CIHR Best Practices for Protecting Privacy in Health Research (September 2005)
Cat. No.: MR21-63/2005E-HTML
ISBN: 0-662-41057-2
Table of contents
- Acronyms
- CIHR Privacy Advisory Committee: Recommendations
- Privacy Best Practices: 10 elements in summary form
- How to navigate the document: Areas of special interest
- Introduction
- Privacy Best Practices: 10 elements
- Element #1 - Determining the research objectives and justifying the data needed to fulfill these objectives
- Element #2 - Limiting the collection of personal data
- Element #3 - Determining if consent from individuals is required
- Element #4 - Managing and documenting consent
- Element #5 - Informing prospective research participants about the research
- Element #6 - Recruiting prospective research participants
- Element #7 - Safeguarding personal data
- Element #8 - Controlling access and disclosure of personal data
- Element #9 - Setting reasonable limits on retention of personal data
- Element #10 - Ensuring accountability and transparency in the management of personal data
- Appendices
- References
Acronyms
CIHR | Canadian Institutes of Health Research |
CSA | Canadian Standards Association |
ICH GCP | International Conference on Harmonization of Technical Requirements for Registration of Pharmaceuticals for Human Use- Good Clinical Practice: Consolidated Guideline |
NCEHR | National Council on Ethics in Human Research |
NIH | National Institutes of Health (United States of America) |
NSERC | Natural Sciences and Engineering Research Council of Canada |
PAC | CIHR Privacy Advisory Committee |
PRE | Interagency Advisory Panel on Research Ethics |
REB | Research Ethics Board |
RMGA | Quebec Network of Applied Genetic Medicine |
SSHRC | Social Sciences and Humanities Research Council of Canada |
TCPS | Canadian Institutes of Health Research, Natural Sciences and Engineering Research Council of Canada, Social Sciences and Humanities Research Council of Canada, Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans, 1998 (with 2000, 2002, 2005 amendments) |
U.S. | United States of America |
CIHR Privacy Advisory CommitteeFootnote 1 - Recommendations
Background
Recognizing that one of the key ethical challenges for the health research community is to appropriately protect the privacy of those individuals whose information is used for research purposes, CIHR has promoted and initiated dialogue with the broad health research community on a range of privacy-related matters for many years. In particular, a multi-stakeholder workshop in November 2002 entitled Privacy in Health Research: Sharing Perspectives and Paving the Way Forward resulted in a number of recommendations, including that CIHR initiate the development of privacy best practices and promote the harmonization of privacy laws and policies that impact on health research.
Privacy Advisory Committee
Following on these recommendations, CIHR established a Privacy Advisory Committee (PAC) in 2003 to advise CIHR on the development of privacy best practices for health research, and on strategies for consultation, communication and knowledge translation. The Committee's mandate ends with the public release of the Privacy Best Practices in 2005.
PAC members were drawn from across Canada and include an international advisor. They represent themselves, not their organizations or institutions. Members bring the perspectives of the following interested groups: privacy commissioners, research ethics boards, health researchers, voluntary health organizations, patients/consumers, policy-makers, data providers, law/ethics, Aboriginal communities, and health service providers. Ex-officio members are drawn from key groups involved in developing or implementing research ethics policy/regulations, namely the Interagency Advisory Panel for Research Ethics, the National Council on Ethics in Human Research, Health Canada, and the Social Sciences and Humanities Research Council of Canada. The Natural Sciences and Engineering Research Council of Canada was invited to appoint a member on PAC but preferred to assume a consultative role. PAC members agreed by consensus to have the CIHR Ethics Office chair the Committee in the role of facilitator.
An earlier version of the current document was the subject of public consultations through 2004. The current document was revised based on feedback received.
Recommendations
The following recommendations are intended to promote the effective implementation of these Privacy Best Practices in the health research community and to ensure that these best practices continue to respond to the evolving nature of health research and challenges of privacy protection.
Continuous learning and evaluation
- These Privacy Best Practices must continue to evolve to reflect improved practices and innovative solutions over time, and to reflect and influence ongoing legislative developments. Recognizing that important issues have yet to be addressed (see Key Outstanding Issues), these should be tackled by developing supporting modules with the active engagement of the relevant communities and through targeted research.
- There should be an assessment of the impact that the Best Practices will have over time on research ethics board decision-making and researcher practice. Mechanisms should be put in place to enable this assessment. These mechanisms should include a formal process, such as a CIHR Standing Committee, to assess implementation and the need for improvement of the Best Practices over time. A web tool should be considered for channelling research findings and capturing practical experiences to inform the ongoing evolution of the Best Practices.
Implementation strategy
- These Privacy Best Practices should be revised in two years. With ongoing feedback and evaluation, PAC expects that the Best Practices will be adapted, as necessary, for the purpose of becoming mandatory CIHR funding policy. These Best Practices should also be referred to the Interagency Advisory Panel on Research Ethics with a view to encouraging their eventual application, in revised form, as Tri-Agency funding policy. For this to happen, the social science perspective needs to be strengthened.
Support for implementation
- Underpinning the implementation strategy for these Privacy Best Practices, there should be a strong emphasis on the importance of training and education support for institutions, research ethics boards and researchers. CIHR should consider developing a web-based document as an educational resource.
- In addition, institutions should be encouraged to provide adequate support for the infrastructure needed to implement and operationalize these Best Practices on a systematic basis. PAC recommends that there be a line item in the budget of researchers' grant applications to accurately reflect the increased cost involved in adhering to these Best Practices so as to enhance commitment and feasibility.
Harmonization of oversight framework
- There should be continuing efforts by CIHR to support and influence the federal, provincial and territorial legislative harmonization agenda as well as the development of a national system of research ethics oversight.
Key outstanding issues
- Privacy concerns related to the transnational flow of data need to be addressed. These could include clear interpretive provisions and the development of coherent and reciprocal minimum standards to be included in international data transfer agreements.
- A separate process or initiative should be undertaken to develop a policy framework for the physical collection, use and storage of human biological specimens (in contrast to the personal information that may be derived from those specimens) as these are critically important and complex areas of activity that are having increasing importance in research.
- As one important means of responding to public concerns over potential unauthorized uses of personal information gathered for research, CIHR should consider raising discussion among stakeholders and governments about the desirability and feasibility of introducing in Canada instruments such as the Certificates of Confidentiality issued in the United States to protect sensitive information on research participants from forced disclosure.Footnote 2
Privacy Best Practices - 10 elements in Summary Form
These Privacy Best Practices are intended to provide guidance for the health research community in Canada on the application of fair information principles to research involving personal information, and to assist in the interpretation of the Tri-Council Policy Statement: Ethical Conduct for Research involving Humans (TCPS) by offering additional detail and practicality.
In turn, as these Best Practices evolve in light of practice, they have the potential to inform the ongoing development of the TCPS and relevant laws and policy.
These Privacy Best Practices do not replace existing laws, policies and professional codes of conduct that apply to certain types of personal information, designated organizations and/or specific kinds of activity.
Privacy Best Practices
The Elements are presented in summary in this section to provide a quick reference for the reader. Full descriptions of each Element along with links to selected excerpts from the TCPS are in the main body of this document.
Tables of Concordances are included in the Appendices to supplement key provisions in the Elements with cross-references to related requirements under Canadian privacy legislation. The Tables should be used only as preliminary guidance. The application of the information in the Tables to a particular research project should be determined in consultation with a legal advisor.
Element #1: Determining the research objectives and justifying the data needed to fulfill these objectives
At the outset of the research design process, and as thoroughly as possible given the proposed research method, researchers should:
- identify and document research objectives and questions as a basis for determining what data will be needed;
- anticipate and document research questions related to the primary research objective, which might become relevant after the initial data analyses; and
- anticipate and document likely future uses of the data, including possible collaborations with other researchers or possible commercial uses.
In the case of a database created for general research purposes, researchers should define the scope and purpose in a way that will be meaningful for research ethics boards (REBs) and any prospective research participants, even if the boundaries are at a relatively general level. This is an opportunity to be as open and transparent as possible about the proposed research, and to reassure research participants and REBs that although future research purposes are not specified in detail, data management, storage and use will occur within a defined framework, including review and approval by an REB.
If appropriate, setting up an advisory committee drawn from the scientific community, other relevant areas (such as ethics, policy, or information technology) and those affected by the condition or health event under study, can assist in defining the scope and strategic priorities for a research project in the context of both short and long-term initiatives.
All potential relevant and useful research questions cannot always be foreseen at the outset of a research project. For example, researchers using inductive methods of research may discover an "emergent" research approach through encounters with and in collaboration with research participants. In such research, the development of research questions and procedures is an ongoing process. While planning their research, researchers should attempt to foresee both obvious and emerging issues related to privacy. These should be included in the submission to an REB. Researchers should also document for an REB any amendments to the protocol and consequent privacy protection strategies emerging over the course of the study.
Element #2: Limiting the collection of personal data
Researchers should plan to collect personal data only as necessary for the research. The amount of personal information collected and the level of identifiability and sensitivity of this information should be restricted to what is necessary to achieve the research objectives.
Consider first whether individually identifiable data are needed, or whether non-identifiable data or aggregate data would serve the research objectives (e.g. data on individuals grouped by age or some other meaningful variable).
For research involving secondary use of data for research, if identifiable data are required for the research, direct identifiers should be avoided or concealed, to the extent that is reasonably practical (e.g. as soon as a data linkage has been completed). Data without direct identifiers can be:
- coded to allow a trace-back to individuals, by means of:
- single-coding (the researcher has the key to the code to link the research data back to direct identifiers, which are held separately); or
- double-coding (an increased level of confidentiality protection over single coding because the data holder does not give the researcher the key to re-identify individuals); or
- without a code, if the capacity to trace the research data or results back to individuals is not required for the research purpose.
Even if the direct identifiers in shared data have been removed or coded, consider how to minimize the collection or sharing of potentially identifying data elements.
For inductive data collection, for example where open-ended interview techniques are used, the extent of personal data to be collected may not always be foreseeable in detail at the outset of the interview. In these cases, the ongoing negotiation of consent with research participants is the best way to ensure that the privacy of individuals and the community is being appropriately protected.
