29(1) (Requirement and content of data sharing agreements)
The Freedom of Information and Protection of Privacy Act Section 29(2)(k) (Requirement for data sharing agreements)
The Local Authority Freedom of Information and Protection of Privacy Act __
Manitoba The Personal Health Information Act Section 24(4) (Requirement and content of data sharing agreement)
Personal Health Information Regulation Section 8.3 (Content of data sharing agreements)
The Freedom of Information and Protection of Privacy Act Section 47(4)(c) and (d) (Requirement for data sharing agreements)
Ontario Personal Health Information Protection Act Section 44(1) and (5) (Requirement for data sharing agreements)
Freedom of Information and Protection of Privacy Act, General Regulation Section 10 (Content of data sharing agreements)
Municipal Freedom of Information and Protection of Privacy Act __
Quebec An act respecting the protection of personal information in the private sector Section 21 (No requirement for data sharing agreement although the Commission may impose conditions on disclosure of information for research purposes)
An act respecting access to documents held by public bodies and the protection of personal information Section 125 (No requirement for data sharing agreement although the Commission may impose conditions on disclosure of information for research purposes)
Prince Edward Island Freedom of Information and Protection of Privacy Act Section 39 (Requirement for data sharing agreements - no content specified)
Nova Scotia Freedom of Information and Protection of Privacy Act Section 29 (Requirement for data sharing agreements - no content specified)
Freedom of Information and Protection of Privacy Regulations

Section 9 (Content of data sharing agreement)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Data sharing agreement must include agreement of recipient not to contact any individual to whom personal information relates, directly or indirectly, without the prior written authority of the public body and to notify the public body in writing immediately if the person becomes aware that any of the conditions set out in this section have been breached. Agreement must be in prescribed form.
Municipal Government Act __
New Brunswick Protection of Personal Information Act __
Newfoundland and Labrador Access to Information and Protection of Privacy Act Section 41 (Requirement for data sharing agreements)
Yukon Access to Information and Protection of Privacy Act Section 38 (d) (Requirement for data sharing agreements)
Northwest Territories Access to Information and Protection of Privacy Act Section 49 (c) and (d) (Requirement for data sharing agreements)
Access to Information and Protection of Privacy Regulations

Section 8 (Content of data sharing Agreements)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Data sharing agreement must include provisions requiring: an identification of any other persons who will be given access to the personal information by the recipient; a condition that the recipient must not contact any individual to whom the personal information relates, directly or indirectly, without the prior written authority of the public body; notice to the public body in writing immediately if the person becomes aware that any of the conditions set out in the agreement have been breached; a condition that, if a recipient fails to meet the conditions of the agreement, the agreement may be immediately terminated by the public body.
Nunavut Access to Information and Protection of Privacy Act Section 49(c) and (d) (Requirement for data sharing agreements)
Access to Information and Protection of Privacy Regulations

Section 8 (Content of data sharing Agreements)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Same as for the Northwest Territories

Return to top

ELEMENT #9 - SETTING REASONABLE LIMITS ON RETENTION OF PERSONAL DATA
Retention and Destruction of Personal Information143,144
Jurisdiction Legislation Privacy Legislation Concordance and Selected Supplemental Requirements
Federal Personal Information Protection and Electronic Documents Act

Schedule 1, 4.5, 4.5.2 and 4.5.3 (Limiting use, disclosure and retention)

Supplemental Requirements to CIHR Privacy Best Practices:

Data retention guidelines should include minimum and maximum retention periods.

Privacy Act Section 6 (Retention of personal information used for an administrative purpose)
Privacy Act Privacy Regulations

Section 4 (Retention of personal information that has been used by a government institution for an administrative purpose)

Supplemental Requirements to CIHR Privacy Best Practices:

Personal Information shall be retained (a) for at least two years following the last time the personal information was used for an administrative purpose unless the individual consents to its disposal and (b) where a request for access to the information has been received, until such time as the individual has had the opportunity to exercise all his rights under the Act. However, the information may be destroyed in an emergency in order to prevent the removal of the information from the control of the institution (section 4).

A copy of every request for access received as well as a record of any information disclosed pursuant to such a request must be maintained for a period of 2 years following the date of the request (section 7).