Element #3 : Determining whether consent from individuals is required
Voluntary and informed consent from legally competent individuals or authorized third parties is a fundamental principle in research involving humans, and specifically for the use of their personal data.
Under specified circumstances, given a satisfactory rationale by the researcher, an REB may approve the waiver of a consent requirement, or a partial waiver of some elements of a consent requirement. According to TCPS Article 2.1(c), the REB must find and document that:
"(i) The research involves no more than minimal risk to the subjects;
(ii) The waiver or alteration is unlikely to adversely affect the rights and welfare of the subjects;
(iii) The research could not practicably be carried out without the waiver or alteration;
(iv) Whenever possible and appropriate, the subjects will be provided with additional pertinent information after participation; and
(v) The waived or altered consent does not involve a therapeutic intervention."
In addition to REB approval, access to personal data for research without consent will be subject to specific legal requirements in relevant jurisdictions.
When a research objective requires the collection of personal information directly from individuals to whom the data belong and linking to other sources to form a combined file, consent should be sought for both types of data collection at the time of direct contact with prospective research participants.
For secondary use of data for research, an REB should consider the following factors in determining whether a research proposal meets the requirements for waiver of consent:
- necessity of personal data for the research purposes;
- potential harms and benefits of the research;
- inappropriateness or impracticability of consent;
- expectations of individuals;
- views of relevant groups;
- legal requirements; and
- openness (informing the public).
These factors, and the description in the Elements, expand on TCPS Article 2.1(c)(i)- (iii).
An REB may determine that seeking consent from individuals is inappropriate because there is potential harm to individuals from direct contact, or contact with individuals is not permitted under a previous data-sharing agreement, law or policy.
Seeking consent from individuals for the use of their personal data may be considered impracticable when there are difficulties in contacting or notifying individuals for reasons such as:
- the size of the population being researched;
- the proportion of prospective participants likely to have relocated or died since the time the personal information was originally collected; or
- the lack of an existing or continuing relationship between prospective participants and the data holder who would need to contact them (e.g. a patient database that does not have a regular follow-up program to maintain a complete and accurate record of changes in registrants' contact information over time);
such that:
- there is a risk of introducing bias into the research because of the loss of data from segments of the population that cannot be contacted to seek their consent, thereby affecting the validity of results and/or defeating the purpose of the study; or
- the additional financial, material, human, organizational and other resources needed to obtain consent could impose a hardship or burden on the researchers or organization so burdensome that the research could not be done.
Element # 4: Managing and documenting consent
Consent is an ongoing process that begins upon first contact with prospective participants or authorized third parties, and ends only with the conclusion of their participation in the research or use of their information. Participants should understand that their consent is voluntary, to be obtained without manipulation, undue influence or coercion, and can be withdrawn at any time.
Evidence of initial and ongoing consent and the withdrawal of consent should be documented as appropriate for audit and legal purposes.
The majority of research studies use an opt-in consent. Opting-in means that prior to the start of the research or data collection, informed individuals give clear indication that they voluntarily agree to participate in the research.
Presumed consent with an opt-out mechanism should be used only when an REB considers prior opt-in consent to be inappropriate or impracticable. A valid opt-out mechanism means that individuals have the opportunity at some time during the research or data collection process to give a clear indication (in writing or orally) that they do not want to be participants in the research or to have their data used in the research. If individuals do not choose to opt-out of the research, their consent is presumed as long as they were given reasonable notice of the research and meaningful opportunity to opt-out.
Collection of data without direct personal identifiers may be necessary or proposed when the research deals with highly sensitive conditions or activities. In such circumstances, consent should be documented but the identity of research participants should not be linkable to their data or to results of analyses.
The researcher may need information on who does not want to participate in research or who withdraws from research, for example to document who is not to be included in follow-up research activities; and/or to take into consideration relevant characteristics of the population not included in the study, when reporting possible bias in research results. In these circumstances, researchers may obtain information about non-participants or those withdrawing consent only with individuals' consent or the approval of an REB to waive the consent requirement in the particular circumstances.
Participants in qualitative studies are especially vulnerable to unintended identification. For example, in quoting interviewees, biographical details may be revealed that make protecting identities difficult. Therefore, paying attention to the trust relationship between researcher and participant, and obtaining ongoing consent, are very important.
Element #5: Informing prospective research participants about the research
Researchers should provide to prospective participants or to authorized third parties disclosure of all information relevant to voluntary and informed consent.
Information should be communicated to prospective participants in plain language, in oral and/or written form, so that it is easily understood.
The amount of time taken to communicate information to prospective participants should be appropriate to the need, not excessive nor too brief. For example, the information could be layered, with a one-page summary of the research, a short consent form, an appendix with more detailed information and instructions on how to obtain more information.
During the consent process, the researcher should determine whether the participant wishes to be informed of any meaningful research results that specifically relate to them.
Researchers, particularly those in the areas of health services, population and public health, and genetics/genomic research who study whole populations, should strive to communicate with the relevant population and governmental authorities regarding results that are pertinent to the improvement of health and/or the prevention of disease. The population studied should be made aware of possible socio-economic discrimination or group stigmatization as a result of the research results, such as because of perceptions of genetic risks. In the context of genetic research, the population should also be informed of the means taken to minimize the risks.
In the consent process and discussion, researchers using qualitative methods may consider involving participants in the writing and reporting process, depending on the circumstances.
For a hybrid project involving the direct collection of data from individuals and secondary use of data from other sources, the prospective research participant should also be informed of all expected types and sources of personal data to be used, any expected linkages and the expected purposes for which data will be used.
When personal data are to be entered into a database for multiple research uses over an extended period, research participants should also be informed of such things as: expected types of studies, expected data types and purposes, expected commercial uses, data retention period, and the process for overseeing the use and security of data. Participants may also be given the opportunity to provide authorization for future uses, with or without re-contact, including the opportunity to withdraw consent (and any identifying information) in the future. Additional options may include:
- to be re-contacted on a regular (or as needed basis) to seek consent for new research uses of the data, if desired and practicable; and/or
- to not be re-contacted, but to authorize the researchers to use the data only in certain ways in the future (e.g. with or without direct identifiers, coded or in non-identifiable form; or for certain areas of research).
Element #6: Recruiting prospective research participants
The proposed recruitment procedure and materials should be included in the submission for REB approval. The procedure and materials should foster the conditions for voluntary consent, and not exert undue influence on prospective participants to agree to take part in research.
Initial contact with individuals about a research project should be made by someone that individuals would expect to have relevant information about them, or in other ways that do not inappropriately intrude on their life or privacy.
Wherever possible, the researcher should anticipate at the time of the original collection the future uses of personal information for further recruitment purposes, and seek consent from individuals for these purposes.
The REB will need to determine if consent is required for the secondary use of personal information for recruitment purposes. Researchers and REBs should be aware of any legal restrictions on contacting individuals in these circumstances.
When a researcher is making a request for access to data to recruit participants, the preferred option is for the data holder to determine eligibility of individuals for the research on the basis of criteria provided by the researchers, and to make the initial contact to:
- inform eligible individuals about the research so that they can contact the researcher, if interested, or
- to seek consent from individuals to release their nominal information to the researcher who will contact them to inform them about the research.
When the preferred option is impracticable or inappropriate, an REB may consider whether a researcher should be permitted access to minimal personal data only for the purposes of determining eligibility for the research or contacting individuals to invite them to join the study. If it is legally permissible and the REB considers it appropriate, personal information may be released with appropriate confidentiality protection such as a signed confidentiality agreement with access restricted to the data holder's site and use limited to the stated purpose.
Researchers should avoid situations where eligible individuals are not aware, prior to being contacted, of information about themselves that makes them eligible for participation in the research, such as a cancer diagnosis.
Typical scenarios for recruiting participants, including community-based research and genetics research, and preferred approaches are briefly described.
Element #7: Safeguarding personal data
Institutions or organizations where research data are held have a responsibility to establish appropriate institutional security safeguards. Data security safeguards should include organizational, technological and physical measures.
Researchers should take a risk assessment and management approach to protecting research data from loss, corruption, theft or unauthorized disclosure, as appropriate for the sensitivity and identifiability of the data.
REBs should review and approve researchers' proposed measures for safeguarding any personal data to be collected.
Element #8: Controlling access and disclosure of personal data
Data sharing for research purposes - whether of linked or unlinked data sets - is an important way of enabling socially valuable research. It avoids unnecessary duplication of data collection, which reduces the burden on research participants and permits researchers to use limited or scarce resources more productively.
However, once approved by an REB, there should be strict limits on access to data and secure procedures for data linkage, subject to data-sharing agreements.
When personal data are essential to research objectives and questions, researchers need a plan for making public the results of research in ways that do not permit tracing back to individuals if they do not wish their identities to be known.
The most secure way of conducting data linkages requested by external researchers is for the data holder to conduct the linkage and provide linked data sets to the researcher without direct identifiers and at the minimum level of identifiability necessary for the research purpose. If that is not practicable, a trusted third party may conduct the linkage or the researcher may conduct the linkage on the data holder's site. As a last option, a researcher may be permitted to conduct the linkage at a secure site but under strict controls, as specified in a data-sharing agreement. Following the linkage of datasets, the person doing the data linkage should reduce datasets to the lowest level of identifiability needed to accomplish the research objectives.
Data-sharing agreements bind data providers and researchers to their respective responsibilities and obligations for protecting personal data. Data-sharing agreements should set out the terms and conditions under which data providers will allow researchers to access personal data for research purposes.
In assessing the privacy aspects of research, researchers and REBs should also be aware of the possibility that in some instances individuals may want their identities to be known-for example, when individuals want their contribution to research as participants to be recognized, or where they want to help others afflicted with a similar condition. In some qualitative research, individual participants may understand and willingly accept the possibility that their identities may be revealed in the public reporting of research results.
Element #9: Setting reasonable limits on retention of personal data
Personal data should be retained as long as is necessary to fulfill the research purposes. Personal data may then be destroyed or returned to the data provider, if appropriate, as set out in the terms of the original collection, data-sharing agreement, institutional policies, and legal requirements.
Retention periods for personal data should be defined in writing. Researchers should be explicit about what they plan to do with the data they collect and have storage, management and access policies in place.
When personal data are collected in a database to support general health research purposes in the future, personal data may be retained for the general purposes originally consented to, subject to security safeguards proportionate to the identifiability and sensitivity of the data.
Administrative databases such as hospital discharge records and vital statistics registries, which may be used to support health research, may retain personal data over the long-term, provided that this is permitted according to legislation or the mandate of a public body such as a government health department.
Any long-term retention of personal data established for general health research purposes should be subject to periodic audits and effective oversight by independent third parties including REBs.
Element #10: Ensuring accountability and transparency in the management of personal data
Individuals and organizations engaged in health research involving personal data are accountable for the proper conduct of such research in accordance with applicable funding policies, privacy principles and/or legislation. Processes and practices must be clearly established and implemented in order to give meaningful effect to these policies, principles or laws. Proper accountability and transparency practices require adequate resources for such things as communication, education and training relating to privacy.
Roles and responsibilities of all those involved in the conduct and evaluation of research should be clearly defined and understood, including those of researchers, their employing institutions, REBs, any data stewardship committees, Privacy Commissioners and other legally-designated privacy oversight agencies. Their concerted efforts should aim to provide a coherent governance structure for effective and efficient data stewardship.
Recognizing that transparency may enhance public support for, and interest in, socially valuable research, individuals and organizations engaged in the conduct and evaluation of health research should:
- be open to the public with respect to the objectives of the research;
- be open about the policies and practices relating to the protection of personal data used in the research;
- promote ongoing dialogue between the research community and privacy oversight agencies; and
- promote ongoing dialogue between the research community and the community at large (the public).
When a database is created for multiple research purposes, or across multiple sites or jurisdictions, researchers and institutional data holders should promote coordinated and streamlined approaches to the review of privacy and confidentiality concerns, and to data stewardship over the long term.
A centralized data stewardship committee could be put in place to authorize future uses of the database in accordance with the research objectives and, where applicable, within the parameters set by the consent obtained from participants. The responsibilities of this committee could include the review of data access requests; long-term management of the database; coordination of reviews by local REBs (e.g. by means of agreements between REBs, institutions and researchers, as appropriate); and provision of information to the public (e.g. on a web site).
How to navigate the document: Areas of special interest*
Areas of special interest | Element #. section #. subsection # | TCPS excerpts at end of element # |
Type of project | ||
Single research project | 1.1, 9.1.1 | |
Database created for long-term research use | 1.2, 5.7, 9.1.2 | |
Qualitative (e.g. inductive analysis) | 1.4, 2.4, 4.3, 5.4, 8.4.1 | Element #3 |
Genetics/Genomics | 2.2, 3.5, 5.3, 6.3.3 | Element #5, 8 |
Data collection (sources) | ||
Individuals (legally competent) | 2.2, 3.1, 4.1, 5.3.1, 5.5, 6.1.1, 6.2, 6.3 | Element #5 |
Individuals not legally competent | Element #3 | |
Children | Element #3 | |
From individuals and secondary use or disclosure |
3.2, 5.6 | |
Communities | 3.3.5, 5.3.2, 6.3.2 | |
Secondary use or disclosure | 2.3, 3.3, 6.1, 8.1 | Element #2, 3, 5, 6 |
Data linkage | 2-Summary guide (b), 8.2 | Element #8 |
Real world case studies | Appendix A-3 | |
Examples of studies recruiting individuals or communities | Appendix A-4 Table 1 | |
Examples of databases with research potential, in diverse settings | Appendix A-4 Table 2 | |
Additional stewardship, oversight | ||
Advisory committee on research priorities |
1.3 | |
Data stewardship committee | 10.2.4 | |
Legal requirements | ||
Tables of concordance with privacy legislation | Appendix A-7 |
* based on feedback during 2004 consultations on draft CIHR privacy best practice guidelines.
Introduction
CIHR's Mandate
The Canadian Institutes of Health Research (CIHR) is Canada's main federal funding agency for health research. CIHR's mandate is to invest in research that has the potential to lead to improved healthFootnote 3 for Canadians, more effective health services and products, and a strengthened Canadian health care system. CIHR-funded health research must also meet the highest standards of scientific excellence and ethics.
In the area of ethics, one of the key challenges for the health research community is to protect the privacy of individuals and the confidentiality of personal information, at a time of great change in research. For example, technological advances in information technology and the advance of genetic research are challenging existing standards and mechanisms for privacy protection. Also, the sheer number, diversity and complexity of new privacy laws and policies within and beyond Canada's borders are increasing the practical challenges faced by researchers, particularly for those conducting studies across jurisdictions. And, while there are increasing demands for privacy protection in health research, there is also clear recognition that health research plays a critical role in improving the health of Canadians and supporting an evidence-based health care system.
Goals
These Best Practices are intended to be innovative approaches to the challenge of protecting the privacy of individuals and the confidentiality of personal information in the context of health research. These Best Practices are meant to:
- provide guidance for health researchers in the design and conduct of health research involving personal information;
- be a resource for research ethics boards and institutions to consult when reviewing and evaluating health research involving personal information; and
- through the uptake and application of these Best Practices in the development of privacy laws or policies across Canada, contribute toward a more coherent and harmonized framework for addressing privacy and confidentiality issues in health research.
Statement of values
These Best Practices primarily reflect the values articulated in two foundational documents: the Tri-Council Policy Statement: Ethical Conduct for Research involving Humans (TCPS), Canada's national ethics guidelines for research funded by the three main federal funding agencies, and internationally accepted fair information principles codified by the Canadian Standards Association.
Tri-Council Policy Statement (TCPS)
The Best Practices are firmly embedded in CIHR's ongoing commitment to support TCPS.Footnote 4 Compliance with TCPS is mandatory for all research funded through the three main federal research funding agencies: Canadian Institutes of Health Research (formerly Medical Research Council of Canada), Natural Sciences and Engineering Research Council of Canada (NSERC) and Social Sciences and Humanities Research Council of Canada (SSHRC). Research ethics boards (REBs) also use the TCPS as guidance in the review of research funded through other sources.
The broad ethical framework of the TCPS is based on recognition of the need for and social value of research, along with moral imperatives to respect human dignity, ethical guiding principles and the law.Footnote 5 Ethical guiding principles for research include respect for privacy and confidentiality, among the following fundamental and interrelated ethical guiding principles in the TCPS:
Respect for human dignity
Respect for justice and inclusiveness
Respect for free and informed consent
Balancing harms and benefits
Respect for vulnerable persons
Respect for privacy and confidentiality
Minimizing harm
Maximizing benefitFootnote 6
The TCPS acknowledges privacy as a fundamental value, and dignity and autonomy of individuals as the ethical basis of respect for the privacy of research subjects. These national research ethics guidelines also recognize that the right to privacy is not absolute and that compelling and specifically identified public interests may justify an infringement of that right, specifically the requirement to obtain consent before collecting, using or disclosing personal information.Footnote 7
Fair information principles
These Best Practices are also grounded in internationally recognized fair information principles, which are at the heart of Canadian privacy legislation and form the basis of the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information.Footnote 8 These ten core principles are:
- Accountability - An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.
- Identifying Purposes -The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
- Consent - The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.
- Limiting Collection - The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
- Limiting Use, Disclosure, and Retention - Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
- Accuracy - Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
- Safeguards - Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- Openness - An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- Individual Access - Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Challenging Compliance - An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.
The CSA Code was not designed specifically for the research context. Thus, these Best Practices are intended to provide guidance on the application of these fair information principles to health research.
Scope of application
Voluntary guidance in the Canadian context
These Best Practices are intended as voluntary guidance for the health research community in Canada. They are based on and are consistent with the TCPS, and they are designed to assist in the interpretation of the TCPS by offering additional detail and practicality. In turn, as these Best Practices evolve in light of practice, they have the potential to inform the ongoing development of the TCPS and relevant laws and policy.
Applicable legislation and policy
These Privacy Best Practices do not replace existing laws, policies and professional codes of conduct that apply to certain types of personal information, designated organizations and/or specific kinds of activity. Researchers, REBs and institutions should be aware of, and continue to comply with, the relevant laws, policies and codes, including the TCPS, that govern research activities in their respective jurisdictions. In the case of multi-centre research crossing provincial, territorial or even national borders, several privacy laws and policies may have to be considered and complied with.
To help health researchers, REBs and others navigate the sea of privacy laws and policies, a series of tables are included in the Appendix highlighting existing requirements relating to privacy in selected legislation.
Health research
Consistent with CIHR's mandate, these Privacy Best Practices are intended to be a resource primarily for the health research community, and are relevant to health research that requires ethics review under the TCPS.Footnote 9
Health research is interdependent on a range of knowledge-generating activities that are generally perceived to be outside the boundaries of research, but which are related to the improvement of health and health services. These "non-research" activities, such as public health surveillance, health service management, and program quality assurance and improvement, are beyond the manageable scope of the present document. In the future, however, these Best Practices could potentially serve as models for best practices in these related areas, with the necessary adaptations.
Personal information
These Best Practices cover identifiable personal information. Identifiable personal information may contain a direct link to a specific individual (e.g. name and street address, personal health number, etc.) or any element or a combination of elements that allows indirect identification of an individual (e.g. if birth date combined with postal code and other personal information on the record such as ethnicity could lead to the identification of an individual).
The TCPS definition of identifiable personal information covers a wide range of personal information that may be used in the conduct of research.Footnote 10 For example, health researchers may need information about such things as a person's clinical history and use of health care services, but also about broad determinants of health, such as a person's education, employment, and income level.
The scope of personal information covered in these Privacy Best Practices includes personal information derived from blood and other human biological materials (e.g. information such as blood type, DNA code and the presence or absence of disease), but not the materials themselves. The privacy issues related to the banking, storage and use of those biological materials are beyond the scope of this document.
Commitment to continuous learning and review
These Privacy Best Practices are expected to evolve over time in response to changes in the circumstances of research and as new best practices emerge. One of the valuable ways in which researchers, REBs and institutions can assist the evolution of this document is by bringing to the attention of the CIHR Ethics Office lessons learned through the application of these Best Practices and suggesting areas for further development.