British Columbia Personal Information Protection Act

Section 35 (Retention of personal information)

Supplemental Requirements to CIHR Privacy Best Practices:

If an individual's personal information is being used to make a decision that directly affects the individual, the information must be retained for at least one year.

Freedom of Information and Protection of Privacy Act

Section 31 (Retention of personal information)

Supplemental Requirements to CIHR Privacy Best Practices:

If an individual's personal information is being used to make a decision that directly affects the individual, the information must be retained for at least one year.

Alberta Health Information Act

Section 3 (Storage and Destruction, Other Enactments)

Section 41 (Maintaining certain disclosure information)

Section 60(2)(b) (Safeguards for proper disposal)

Supplemental Requirements to CIHR Privacy Best Practices:

A custodian that discloses a record containing individually identifying diagnostic, treatment and care information must retain that information for a period of 10 years following the date of the disclosure (section 41(2).

Personal Information Protection Act Section 35 (Retention of information)
Freedom of Information and Protection of Privacy Act

Section 35 (Accuracy and retention)

Supplemental Requirements to CIHR Privacy Best Practices:

If an individual's personal information is being used to make a decision that directly affects the individual, the information must be retained for at least one year or such shorter time as approved by the individual in writing, the public body and the body that approved the retention and disposition schedule if applicable.

Municipal Government Act

Sections 214(2) and (3) (Destruction of records)

Supplemental Requirements to CIHR Privacy Best Practices:

  • A council may pass a bylaw respecting destruction of records and documents of the municipality. The bylaw must provide that if an individual's personal information will be used by the municipality to make a decision that directly affects the individual, the municipality must retain the personal information for at least one year after using it so that the individual has a reasonable opportunity to obtain access to it.
Saskatchewan The Health Information Protection Act Section 17 (Retention and destruction policy)
The Freedom of Information and Protection of Privacy Act __
The Local Authority Freedom of Information and Protection of Privacy Act __
Manitoba The Personal Health Information Act

Section 17 (Retention and destruction of information)

Supplemental Requirements to CIHR Privacy Best Practices:

  • Written retention policy must be established.
  • Trustee who destroys personal health information must keep a record of (i) the individual whose personal information is destroyed (ii) the time period to which the information relates, (iii) the method of destruction, and (iv) the person responsible for supervising the destruction.
Personal Health Information Regulations Section 2 (Written policy to be established)
The Freedom of Information and Protection of Privacy Act

Section 40 (Retention of information)

Supplemental Requirement to CIHR Privacy Best Practices:

If personal information about an individual is used to make a decision that affects the individual, the public body must establish and comply with a written policy concerning the retention of the personal information (subsections 40(1) and (2)).

Ontario Personal Health Information Protection Act

Section 13 (Handling of records)

Supplemental Requirement to CIHR Privacy Best Practices:

Information shall be retained for as long as necessary to allow the individual to exhaust any recourse under the Act where a request for access has been made.

Freedom of Information and Protection of Privacy Act

Section 40(1) (Retention of personal information)

Section 40(4) (Disposal of personal information)

Freedom of Information and Protection of Privacy Act, General Regulations

Section 5 (Retention)

Supplemental Requirements to CIHR Privacy Best Practices:

  • Information shall be retained for at least one year after use, unless the individual to whom the information relates consents to its earlier disposition.
  • The minimum period of retention of personal information contained in a telecommunications logger tape is 45 days rather than one year.
Freedom of Information and Protection of Privacy Act, Disposal of Personal Information Regulation

Sections 2 to 6 (Disposal of personal information)

Supplemental Requirements to CIHR Privacy Best Practices:

  • Authorization of the head of the institution must authorize the destruction of the information.
  • The head shall ensure that the institution maintains a disposal record setting out what personal information has been destroyed and the date.
Municipal Freedom of Information and Protection of Privacy Act

Section 30(1) (Retention of personal information)

Section 30(4) (Disposal of personal information)

Municipal Freedom of Information and Protection of Privacy Act, General Regulation

Section 5 (Retention of personal information)

Supplemental Requirement to CIHR Privacy Best Practices:

Personal information to be retained for the shorter of one year after use or the period set out in a by-law or resolution made by the institution or made by another institution affecting the institution, unless the individual to whom the information relates consents to its earlier disposal.