Emailed feedback can be sent to the CIHR Ethics Office at ethics-ethique@cihr-irsc.gc.ca.
Privacy Best Practices: 10 Elements
How to read these elements
These Best Practices are organized into a series of elements that should be considered in the design, conduct and evaluation of health research to address privacy and confidentiality concerns. These elements are not meant to represent a step-by-step process, since many of the elements are interdependent.
As noted in the Introduction, the TCPS and the laws of Canada are the minimum standard for protecting privacy and confidentiality in health research. To indicate the links between these Best Practices and the TCPS, and as another vehicle for promoting wider knowledge of that national Policy Statement, excerpts from TCPS are provided at the end of most Element sections. These are relatively short excerpts and do not include all text related to a particular topic. Readers are encouraged to use these excerpts merely as guides toward a more comprehensive review of the TCPS.Footnote 11
In addition, concordance tables of selected privacy legislation are presented in the Appendix, organized by the corresponding Best Practice Element and by jurisdiction. These concordance tables are intended to supplement the Best Practices and should only be used as preliminary guidance. The application of the legal provisions in the tables to a particular research project must be determined in consultation with a legal advisor. In addition, any health professional belonging to a regulatory college has the responsibility of complying with that college's code of ethics.
In addition to the TCPS and applicable laws, CIHR-funded researchers conducting clinical trials intended for use in seeking regulatory approval for pharmaceuticals must review and be in compliance with the Food and Drug Regulations- Division 5 Drugs for clinical trials involving human subjects, the ICHFootnote 12 Guidance E6: Good Clinical Practice: Consolidated Guideline (ICH GCP), and other Health Canada guidance.Footnote 13
Please note the distinction made in these Elements between a "research participant" and "data subject". In the Best Practices, a research participant is an individual who consents to participation in research and who is the subject of personal data or information collected for research. A data subject is an individual who is the subject of personal data/information collected for research purposes, but who has not been directly approached to provide consent.
Element #1: Determining the research objectives and justifying the data needed to fulfill these objectives
General statement
At the outset of the research design process, and as thoroughly as possible given the proposed research method, researchers should:
- identify and document research objectives and questions as a basis for determining what data will be needed;
- anticipate and document research questions related to the primary research objective, which might become relevant after the initial data analyses; and
- anticipate and document likely future uses of the data, including possible collaborations with other researchers or possible commercial uses.
1.1 Research study
For each research study, researchers should identify and document the specific research objectives and related research questions.
Researchers should also describe and justify the data needed to fulfill the research objectives and to answer any related research questions.
Example:
Research study: Impact of ethnic group membership and age on health |
Study objectives: To examine and compare the health status, health care, and social involvement of distinct ethnic groups living in [region X of province Y], to inform policy development by community organizations and governments. Research questions: (examples) What is the association between health status, experience of health care and ethnicity? What are the impacts of personal support networks and activity level on health status and perceived well-being? Personal data needed and justification: Demographics (date of birth, gender, ethnicity...): Needed to make between-group comparisons on health variables by ethnicity, and between- and within-group comparisons by other demographic variables. Physical health and sense of well-being/Use of health services: Needed to investigate and compare health status and perceived health status by health care-related knowledge, behaviours, attitudes and use. Meaning of health and of aging: Needed to explore the meanings of health and illness and the cultural context of aging in the ethnic community. Family and friends/Social activities: Needed to investigate the impact of family structure and interaction and environmental factors on measures of health and well-being. |
1.2 Creation of a database for general research purposes
Define the scope and purpose of the database in a way that will be meaningful for REBs and any prospective research participants, even if the boundaries are at a relatively general level.
Even though all of the research studies that may use data from this database cannot be anticipated or explained in detail at the time the database is being created, try to describe the types of studies that could be undertaken.
In addition to the scope and purpose, describe what the database will not be used for. This is an opportunity to be as open and transparent as possible about the proposed research, and to reassure research participants and REBs that although future research purposes are not specified in detail, data management, storage and use will occur within a defined framework, including review and approval by an REB.
Describe the general types of personal data that are necessary for these general research objectives (e.g. diagnoses, risk factors, outcomes). Include data that are expected to be collected over the lifespan of the database, particularly if there will be multiple data collection periods per participant, or data that will be requested from secondary sources. Be as specific as possible.
Example:
Research database on disease X |
Research objectives:
Types of research questions (examples):
|
Types of personal data to be collected over multiple collection periods | Research justification |
Name, address, telephone number | Contact information to follow-up with participants for further data collection |
Demographic information | Assess other variables by demographics of the population |
Family history | Disease X is known to have an inherited basis |
Diet, reproductive factors, physical activity, anthropometric measures, education, income, gender | Assess risk factors for disease X |
Medical conditions, medication use | Assess impact of other existing conditions on disease X and effectiveness of medications. |
Limits on data uses (examples): |
1.3 Advisory committee for defining the scope and strategic priorities of the research
If appropriate, setting up an advisory committee drawn from the scientific community, other relevant areas (such as ethics, policy, or information technology) and those affected by the condition or health event under study, can assist in defining the scope and strategic priorities for a research project in the context of both short and long-term initiatives.
Data stewardship tasks could be addressed by this advisory committee or by another body, as described in Element #10, 10.4.
Example:
Multi-year family-centered study on childhood condition X |
Research objectives
|
Setting the scope of research
|
1.4 Qualitative research using inductive data collection and analysis
It is important to recognize that all potential relevant and useful research questions cannot always be foreseen at the outset of a research project. For example, researchers using inductive methods of research may discover an "emergent" research approach through encounters with and in collaboration with research participants. In such research, the development of research questions and procedures is an ongoing process. For example, open-ended interviewing often goes down avenues not anticipated leading to new questions and new approaches.
The wide range of methods in inductive approaches makes it difficult to document detailed and specific strategies for protection of privacy. Therefore, while planning their research, researchers should attempt to foresee both obvious and emerging issues related to privacy. These should be included in the submission to a research ethics board.
Researchers should also document for a research ethics board any amendments to the protocol and consequent privacy protection strategies emerging over the course of the study. For relatively junior researchers, mentorship can be especially helpful for ensuring adherence to REB requirements.
LINK TO TRI-COUNCIL POLICY STATEMENT: [Informing prospective participants of purposes] Article 2.4 "... researchers or their qualified designated representatives shall provide prospective subjects with the following: ... (b) ..."A comprehensible statement of the research purpose..." (pg. 2.5) [Informing REBs of purposes] Article 3.2 "...researchers shall secure REB approval for obtaining identifiable personal information about subjects. Approval for such research shall include such considerations as: (a) The type of data to be collected; (b) The purpose for which the data will be used;..." (pg. 3.3) |
Element #2: Limiting the collection of personal data
General statement
Researchers should plan to collect personal data only as necessary for the research. The amount of personal information collected and the level of identifiability and sensitivity of this information should be restricted to what is necessary to achieve the research objectives.Footnote 15
2.1. Personal data: Identifiability and sensitivity
2.1.1 Identifiability
Limiting data identifiability means minimizing as much as possible, the collection of:
- direct identifiers (e.g. name, street address) and
- other data items that could potentially be used to identify an individual.
Data identifiability can be characterized as being on a continuum, in which the division between degrees of "identifiability" are not always clear-cut. Even a dataset without direct identifiers may present a risk of indirectly identifying data subjects if the dataset contains sufficient information about the individuals concerned.
For example, data items that may increase the likelihood of an individual's identity being inadvertently revealed include:
- geographic location (e.g. location of residence, location of health event),
- named facilities and service providers,
- dates (e.g. date of an automobile accident),
- uncommon characteristics of the individual (e.g. a rare health condition or occupation), or
- highly visible characteristics of the individual (e.g. ethnicity in certain locales).
These types of data items, if needed for the research, should be collected at a minimum level of detail consistent with the research objectives.
2.1.2 Sensitivity
The sensitivity of personal data is related to the potential for harm or stigma that might attach to the identification of an individual because of the nature of the information.Footnote 16 The type of information that an individual may consider sensitive could relate to:
- sexual attitudes, practices and orientation;
- use of alcohol, drugs, or other addictive substances;
- illegal activities;
- suicide; sexual abuse;
- sexual harassment;
- an individual's psychological well-being or mental health;
- some types of genetic information (e.g. information that predicts future illness or disability and raises concerns around future employability or insurability); and
- any other information that, if released, might lead to social stigmatization or discrimination.
Researchers should also be aware of information that communities may consider sensitive because, for example, of its potential to stigmatize a community.
2.2 Collection from individuals
2.2.1 Consider first whether individually identifiable data are needed, or whether non-identifiable data or aggregate data would serve the research objectives (e.g. data on individuals grouped by age or some other meaningful variable).
2.2.2 If identifiable data are needed to meet the research objectives, determine the minimum level of identifiability that will be needed.
Does the researcher need to do any or all of the following:
- Contact the research participant for follow-up data collection?
- Provide data, with consent, to a health care provider to ensure clinical monitoring of the participant?
- Return individual results to the participant?
- Conduct data linkage with a high degree of accuracy?
If yes, the researcher will likely propose the collection of direct identifiers.
If these are not requirements of the research, the researcher should not collect direct identifiers. However, other potentially identifying elements may be needed to answer the research questions and for other data management reasons, such as to check for duplicate records. The lowest level of identifiability of these other data items should be used, consistent with the research objectives.
Examples of reducing personal detail in specific data items collected:
Personal Details |
Most Identifiable |
Subject name
Age
Facilities and service providers
|
Location of residence
Census area
|
2.3 Secondary use
2.3.1 As in 2.2.1, consider whether aggregate data on groups of individuals would serve the research objective. If not, consider whether non-identifiable data relating to individuals would serve the purpose.
2.3.2. Removal or coding of direct identifiersIf identifiable data are required for the research purpose, direct identifiers should be avoided or concealed to the extent that is reasonably practical (e.g. as soon as a data linkage has been completed). Data without direct identifiers can be:
- coded to allow a trace-back to individuals, by means of:
- single-coding (the researcher has the key to the code to link the research data back to direct identifiers, which are held separately); or
- double-coding (an increased level of confidentiality protection over single coding because the data holder does not give the researcher the key to re-identify individuals); or
- without a code, if the capacity to trace the research data or results back to individuals is not required for the research purpose.
Even if the direct identifiers in shared data have been removed or coded, consider how to minimize the collection or sharing of potentially identifying data elements.
2.4 Inductive data collection
For inductive data collection, for example where open-ended interview techniques are used, the extent of personal data to be collected may not always be foreseeable in detail at the outset of the interview. In these cases, the ongoing negotiation of consent with research participants is the best way to ensure that the privacy of individuals and the community is being appropriately protected.
Definition of terms: Individual identifiability of data
Levels of data identifiability by capacity to identity or re-identify individuals In rank order from most to least identifiable |
1) Directly identifiable: The data contains direct identifiers of an individual (e.g. name, address, health number). 2) Coded:
3) Not directly identifiable and not coded: Direct identifiers were never collected or have been deleted, and there is no code linking the data back to the individual's identity. 4) Non-identifiable: Any element or combination of elements that allows direct or indirect identification of an individual was never collected or has been removed, although some elements may indirectly identify a group or region. There is no code linking the data back to the individual's identity. |
Summary guide: Levels of data identifiability needed for research-related purposes
Research-related purposes |
Specific examples |
Data requested for these purposes when: |
|
Collecting data directly from individuals: |
Requesting data for secondary use: |
||
a) Contact individuals | Recruit individuals for a research project | Direct identifiers | Coded (Single coding is a more efficient mechanism for linking back to individuals than double-coding. Linking back becomes increasingly difficult for investigators who receive double or multiple-coded data, and therefore do not have the key to the code.) |
Contact the participant for follow-up data collection | |||
Provide data, with consent, to health care provider for clinical monitoring of the participant | |||
Return individual results to the participant | |||
b) Data linkageFootnote 17 | Conduct a data linkage with a high degree of accuracy | Preferred: Direct identifiers (e.g. name and street address; or personal health number)Footnote 18 | Preferred: Data holder conducts linkage and provides to researcher the linked dataset without direct identifiers. Data to be provided at the lowest level of identifiability needed, consistent with the research objectives. |
Conduct a data linkage with a measurable degree of accuracy sufficient for the particular research | Direct identifiers or potentially identifying data items (e.g. date of birth, initials, 3-character or full postal code, gender, specific health data) | ||
c) Data accuracy check | Eliminate duplicate records | Direct identifiers or potentially identifying data items | Coded data so that the data holder (preferred) or researcher can use the key to check direct identifiers for duplication |
d) No contact with individuals and no data linkage needed | No direct identifiers need to be collected. | No direct identifiers. Data to be provided at the lowest level of identifiability needed, consistent with the research objectives. |
LINK TO TRI-COUNCIL POLICY STATEMENT: [REB approval of type of data] Article 3.2 "..researchers shall secure REB approval for obtaining identifiable personal information about subjects. Approval for such research shall include such considerations as: (a) the type of data to be collected..." (pg. 3.3) [Secondary use of data] Article 3.3 "If identifying information is involved, REB approval shall be sought for secondary uses of data. Researchers may gain access to identifying information if they have demonstrated to the satisfaction of the REB that: (a) identifying information is essential to the research..." (pg. 3.5) Article 3.3 Explanatory text: "Databases can vary greatly in the degree to which personal information is identifiable. A proportionate approach should be applied by the REB to evaluate the sensitivity of the information in the database and to modulate its requirements accordingly. If it is impossible to identify individuals whose records exist within a database, then researchers should be allowed access to that database. The REB must carefully appraise the possibility of identification, in particular with regard to the extent of the harm of stigma that might be attached to identification. The REB and the researcher should also be aware of legal provisions that affect the database(s) to be used in the research. REBs and researchers should also be sensitive to the context in which the database was created, such as a confidential relationship, as well as to the expectations of the groups or individuals at the time of the collection of the data with regard to its use, retention and disclosure. When it is unclear as to whether information is to be regarded as personal, researchers should consult their REBs. Confidential information collected in this manner should normally not be transmitted to authorities, unless required by law, the courts or similar legally constituted bodies." (pg. 3.5) |
Element #3 : Determining whether consent from individuals is required
General statement
Voluntary and informed consent from legally competent individuals or authorized third parties is a fundamental principle in research involving humans, and specifically for the use of their personal data.Footnote 19
Under specified circumstances, given a satisfactory rationale by the researcher, an REB may approve the waiver of a consent requirement, or a partial waiver of some elements of a consent requirement. According to TCPS Article 2.1(c), the REB must find and document that: "(i)The research involves no more than minimal riskFootnote 20 to the subjects; (ii) The waiver or alteration is unlikely to adversely affect the rights and welfare of the subjects; (iii) The research could not practicably be carried out without the waiver or alteration; (iv) Whenever possible and appropriate, the subjects will be provided with additional pertinent information after participation; and (v) The waived or altered consent does not involve a therapeutic intervention."
In addition to REB approval, disclosure of personal data for research without consent will be subject to other specific legal requirements in relevant jurisdictions.Footnote 21
3.1 Collection from individuals
The requirement for consent from participants applies to research involving:
- Collection of personal (including genetic) information from persons (e.g. in face-to-face meetings, by mail, telephone or email).
- Procedures to screen for, prevent or treat disease.
- Medical examinations.
- Clinical trials of new drugs or other health care products.Footnote 22
When a research objective requires the collection of personal information directly from individuals to whom the data belong and subsequent linking to other sources to form a combined file, consent should be sought for both types of data collection at the time of direct contact with prospective research participants.
If the secondary use involves identifying individuals eligible to be invited into a study, the procedures under Element #6 are applicable. As described in Element #6, the preferred practice is for a data holder to assess the eligibility of individuals for a particular research project (e.g. on the basis of criteria provided by the researcher). The data holder would then make the initial contact with individuals to seek their permission for disclosure of contact information to a researcher or to inform them as to how to contact a researcher. An REB will need to determine if consent is required for this secondary use of data and for the contacting of individuals.
3.3 Secondary use
When personal data are to be collected from sources other than the individuals to whom the data relate, consent should be obtained from those individuals unless an REB determines that a waiver of consent is appropriate in the specified circumstances. These circumstances should include that a waiver of the consent requirement is permitted by lawFootnote 23
For secondary use of data for research, an REB should consider the factors set out in the following table in determining whether a research proposal meets the requirements for waiver of consent. These factors, and their description in the table, expand on TCPS Article 2.1(c)(i)- (iii).
Factors to consider in determining whether a research proposal meets the requirement for waiver of consent | ||
Factor | Explanation | |
3.3.1 | Necessity of the personal data | Personal data, in the proposed amount and at the proposed level of identifiability and sensitivity, are necessary to fulfill the research objectives. (See Element #2) |
3.3.2 | Harm-benefit analysis, where (1) the risk of harm is minimal, and (2) potential benefits of the research to the public and individuals outweigh any potential harm to research participants or data subjects |
1) The research should present minimal risk of harm to individuals and, if appropriate, particular groups or communities. In assessing potential harm, REBs should consider:
2) Potential benefits of the research to individuals, groups, communities or the public outweigh potential harms. Where there is only minimal risk of harm, the REB need only ensure that there is public interest or other merit in the proposed research (e.g. as determined by a peer-review committee).Footnote 27 |
3.3.3 | A consent requirement being (1) inappropriate or (2) impracticableFootnote 28 |
1) Seeking consent from individuals may be considered inappropriate because:
2) Seeking consent from individuals for the use of their personal data may be considered impracticableFootnote 30 when there are difficulties in contacting or notifying individuals for reasons such as:
such that:
|
3.3.4 | Expectations of individuals | In general, the expectations of a reasonable person in the circumstances should be taken into account (considering, for example, the nature of the research, the type of data to be collected and the context in which the data were originally collected). If individuals have previously objected to the secondary use of their data for research or to the use of their contact information, their directions should be respected. |
3.3.5 | Views of relevant groups |
Privacy concerns may extend beyond the individual to include well-defined groups or communities, e.g. remote communities and Aboriginal peoples.Footnote 31 Also, genetic information about individuals is more than personal information-it may also be intimate information about those who share a common genetic lineage--family members, other relatives and, in some cases, well-defined communities.Footnote 32 The REB may require that efforts be made to consult with family groups, Aboriginal peoples, community representatives, consumer associations, and/or special populations such as the homeless or under-housed, as appropriate, to address possible concerns of affected individuals and communities. These concerns may relate to the design and scope of the research, the recruitment of individuals, and the analysis and disseminations of results of research. This consultation process will be a high priority when dealing with controversial issues and/or individuals, groups or communities in vulnerable circumstances. |
3.3.6 | Legal requirements |
In addition to REB approval, access to personal data for research without consent will be subject to specific legal requirements in relevant jurisdictions. For example, some jurisdictions require some or all of the following:
|
3.3.7 | Openness: Informing the public | In the spirit of openness, the researcher should have an appropriate strategy for informing the general public about the research.Footnote 36 |