Quebec An act respecting the protection of personal information in the private sector

Section 12 (Use of file)

Section 36 (Retention where request for access or rectification has been denied)

An act respecting access to documents held by public bodies and the protection of personal information

Section 73 (Destruction)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Section 73 does not apply to the processing of personal information collected and used as a working tool by a natural person and which is used by him for scientific research purposes to the extent that the information is not disclosed to any person other than the person concerned or to a body other than that to which he belongs, and that it is used judiciously (section 78).
Prince Edward Island Freedom of Information and Protection of Privacy Act

Section 33 (Retention when information is used to make a decision)

Supplemental Requirement to CIHR Privacy Best Practices:

  • If an individual's personal information is being used to make a decision that directly affects the individual, the information must be retained for at least one year.
Nova Scotia Freedom of Information and Protection of Privacy Act

Section 24(4) (Treatment of personal information)

Supplemental Requirement to CIHR Privacy Best Practices:

  • If an individual's personal information is being used to make a decision that directly affects the individual, the information must be retained for at least one year.
Municipal Government Act

Section 483(4) (Retention of personal information)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Where a municipality uses an individual's personal information to make a decision that directly affects the individual, the municipality shall retain that information for at least one year after using it so that the individual has a reasonable opportunity to obtain access to it.
New Brunswick Protection of Personal Information Act Schedule A, Principle 5 and Schedule B, Principle 5 (Limiting use, disclosure and rentention)
Newfoundland Access to Information and Protection of Privacy Act145

Section 37 (Retention of personal information)

Supplemental Requirement to CIHR Privacy Best Practices:

  • If an individual's personal information is being used to make a decision that directly affects the individual, the information must be retained for at least one year.
Yukon Access to Information and Protection Privacy Act

Section 34 (Retention of personal information)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Public body must retain information it uses to make a decision affecting an individual for at least one year after such use.
Northwest Territories Access to Information and Protection Privacy Act

Section 44 (Duties of public body)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Public body must retain information it uses to make a decision affecting an individual for at least one year after such use.
Nunavut Access to Information and Protection Privacy Act

Section 44 (Duties of public body)

Supplemental Requirement to CIHR Privacy Best Practices:

  • Public body must retain information it uses to make a decision affecting an individual for at least one year after such use.

Return to top

ELEMENT #10 - ENSURING ACCOUNTABILITY AND TRANSPARENCY IN THE MANAGEMENT OF PERSONAL DATA
Part 1- Accountability and Transparency146
Jurisdiction Legislation Privacy Legislation Concordance
Federal Personal Information Protection and Electronic Documents Act

Schedule 1, 4.1 (Accountability)

Schedule 1, 4.8 (Openness)

Privacy Act Sections 10 and 11 (Obligations regarding personal information banks)
British Columbia Personal Information Protection Act

Section 4 (Compliance with the Act)

Section 5 (Policies and Procedures)

Freedom of Information and Protection of Privacy Act

Section 2 (Purposes of this Act)

Section 69(2) and (3) (Personal information directory of ministries)

Section 69(5) (Duty of a ministry to prepare privacy impact assessment)

Section 69(6) (Directory of personal information banks to be maintained by public body that is not a ministry)

Section 70 (Policy manuals to be made available)

Alberta Health Information Act

Section 2 (Purposes of the Act)

Section 62 (Duty to identify responsible affiliate)

Section 63 (Duty to establish or adopt policies and procedures)

Section 64 (Duty to prepare privacy impact assessment)

Section 66(6) (Accountability for information disclosed to an information manager)

Health Information Regulation

Section 8(2) (Designating responsible individual)

Section 8(6) (Custodian responsible for affiliates' compliance)

Personal Information Protection Act

Section 5 (Compliance with Act)

Section 6 (Policies and Procedures)

Freedom of Information and Protection of Privacy Act

Section 2 (Purposes of this Act)

Section 87 (Directory of public bodies)

Section 87.1 (Directory of personal information banks)

Section 88 (Records available without request)

Section 89 (Access to manuals)

Municipal Government Act __
Saskatchewan The Health Information Protection Act

Preamble (Accountability obligations)

Section 9 (Right to be informed)

Freedom of Information and Protection of Privacy Act

Section 64 (Directory to be produced)

Section 65 (Access to manuals)

Local Authority Freedom of Information and Protection of Privacy Act Section 53 (Directory of local authorities including place at which applications for access to records should be made for each)
Manitoba The Personal Health Information Act

Section 2 (Purposes of this Act)

Section 25(5) (Information transferred to information manager for processing deemed to be maintained by the transferring trustee)

Personal Health Information Regulation

Section 2 (Written security policy and procedures)

Section 6 (Orientation and training of employees)

The Freedom of Information and Protection of Privacy Act

Section 2 (Purposes of this Act)

Sections 75(1) and (2) (Directory to be maintained)

Section 75(3) (Obligations regarding personal information bank)

Section 76 (Records to be made available)

Ontario Personal Health Information Protection Act147

Section 10 (Information Practices)

Sections 15 to 17 (Accountability and Openness)

Personal Health Information Protection Act, General Regulation

Sections 6(3) subparagraph 2 (Health information network provider to provide plain language description of services provided and safeguards in place to protect against unauthorized use and disclosure)

Sections 6(3) subparagraph 3 (Information to be made available to the public by health information network provider)

Sections 6(3) subparagraph 4 (Information to be made available to health information custodians)

Sections 6(3) subparagraph 5 (Health information network provider to perform assessment of risks to security and integrity of personal health information in providing services and detailing affect on privacy)

Freedom of Information and Protection of Privacy Act

Sections 31 to 36 (Information to be published or available)

Sections 44 to 46 (Obligations regarding Personal Information Banks)

Municipal Freedom of Information and Protection of Privacy Act

Section 1 (Purposes of this Act)

Section 24 (Publications of information re institutions)

Section 25 (Information available for inspection)

Section 26 (Head shall make annual report)

Section 34 (Obligations re personal information bank index)

Municipal Freedom of Information and Protection of Privacy Act, General Regulation Section 4(2) (Where notice re collection of personal information has not been given, the head shall make available for public inspection a statement describing the purpose of the collection of personal information and the reason that notice has not been given)
Quebec An act respecting the protection of personal information in the private sector Section 17 (Accountability for information disclosed outside Quebec)
An act respecting access to documents held by public bodies and the protection of personal information

Section 67.3 (Register to be kept of every disclosure of personal information)

Section 71 (Personal information files must be established)

Section 76 (Declaration to the Commission required when establishing a file on individual)

Prince Edward Island Freedom of Information and Protection of Privacy Act

Section 2 (Purposes of this Act)

Section 73 (Records available without request)

Nova Scotia Freedom of Information and Protection of Privacy Act

Section 2 (Purposes of this Act)

Section 48 (Directory respecting records of public body)

Municipal Government Act Section 462 (Purpose of this Part)
New Brunswick Protection of Personal Information Act

Schedule A, Principle 1 (Accountability)

Schedule A, Principle 8 (Openness)

Newfoundland and Labrador Access to Information and Protection of Privacy Act148

Section 3 (Purpose)

Section 67(1)(c) (Designation and delegation by the head of public body)

Section 69 (Directory of information)

Yukon Access to Information and Protection of Privacy Act

Section 1(1) (Purpose of the Act)

Section 63 (Information Directory)

Section 64 (Records available without request)

Northwest Territories Access to Information and Protection of Privacy Act

Section 1 (Purpose of this Act)

Section 70 (Directory of public bodies and records)

Section 71 (Policy manuals must be made available to the public)

Section 72 (Records available without request)

Nunavut Access to Information and Protection of Privacy Act

Section 1 (Purpose of this Act)

Section 70 (Directory of public bodies and records)

Section 71 (Policy manuals must be made available to the public)

Section 72 (Records available without request)

Return to top

ELEMENT #10 - ENSURING ACCOUNTABILITY AND TRANSPARENCY IN THE MANAGEMENT OF PERSONAL DATA
Part 2 - Statutory References to Research Ethics Board149
Jurisdiction Legislation Privacy Legislation Concordance
Federal Personal Information Protection and Electronic Documents Act __
Privacy Act __
British Columbia Personal Information Protection Act __
Freedom of Information and Protection of Privacy Act __
Alberta Health Information Act

Section 27(1)(d) (Approval of Ethics Committee)150

Section 50 (Role of Ethics Committee)