LINK TO TRI-COUNCIL POLICY STATEMENT: [Requirements for consent] Article 2.1 "(a) Research governed by this Policy... may begin only if (1) prospective subjects, or authorized third parties, have been given the opportunity to give free and informed consent about participation... (c) the REB may approve a consent procedure which does not include, or which alters, some of all of the elements of informed consent... or waive the requirement to obtain informed consent, provided that the REB finds and documents that: (i) The research involves no more than minimal risk to the subjects; (ii) The waiver or alteration is unlikely to adversely affect the rights and welfare of the subjects; (iii) The research could not practicably be carried out without the waiver or alteration; (iv) Whenever possible and appropriate, the subjects will be provided with additional pertinent information after participation; and (v) The waived or altered consent does not involve a therapeutic intervention." (pg. 2.1) [Randomized clinical trials] Article 2.1 "... (d) In studies including randomization and blinding in clinical trials, neither the research subjects nor those responsible for their care know which treatment the subjects are receiving before the project commences. Such research is not regarded as a waiver or alteration of the requirements for consent if subjects are informed of the probability of being randomly assigned to one arm of the study or another." (pg. 2.1) [Naturalistic observation] Article 2.3 "REB review is normally required for research involving naturalistic observation. However, research involving observation of participants in, for example, political rallies, demonstrations or public meetings should not require REB review since it can be expected that the participants are seeking public visibility." Explanatory text: "Naturalistic observation is used to study behaviour in a natural environment. Because knowledge of the research can be expected to infiuence behaviour, naturalistic observations generally implies that the subjects do not know that they are being observed, and hence cannot have given their free and informed consent...In considering research involving naturalistic observation, researchers and REBs should pay close attention to the ethical implications of such factors as: the nature of the activities to be observed; the environment in which the activities are to be observed (in particular, whether it is to be staged for the purposes of the research); and the means of recording the observations (in particular, if the records will allow subsequent identification of the subjects). Naturalistic observation that does not allow for the identification of the subjects, and that is not staged, should normally be regarded as of minimal risk..." (pg. 2.5) [Legal competence] "Competence refers to the ability of prospective subjects to give informed consent in accord with their own fundamental values. It involves the ability to understand the information presented, to appreciate the potential consequences of a decision, and to provide free and informed consent.It does not require prospective subjects to have the capacity to make every kind of decision. It requires that they be competent to make an informed decision about participation in particular research.The law on competence varies between jurisdictions. Researchers must comply with all applicable legislative requirements. Ethical consideration around research involving those who are not competent to give a free and informed consent on their own behalf must seek to balance (1) the vulnerability that arises from their incompetence with (2) the injustice that would arise from their exclusion from the benefits of research..." (pg. 2.9) Article 2.5 "Subject to applicable legal requirements, individuals who are not legally competent shall be asked to become research subjects only when: (a) The research question can only be addressed using individuals within the identified group(s); and (b) Free and informed consent will be sought from their authorized representative(s); and (c) The research does not expose them to more than minimal risks without the potential for direct benefits for them." (pg 2.9) Article 2.6 "For research involving incompetent individuals, the REB shall ensure that, as a minimum, the following conditions are met: (a) The researcher shall show that free and informed consent will be sought from the authorized third party, and how the subjects' best interests will be protected. (b) The authorized third party may not be the researcher or any other member of the research team. (c) The continued free and informed consent of an appropriately authorized third party will be required to continue the participation of a legally incompetent subject in research, so long as the subject remains incompetent. (d) When a subject who was entered into a research project through third-party authorization becomes competent during the project, his or her informed consent shall be sought as a condition of continuing participation." (pg. 2.10) Article 2.7 "Where free and informed consent has been obtained from an authorized third party, and in those circumstances where the legally incompetent individual understands the nature and consequences of the research, the researcher shall seek to ascertain the wishes of the individual concerning participation. The potential subject's dissent will preclude his or her participation." (pg. 2.10) [Research with children] "..the notion of harm applied to children should be understood differently from harm in adults. Harm induced in children may have longer-term consequences to their growth and development. Furthermore, harms and benefits for children with chronic disabilities and terminal illnesses require special consideration. Every researcher working with child subjects must consider the possibility of the children suffering pain, anxiety or injury, and must develop and implement suitable precautions and ameliorating measures. Cumulative physical, moral, psychological and social consequences (relevant to pain, anxiety and injury) should be reviewed by REBs when assessing the probability, magnitude and character of any harmful impact the research may have on the child." (pg 2.10) [Secondary use of data] Article 3.3 "If identifying information is involved, REB approval shall be sought for secondary uses of data. Researchers may gain access to identifying information if they have demonstrated to the satisfaction of the REB that: (a) identifying information is essential to the research;(b) They will take appropriate measures to protect the privacy of the individuals, to ensure the confidentiality of the data, and to minimize harms to subjects; and (c) Individuals to whom the data refer have not objected to secondary use." (pg. 3.5) Article 3.4 "The REB may also require that a researcher's access to secondary use of data involving identifying information be dependent on (a) The informed consent of those who contributed data or of authorized third parties; or (b) An appropriate strategy for informing the subjects; or (c) Consultation with representatives of those who contributed data." (pg. 3.5) |
Element #4: Managing and documenting consent
General statement
Consent is an ongoing process that begins upon first contact with prospective participants or authorized third parties, and ends only with the conclusion of their participation in the research or the use of their information. Participants should understand that their consent is voluntary, to be obtained without manipulation, undue influence or coercion, and can be withdrawn at any time.Footnote 37
Evidence of initial and ongoing consent and the withdrawal of consent should be documented as appropriate for audit and legal purposes.
4.1 Forms of consent
4.1.1 Opt-in consent
The majority of research studies use an opt-in consent. Opting-in means that prior to the start of the research or data collection, informed individuals give clear indication that they voluntarily agree to participate in the research.
Opt-in consent can be indicated in writing (e.g. by signing a consent form), orally (e.g. in a face-to-face or telephone encounter with the researcher) or by conduct (e.g. by filling out and returning a questionnaire received by mail). Consent is only voluntary if it can be withdrawn at any time.Footnote 38
4.1.2 Presumed consent with opt-out
Presumed consent with an opt-out mechanism should be used only when an REB considers prior opt-in consent to be inappropriate or impracticable.
A valid opt-out mechanism means that individuals have the opportunity at some time during the research or data collection process to give a clear indication (in writing or orally) that they do not want to be participants in the research or to have their data used in the research.
If individuals do not choose to opt-out of the research, their consent is presumed as long as they were given reasonable notice of the research and meaningful opportunity to opt-out.
Ranked forms of consent and associated conditions
Type of consent | Specific forms of consent | Required conditions for REB consideration |
(i) Opt-in consent (preferred) |
Ways of opting in:
|
All of the following:
|
(ii) Presumed consent, with opt-out mechanism |
Consent is presumed unless the person opts out Ways of opting out:
|
All of the following:
|
4.2 Documenting consent
4.2.1 Written documentation signed by the research participant (preferred)
Whenever appropriate and practicable, a written documentation of opting-in or opting-out of research is preferred. This should be documented using a consent form or refusal statement signed by the individual.
4.2.2 Oral consent documented by the researcher
Where oral consent is obtained for telephone interviews, where written documentation is culturally unacceptable, or where there are good reasons for not recording opt-in or opt-out in writing using a form that the participant signs, an oral procedure should be managed and documented, indicating that the opt-in or opt-out was conducted orally.
4.2.3 Documented consent and collection of data without direct personal identifiers
Collection of data without direct personal identifiers may be necessary or proposed when the research deals with highly sensitive conditions or activities. In such circumstances, consent should be documented but the identity of research participants should not be linkable to their data or to results of analyses.
Example: Oral consent and non-identifiable data and results
Disease X prevalence study among women undergoing abortion in City Y. Before undergoing therapeutic abortions, women must necessarily have a blood test. |
Women who were scheduled for therapeutic abortions were approached in a hospital clinic about their willingness to participate in the study on Disease X. Those who gave oral consent to participate in this study agreed to fill out questionnaires (without providing their names) about certain risk factors for disease X, and to permit the testing of leftover blood from the blood test for the presence of disease X. For each participant, the computer generated a specific scrambled code linking the blood sample for the disease test and the answers to the questionnaire. Once the results of the disease tests were linked to the corresponding questionnaire, the computer-generated code was removed. In this way, it was not possible to identify the research participants, even if one had used the same computer program to try to retrace the scrambled codes. The linked information for each person was thus non-identifiable so that the researchers could look at risk factors and determine the incidence of disease X but could not identify any of the research participants. |
Example: Documented consent and non-identifiable data and results
From a study on workplace injuries in nursing and laboratory staff |
...The study questionnaire had no name or code number on it and participants were asked not to write their name on it. The cover letter from the researcher asked participants to fill out the questionnaire, put it in the provided envelope and return it through internal [staff] mail. The letter also asked participants to then sign a response card that had their name on it, put it in a separate envelope that was also provided and deposit it into slotted drop boxes located in each work area. The researcher did not need to know the names of persons who had responded; it was the content of the responses that was of interest. The only identifying information required was on the response card in order to allow the researcher to send targeted reminder letters to those persons who had still not responded. In addition, general reminders to return the questionnaires were also posted in designated work areas in an effort to increase response rates. To minimize the risk of linking questionnaire responses with the names provided on the response cards, the researcher picked up the cards regularly throughout the week and the questionnaires only once every week or two. Furthermore, no data were entered until the end of data collection to reduce the possibility of identifying late respondents. With this method, the researcher could not identify who had filled out each questionnaire, but she would know from the response cards who on the list had or had not returned a questionnaire. In this study sensitive information could be revealed about those staff who had suffered an injury at work but who had not reported it, contrary to mandatory hospital reporting policies. Some respondents may not have reported injuries because they did not want to appear careless; others may have wished to avoid the fairly lengthy follow-up procedures required of persons with certain injuries. The researchers had anticipated that this might be the case and understood that this information would be considered quite sensitive. It was for this reason that the survey was conducted with no ability to link the data collected to individuals' identities. |
4.3 Qualitative research
Participants in qualitative studies are especially vulnerable to unintended identification. For example, in quoting interviewees, biographical details may be revealed that make protecting identities difficult. Deleting all possible identifiers may rob the quote of its impact and research value. Changing names and places is not a guarantee that individuals' identities will be concealed.
Therefore, paying attention to the trust relationship between researcher and participant, and obtaining ongoing consent, are very important in qualitative research. Constant sensitivity to participants' behaviour and reactions during data collection is essential. Unsolicited and unanticipated disclosures of information by participants can easily fall outside the original consent agreement.
As the interaction between a researcher and participants progresses, there may be situations where the researcher will need to recognize that participants should be given the opportunity to reiterate their consent, to withdraw from the research, or to withdraw their particular comments.Footnote 39 Thus, obtaining informed consent should be an ongoing negotiation.
4.4 Documenting non-participation or withdrawal of consent
The researcher may need information on who does not want to participate in research or who withdraws from research, for example to:
- document who is not to be included in follow-up research activities; and/or
- take into consideration relevant characteristics of the population not included in the study, when reporting possible bias in research results.