Personal Information Protection Act Regulation Section 14(3) (Approval of Research Ethics Review Committee)
Freedom of Information and Protection of Privacy Act __
Municipal Government Act __
Saskatchewan The Health Information Protection Act Section 29(2)(ii) (Approval of research ethics committee)
The Freedom of Information and Protection of Privacy Act __
The Local Authority Freedom of Information and Protection of Privacy Act __
Manitoba The Personal Health Information Act Section 24 (Approval of health information privacy committee and institutional research review committee)
Personal Health Information Regulation Section 8.1 (Functions of health information privacy committee)
The Freedom of Information and Protection of Privacy Act __
Ontario Personal Health Information Protection Act

Section 44(1) (Approval of Research Ethics Board)

Section 44(3) and (4) (Considerations and Decisions of Research Ethics Board)

Freedom of Information and Protection of Privacy Act __
Municipal Freedom of Information and Protection of Privacy Act __
Quebec151 An act respecting the protection of personal information in the private sector __
An act respecting access to documents held by public bodies and the protection of personal information __
Prince Edward Island Freedom of Information and Protection of Privacy Act __
Nova Scotia Freedom of Information and Protection of Privacy Act __
Municipal Government Act __
New Brunswick Protection of Personal Information Act __
Newfoundland and Labrador Access to Information and Protection of Privacy Act152 __
Yukon Access to Information and Protection of Privacy Act __
Northwest Territories Access to Information and Protection of Privacy Act __
Nunavut Access to Information and Protection of Privacy Act __

 


 

97 The Guidelines for protecting privacy and confidentiality in the design, conduct and evaluation of health research- Best Practices, Consultation Draft, April 2004 is accessible on CIHR's web site.

98 Summary reports of feedback received, and an evaluation of the 2004 consultation process, are accessible on CIHR's web site.

99 See CIHR's web site (Secondary Use of Personal Information in Health Research: Case Studies, November 2002).

100 The table is reprinted verbatim from pg. 39 of the Case Studies document except for changes to terms referring to the level of identifiability of data to be consistent with terms defined in Element #2, Box-Definition of terms: Individual identifiability of data, and in the Glossary, in Appendix A-6.

101 Note that the scope of these Privacy Best Practices does not necessarily extend to particular issues of privacy and confidentiality, and related legal requirements, in research that is entirely funded by private industry.

102 CIHR's Grants and Awards Guide, 2005-2006.

103 A search of the CIHR funding database on the search term "qualitative methods" elicited over a hundred CIHR-funded research projects using qualitative methods as of 2004-2005. These CIHR-funded projects were investigations into such areas as public, community and family values, and in some cases involved the community in the development and conduct of the research.

104 Differing amounts of data elements (e.g. age, sex, residence, occupation) will be found in each of these datasets.

105 Developments relevant to research in Aboriginal settings include the current review of TCPS Section 6 (Research Involving Aboriginal Peoples), coordinated by the Interagency Advisory Panel on Research Ethics and including CIHR-led development of guidance on Aboriginal health research.

106 These Tables of Concordance were prepared by Adam Kardash and Antonella Penta at Heenan Blaikie LLP in consultation with the Ethics Office, privacy regulatory authorities and Ministries of Health.

107 The Compendium is accessible on CIHR's web site.

108 The precise application of the Personal Information Protection and Electronic Documents Act ("PIPEDA") to the health care sector has not yet been considered by a court of law. See Industry Canada's "PIPEDA Awareness Raising Tools (PARTs) Initiative for the Health Sector" [ PDF | Help ].

109 Note that the Personal Information Protection Act (Alberta), the Personal Information Protection Act (British Columbia) and An act respecting the protection of personal information in the private sector (Quebec) have each been deemed substantially similar. The provincial health privacy legislation in each of Alberta, Saskatchewan, Manitoba and Ontario have not been deemed substantially similar, although the Governor in Council has proposed to exempt health information custodians subject to the Personal Health Information Protection Act (Ontario) from the application of PIPEDA. Note also that PIPEDA will always apply to federal undertakings (e.g., broadcasting or telecommunications, banks, etc.) and to an organization's transfer of personal information outside the province.