In these circumstances, researchers may obtain information about non-participants or those withdrawing consent only with:
- individuals' consent or
- the approval of an REB to waive the consent requirement in the particular circumstances.Footnote 40
LINK TO TRI-COUNCIL POLICY STATEMENT: [Voluntary consent: No manipulation, undue influuence or coercion] Article 2.2 "Free and informed consent must be voluntarily given, without manipulation, undue influence or coercion". Explanatory text: "...Undue infiuence may take the form of inducement, deprivation or the exercise of control, or authority over prospective subjects. Voluntariness is especially relevant in research involving restricted or dependent subjects, and is absent if consent is secured by the order of authorities or as a result of coercion or manipulation..REBS should also pay particular attention to the elements of trust and dependency, for example, within doctor/patient or professor/student relationships, because these can constitute undue infiuence on the patient to participate in research projects, especially those involving residents in long-term care facilities or psychiatric institutions..." (pg. 2.4) Article 2.4 "... researchers or their qualified designated representatives shall provide prospective subjects with the following:.. (d) An assurance that prospective subjects are free not to participate, have the right to withdraw at any time without prejudice to pre-existing entitlements, and will be given continuing and meaningful opportunities for deciding whether to continue to participate.." Explanatory text:"..Articles 2.2 and 2.4(d) help to ensure that a prospective subject's choice to participate is voluntary. Pre-existing entitlement to care, education and other services shall not be prejudiced by the decision on whether to participate. Accordingly, a physician should ensure that continued clinical care is not linked to research participation, and teachers should not recruit prospective subjects from their classes, or students under their supervision, without REB approval. Nothing in this Section should be interpreted as meaning that normal classroom assessments of course work require REB approval..." (pg. 2.6) [Evidence of consent] Article 2.1 "...(b) Evidence of free and informed consent by the subject or authorized third party should ordinarily be obtained in writing. Where written consent is culturally unacceptable, or where there are good reasons for not recording consent in writing, the procedures used to seek free and informed consent shall be documented..." Explanatory text: "Free and informed consent... encompasses a process that begins with the initial contact and carries through to the end of the involvement of research subjects in the project. As used in this Policy, the process of free and informed consent refers to the dialogue, information sharing and general process through which prospective subjects choose to participate in research that involves themselves. " (pg. 2.1) [Written and oral documentation] Article 2.1 Explanatory text: "Article 2.1 (b) states the preference for written evidence of free and informed consent. The article acknowledges that written consent is not always appropriate. For most people in our society, a signed statement is the normal evidence of consent. However, for some groups or individuals, a verbal agreement, perhaps with a handshake, is evidence of trust, and a request for a signature may imply distrust. Nonetheless, in most cases a written statement of the information conveyed in the consent process, signed or not, should be left with the subject. In some types of research, oral consent may be preferable. In others, written consent is mandatory. Where oral consent is appropriate, the researcher may wish to make a contemporaneous journal entry of the event and circumstances. These and like elements may sometimes need to be refined in concert with the REB, which plays an essential education and consultative role in the process of seeking free and informed consent. When in doubt about an issue involving free and informed consent, researchers should consult their REB." (pg. 2.2) [Witness of signatures] Article 2.4 Explanatory Text: "In some circumstances, having a witness to the signatures on the consent form may be felt to be appropriate. In law, the role of a witness is only to attest that the person actually signed the form; a witness is not responsible for certifying such factors as the signature being obtained under defined conditions or that the signers were competent. However, a court might subsequently seek the opinions of the witness on such issues". (pg. 2.8) [Time allocation] Article 2.4 Explanatory Text: "Rushing the process of free and informed consent or treating it as a perfunctory routine violates the principles of respect for persons, and may cause difficulty for potential subjects. The time required for the process of free and informed consent can be expected to depend on such factors as the magnitude and probability of harms, the setting where the information is given (e.g. hospital or home) and the subject's situation (e.g., level of anxiety, maturity or seriousness of disease)." (pg. 2.8) [Translating materials] Article 2.1 Explanatory text: "The requirement for free and informed consent should not disqualify research subjects who are not proficient in the language used by the researchers from the opportunity to participate in potential research. Such individuals may give consent provided that one or more of the following are observed to the extent deemed necessary by the REB, in the context of a proportionate approach to the harms envisaged in the research and the consent processes that are to be used: An intermediate not involved in the research study, who is competent in the language used by the researchers as well as that chosen by the research subject, is involved in the consent process; The intermediary has translated the consent document or approved an existing translation of the information relevant to the prospective subject; The intermediary has assisted the research subject in the discussion of the research study; The research subject has acknowledged, in his or her own language, that he or she understands the research study, and the nature and extent of his or her participation, including the risks involved, and freely gives consent..." (pg. 2.2.) |
Element #5: Informing prospective research participants about the research
General statement
Researchers should provide to prospective participants or to authorized third parties disclosure of all information relevant to voluntary and informed consent.
As part of the consent process, the researcher or other appropriate person (depending on the approved recruitment procedure) should explain such things as the nature of the research, what information will be collected and how it will be used in this study and possible future studies, as well as the risks and benefits of the research, so that they can make an informed decision about whether they wish to participate.
Researchers must ensure that prospective participants are given adequate opportunities to ask questions, discuss their concerns and consider their participation.Footnote 41
5.1 Understandable language
Information should be communicated to prospective participants in plain language, in oral and/or written form, so that it is easily understood.Footnote 42
5.2 Reasonable time allocation
The amount of time taken to communicate information to prospective participants should be appropriate to the need, and should be neither excessive nor too brief. For example, the information could be layered, so that participants are given a one-page summary, a short consent form with headings corresponding to core elements (e.g. requirements of participation, right to refuse and withdraw), and more detailed information in an appendix. Participants should also be informed about how to obtain more details if desired (e.g. via a web site or a toll-free telephone number).
5.3 Communicating results back to research participants
5.3.1 Informing research participants about results specifically relating to themselves
During the consent process, the researcher should determine whether the participant wishes to be informed of any meaningful research results that specifically relate to them.Footnote 43 Also, there should be agreement on how any results relating to the participant will be communicated to the participant (e.g. whether the information will be provided first to a genetic counsellor or a health care provider).
5.3.2 Informing populations of general results and potential negative impacts
The results of research should be made public to contribute towards better understanding of the health issue under investigation. Researchers, particularly those in the areas of health services, population and public health, and genetics or genomic research, who study whole populations, should strive to communicate with the relevant population and governmental authorities regarding results that are pertinent to the improvement of health and/or the prevention of disease. Where appropriate, researchers, in collaboration with the population concerned, should facilitate the development and the implementation of a follow-up plan in response to the research findings.Footnote 44
The population studied should be made aware of possible socio-economic discrimination or group stigmatization as a result of the research results, for example, due to perceptions of genetic risks. In the context of genetic research, the population should also be informed of the means taken to minimize the risks. To avoid misleading or unrealistic expectations, the researchers should make known the limitations of the research results and of their practical or potential application.Footnote 45
5.4 Qualitative research
Researchers using qualitative methods may consider involving participants in the writing and reporting process, depending on the circumstances. For example, during the process of informing prospective research participants about the research, it may be appropriate:
- to provide participants with the opportunity to look at transcripts and to delete or footnote what they consider to be inaccurate or sensitive information (known as member-checking);
- to ask participants if they wish to be publicly acknowledged in articles coming from the research; or
- to invite community leaders or representatives to help interpret the findings to their constituencies.
5.5 Providing information about privacy to prospective research participants
The following categories of information relating to privacy matters should be included in the information provided to prospective research participants:
Basic information | Explanation |
1) Research objectivesFootnote 46 and procedure |
|
2) Data types and usesFootnote 47 |
|
3) Voluntary basis for participationFootnote 48 |
|
4) Risks, benefits, compensation |
|
5) Confidentiality and safeguardsFootnote 50 |
|
6) Data access and legal disclosure requirementsFootnote 52 |
|
7) Reporting of resultsFootnote 53 |
|
8) Data retentionFootnote 54 |
|
9) Inquiries and complaintsFootnote 55 |
|
5.6 Collection from individuals and secondary use (Hybrid model)
For a hybrid project involving the direct collection of data from individuals and secondary use of data from other sources, the prospective research participant should also be informed of:
- all expected types and sources of personal data to be accessed and used;
- any expected linkages; and
- the expected purposes for which data will be used (e.g. health survey data to be collected and linked, with consent, to health records to investigate health care use in the population).
5.7 Creation of a database for general research purposes
5.7.1 Information to be provided at time of collection
When personal data are to be entered into a database for multiple research uses over an extended period, research participants should also be informed, at the time of collection, of the following:
Basic information | Explanation |
1) Expected types of studies |
|
2) Expected data types and purposes |
|
3) Expected commercial uses |
|
4) Data retention period |
|
5) The process for overseeing the use and security of data |
|
6) Authorization for future uses, with or without re-contact |
|
Example: Informing participants and presenting options for control of new uses of data
The invitation to participate in the study is made by a dedicated nurse coordinator employed by, and accountable to, the participating hospital. The nurse coordinator arranges, at a convenient time for the patient (and his/her family), to explain the study and seek the patient's consent to participate. Patients can refuse or can agree to any or all of the following:
|
5.7.2 Promotion of openness and accountabilityFootnote 57
Researchers should endeavour to keep participants informed of future data uses through continuing means (e.g. web site information), as part of an ongoing commitment to openness and to the maintenance of informed consent.