110 Part IV to be proclaimed.

 

111 This table cross references the statutory provisions for collecting only the personal information needed to fulfill the purpose of the collection. As a general rule, consent is required for collection of personal information, which consent must be voluntary and informed. For statutory provisions relating to the elements and form of consent, please refer to the table for Element #4. For the statutory provisions relating to the notice required for voluntary and informed consent, please refer to the table for Element #5.

112 This table also includes provisions dealing with the requirement to collect personal information directly from the person the information is about. Note that there are various exceptions to this requirement which have not been included in this table.

113 Part IV to be proclaimed.

114 Consent is generally required under privacy legislation for the use and disclosure of personal information for any purpose, including research purposes, subject to limited exceptions. This chart sets out the conditions upon which personal information may be used or disclosed for research purposes without consent. Reference should also be made to the statutory requirements for data sharing agreements and data matching/linking detailed in the concordance table for Element #8.

115 Note that the consent exemptions noted only apply for the use and disclosure of personal information for statistical, scholarly study or research purposes. There is no equivalent consent exemption in the statute for collecting personal information for such purposes.

116 The following are prescribed for the purposes of section 45:

  1. Cancer Care Ontario.
  2. Canadian Institute for Health Information.
  3. Institute for Clinical Evaluative Sciences.
  4. Pediatric Oncology Group of Ontario.

117 The following are prescribed registries:

  1. Cardiac Care Network of Ontario in respect of its registry of cardiac services.
  2. INSCYTE (Information System for Cytology etc.) Corporation in respect of CytoBase.
  3. London Health Sciences Centre in respect of the Ontario Joint Replacement Registry.
  4. Canadian Stroke Network in respect of the Canadian Stroke Registry.

118 Conditions relating to security and confidentiality are prescribed by section 10 of Regulation 460.

119 Canadian privacy statutes generally require consent for collection, use and disclosure of personal information for research purposes, subject to exceptions set out in the legislation. This table sets out the form and elements of consent where consent is required for the protection of privacy. See the exceptions to consent requirement for research purposes in table of concordance for Element #3. See also the statutory notice requirements for informed consent in the table of concordance for Element #5. See also the table following this chart for statutory references to consent by substitute decision makers.

120 Section 23 of the Health Information Act (Alberta) states that if a custodian collects health information from an individual using a recording device or camera or any other device that may not be obvious to the individual, the custodian must, before collecting the information, obtain the written consent of the individual to the use of the device or camera.

121 This is often interpreted as requiring express consent.

122 Consent to disclosure of personal information may be in prescribed form 3 and consent to use of personal information may be in prescribed form 4, each of which are set out in the Regulations to the Act.

123 Part IV to be proclaimed.

124 This chart cross references the statutory provisions for substitute consent.

125 Part IV to be proclaimed.

126 This chart sets out the notice/information provision requirements under applicable privacy statutes. For statutory cross reference to other elements of consent, refer to the table of concordance for Element #4. For general notice obligations, refer to the accountability and transparency provisions set out in the table of concordance for Element #10.

127 Part IV to be proclaimed.

128 Consent is generally required under privacy legislation for secondary uses and disclosures of personal information for any purpose, including for contacting a prospective research participant, subject to limited statutory exceptions. Reference should accordingly be made to the concordance table for Element #3 for the conditions where personal information may be disclosed for research purposes without consent. The above chart sets out the specific statutory prohibitions on the use or disclosure of personal information to contact individuals in circumstances where the statute otherwise permits/authorizes the use and disclosure of personal information for research purposes without consent.

129 Note that section 37(1)(g) allows a health information custodian to use the name and contact information of an individual for the purpose of seeking the individual's consent.

130 This table sets out the statutory references to general safeguarding obligations. See also the statutory requirements for data-sharing agreements in table of concordance for Element #8, statutory requirements for disposal and destruction in table of concordance for Element #9, and table of concordance for Element #10 regarding the obligation to develop and implement policies and procedures regarding safeguarding of personal information. In addition, see the following table for Element #7 which sets out the statutory requirement to conduct a privacy impact assessment.

131 Note that public bodies/institutions governed by such legislation may be obligated to comply with governmental security policies or guidelines as a matter of administrative practice.