LINK TO TRI-COUNCIL POLICY STATEMENT: [Information to be provided to research participants] Article 2.4 "Researchers shall provide, to prospective subjects or authorized third parties, full and frank disclosure of all information relevant to free and informed consent. Throughout the process of free and informed consent, the researchers must ensure that prospective subjects are given adequate opportunities to discuss and contemplate their participation. Subject to the exception in Article 2.1 (c), at the commencement of the process of free and informed consent, researchers or their qualified designated representatives shall provide prospective subjects with the following: (a) Information that the individual is being invited to participate in a research project; (b) A comprehensible statement of the research purpose, the identity of the researcher, the expected duration and nature of participation, and a description of research procedures; (c) A comprehensive description of reasonably foreseeable harms and benefits that may arisefrom research participation, as well as the likely consequences of non-action, particularly in research related to treatment, or where invasive methodologies are involved, or where there is a potential for physical or psychological harm; (d) An assurance that prospective subjects are free not to participate, have the right to withdrawat any time without prejudice to pre-existing entitlements, and will be given continuing and meaningful opportunities for deciding whether to continue to participate; and (e) The possibility of commercialization of research findings, and the presence of any apparent oractual or potential conflict of interest on the part of researchers, their institutions or sponsors." (pg. 2.5, 2.6) "..REBs may require researchers to provide prospective subjects with additional information, such as that detailed in Table 1..." (pg. 2.6) "Table 1: Additional Information that may be required for some projects
[Genetic counseling] Article 8.4 "Genetics researchers and the REB shall ensure that the research protocol makes provision for access to genetic counseling for the subjects, where appropriate." Explanatory note: "Genetic counselors who are formally trained to impart genetic information have two main roles in dealing with a family: The first is to educate regarding the condition in question, and the second is to counsel by presenting options or possible action scenarios in a non-directive manner. The complexity of genetic information along with its social implications usually requires that free and informed consent be supplemented with genetic counseling." (pg. 8.4) [Conditions for less than full disclosure] Article 2.1 Explanatory text: "... the REB should exercise judgment on whether the needs for research justify limited and/or temporary exception to the general requirements for full disclosure of information relevant for a research subject's meaningful exercise of free and informed consent. In such cases, subjects may be given only partial information or they may be temporarily led to believe that the research has some other purpose because full disclosure would likely colour the responses of the subjects and thus invalidate the research. For example, social science research that critically probes the inner workings of publicly accountable institutions might never be conducted without limited recourse to partial disclosure. Also some research in psychology seeks to learn about human responses to situations that have been created experimentally. Such research can only be carried out if the subjects do not know in advance about the true purpose of the research...Another scenario, in questionnaire research, embeds questions that are central to the researcher's hypotheses within distractor questions, decreasing the likelihood that subjects will adapt their responses to their perceptions of the true objective of the research. For such techniques to fall within the exception to the general requirements of full disclosure for free and informed consent, the research must meet the requirements of Article 2.1 (c)..." (pg. 2.2- 2.3) [Secondary uses] Article 3.2 Explanatory text: "It is essential that subsequent uses of data be specified in sufficient detail that prospective subjects may give free and informed consent; it is inappropriate to seek blanket permission for "research in general". (pg. 3.4) |
Element #6: Recruiting prospective research participants
General statement
To recruit research participants, the researcher will typically need to complete the following steps, each of which involves the researcher or another more appropriate person having access to personal information:
Step A: Assess eligibility criteria for the research and assemble a list of eligible individuals.
Step B: Establish initial contact with eligible individuals.
Step C: Inform eligible individuals about the research, as part of the informed consent process.
The proposed recruitment procedure and materials should be included in the submission for REB approval.
The procedure and materials should foster conditions for voluntary consent, and not exert undue influence on prospective participants to agree to take part in the research.Footnote 58
Initial contact with individuals about a research project should be made by someone that individuals would expect to have relevant information about them, or in other ways that do not inappropriately intrude on their life or privacy.
If permitted by lawFootnote 59 and subject to REB approval, the data holder who would normally have access to the required personal information is the preferred person to access that information to assess eligibility of individuals for the research (Step A) and to make initial contact with those individuals (Step B), unless the REB considers this approach to be impracticable or inappropriate.
Typical scenarios for recruiting participants and preferred approaches are described under 6.3.
6.1 Consent and secondary use of personal information to assess eligibility and contact individuals
The REB will need to determine if consent from individuals is required for the secondary use of their personal information for assembling a list of eligible individuals for research or contacting these individuals to seek their consent for participation.Footnote 60 Researchers and REBs should be aware of any legal restrictions on contacting individuals in these circumstances.Footnote 61
6.1.1 Anticipating future uses of personal information at the time of the original collection
Wherever possible at the time of the original collection of personal information from individuals, the researcher and/or data custodian should anticipate the future uses of this information to assemble eligibility lists for research or to contact eligible individuals, and should seek consent for these future uses at that time.
For example, patients could be asked at the time of the original collection of their personal information whether they consent to the health care provider reviewing their records and contacting them to inform them of research for which they are eligible. If such a prior opt-in consent procedure is not a practicable option, a health care provider could inform patients through notices that their personal information may be reviewed from time to time for recruitment purposes, and that they have the opportunity to opt-out. If patients do not opt-out, their consent for the use of their personal information to assess their eligibility for research or to contact them about the research project would be presumed.
6.2 Initial contacting and informing prospective participants
6.2.1 Trust vs. undue influence
Recruitment raises complex issues around who is the appropriate person to make initial contact and inform eligible individuals about the research. On the one hand, individuals may feel more comfortable if approached by a data holder, such as a clinic physician or nurse, whom they trust and accept as having access to their personal information. On the other hand, individuals may be unduly influenced to agree to participate in research if approached by someone on whom they are dependent, for example, their employer, health provider, community leader or program director.
In some cases, someone who has a relationship of some influence over prospective research participants may be the preferred person to contact individuals and inform them of the research where this is considered the best way to ensure that prospective research participants fully understand the risks and the benefits of the research to themselves. For example, a health care provider or professional (who may or may not be involved in the research) may be the preferred person to contact individuals and inform them about the research because of a relationship of medical confidence, special expertise and/or in-depth knowledge of the patients' situations. It is critical in such cases that the participants are reassured that their reasonable expectations of care will be met whether or not they take part in the research.Footnote 62
6.2.2 Prior communication
Researchers should avoid situations where eligible individuals are not aware, prior to being contacted, of information about themselves that makes them eligible for participation in the research. For example, a health care provider may not yet have informed the patient of a diagnosis (e.g. cancer) that is in the patient health record and that is used to determine eligibility. The researcher should confirm with the data holder that individuals have been informed of relevant health-related information before initiating contact.
6.3 Selected scenarios and preferred recruitment practices
Index to recruitment scenarios
6.3.1 Scenario: * Eligible research participants are in a city telephone directory.
6.3.2 Scenario: * A research team proposes to recruit research participants from members of an Aboriginal community.
6.3.3 Scenario: *A genetics researcher proposes to recruit the family members of research participants.
6.3.4 Scenarios: * The researcher has access to personal data from prior research studies. * The research unit of a hospital is proposing to conduct research on patients. * The researcher is the health care provider of eligible individuals.
6.3.5 Scenario: * The researcher is external to the data-holding organization, and is submitting a proposal to conduct research on patients, employees or students of the organization.
6.3.6 Scenario: * A clinician-researcher at a health care facility wants to conduct research on patients being treated by another physician in the same facility. * An academic wants to conduct research on students in his or her university department or program, but not in a class that he or she is currently teaching.
6.3.1 Scenario: * Eligible research participants are in a city telephone directory.
When eligibility information and the means of notifying individuals about the research are publicly available, the researcher should normally be able to make the initial contact without needing an intermediary.
6.3.2 Scenario: * A research team proposes to recruit research participants from members of an Aboriginal community.
As a general rule, researchers planning to work in a community should make contact with and inform community leaders and groups relevant to their research, prior to initiating the recruitment or informed consent process with members of that community.
For many Aboriginal communities and groups, approval by local authorities may be required prior to beginning the recruitment of research participants.Footnote 63
6.3.3 Scenario: * A genetics researcher proposes to recruit the family members of research participants.
For the purpose of recruiting relatives for genetic or genomic research, there should be no direct contact between the researcher and the family members of the initial research participant. In order to respect the privacy of the participant and his family, only the participant or his/her spouse or a designated family member should contact other family members to ask their willingness to be approached by the researcher. The principal researcher (or a member of the research team) should not directly contact the family.Footnote 64
6.3.4 Scenarios: * The researcher has access to personal data from prior research studies. * The research unit of a hospital is proposing to conduct research on patients. * The researcher is the health care provider of eligible individuals.
In these scenarios, the researcher is the data holder or is employed by the data holder. If permitted by lawFootnote 65 and subject to REB approval, the data holder may assess the eligibility of individuals for the research.
The data holder should have rules nevertheless to limit the number of people permitted access to data for this purpose.Footnote 66
Preferred options for contacting individuals will depend on whether the REB considers that the researcher/data holder has undue influence over prospective research participants (see the Options table).
Options for contacting individuals according to whether the researcher/data holder has influence over prospective research participants
Option | Contacting prospective research participants |
A) If the researcher/data holder is not in a position of undue influence. | If the researcher/data holder is not in a position of undue influence over prospective participants with regard to the research, the researcher should make the initial contact and inform prospective participants about the research, if permitted by law and subject to REB approval. |
B) If the researcher/data holder is in a position of undue influence. |
In some cases, the researcher/data holder is considered to potentially be in a position of undue influence over eligible individuals with regard to the research or there is a potential conflict of interest. For example, an REB may decide that patients who will be recruited for a clinical trial being conducted by their health care provider may not understand the difference between the research treatment and the standard treatment provided at the health centre. In such cases, initial contact with prospective research participants should be made by neutral means, so that there is no undue influence exerted on individuals to participate. For example, a neutral person on the research team or in the data holder's agency who is not in a position of authority over prospective research participants, could contact eligible individuals. Alternatively, it may be possible to make initial contact with eligible individuals by advertising in newspapers or in public locations, and then having a neutral member of the research team or staff provide further information to interested individuals. |
6.3.5 Scenario: * The researcher is external to the data-holding organization, and is submitting a proposal to conduct research on patients, employees or students of the organization.
In this scenario, the researcher is not the data holder, and does not have undue influence over prospective research participants. If permitted by law,Footnote 67 the preferred recruitment approach is for the data holder to assess eligibility for research and to make initial contact with eligible individuals, unless the REB considers that the preferred approach is impracticable or inappropriate (see the ranked Options table).
Ranked options for assessing eligibility and contacting prospective participants, when the researcher is not the data holder and does not have undue influence
Option | Assessing eligibility and contacting prospective research participants |
A) The data holder assesses eligibility and makes initial contact. (Preferred) | If permitted by law and subject to REB approval, the data holder should determine eligibility of individuals for the research on the basis of criteria provided by the researcher. The data holder