132 No requirements have been prescribed by regulations as at the date of this publication.

133 The following entities are prescribed for the purposes of section 45 of the Act:

  1. Cancer Care Ontario
  2. Canadian Institute of Health Information
  3. Institute for Clinical Evaluation Sciences
  4. Pediatric Oncology Group of Ontario

134 The following are prescribed registries:

  1. Cardiac Care Network of Ontario in respect of its registry of cardiac services.
  2. INSCYTE (Information System for Cytology etc.) Corporation in respect of CytoBase.
  3. London Health Sciences Centre in respect of the Ontario Joint Replacement Registry.
  4. Canadian Stroke Network in respect of the Canadian Stroke Registry.

135 Part IV to be proclaimed.

136 While Canadian privacy legislation may be silent on the requirement to perform privacy impact assessments or risk vulnerability assessments, as a matter of administrative practice, many public sector entities may by required to perform privacy impact assessments in connection with the design and implementation of programs and/or systems involving the collection, use or disclosure of personal information. A list of privacy impact assessment tools developed by Canadian governmental or regulatory authorities is set out at Schedule A.

137 Part IV to be proclaimed.

138 This table cross references provisions dealing specifically with "data matching" or "data linking". Any data linkage/matching activity involving the use and/or disclosure of personal information requires a consideration of other statutory provisions, including the consent requirements for use and disclosure of personal information for research purposes. See table of concordance for Element #3. Public institutions may also need to consider governmental administrative guidelines/policies on data matching/linkage. See, for instance, the policy of the Treasury Board of Canada Secretariat regarding data matching.

139 Reference should be made to table of concordance for Element #7 which sets out safeguarding provisions, including statutory restrictions on access to personal information.

140 The Health Information Act (Alberta) defines "data matching" as "the creation of individually identifying health information by combining individually identifying or non-identifying health information or other information from 2 or more electronic databases, without the consent of the individuals who are the subjects of the information".

141 Part IV to be proclaimed.

142 This table deals with data sharing agreements entered into specifically for research purposes. Privacy statutes may also contain a requirement to enter into written agreements for other purposes.

143 This table sets out the statutory requirements for the general obligation in privacy legislation with respect to retention and destruction of personal information. Note that retention, return and disposal of records may be addressed in the research agreement entered into between the custodian and researcher, as required under applicable privacy legislation. Note also that under the Food and Drug Regulations - Division 5 - C.05.012 (4) records for clinical trials must be retained for 25 years.

144 See statutory requirements regarding the obligation to have written policies and procedures, including for retention and destruction of personal information, in table of concordance for Element # 7.

145 Part IV to be proclaimed.

146 This table cross references statutory provisions regarding the general accountability and transparency requirements set out in privacy legislation. Privacy legislation also provides individuals with a right of access to their personal information, which this table does not address. Also, privacy legislation may provide that the body/organization must inform the relevant regulatory authority before personal information may be used or disclosed for research purposes. Such requirements have been referenced in the table of concordance for Element #3.

147 Note that the privacy practices and procedures of entities prescribed for the purposes of section 45 and 39(1)(c) of the Act, as well as health data institutes, must be approved by the Information and Privacy Commissioner.

148 Part IV to be Proclaimed

149 This table cross references the statutory provisions to research ethics bodies. Note that while Canadian privacy statutes may be silent with respect to ethics boards or committees, there is a requirement under many public sector statutes for research to be approved by the head or the Minister in charge of the administration of the particular statute. Refer to table of concordance for Element # 3 regarding statutory conditions that research ethics bodies or other approving bodies/persons must consider before allowing the use or disclosure of personal information without consent for research purposes.

150 The following committees and boards are designated as ethics committees by the Health Information Act Designation Regulation:

  • Alberta Cancer Board - Research Ethics Committee;
  • College of Physicians and Surgeons of Alberta - Research Ethics Review Committee;
  • Alberta Heritage Foundation for Medical Research - Community Health Ethics Research Review Committee;
  • University of Alberta - Health Research Ethics Board;
  • University of Calgary - Conjoint Health Research Ethics Board;
  • University of Lethbridge - Human Subject Research Committee.

151 Article 21 of the Quebec Civil Code states that research may be conducted involving minors and incapacitated adults only with the approval and monitoring of an ethics committee. Ethics committees are formed or designated by the Minister of Health and Social Services.

152 Part IV to be Proclaimed.

Date modified: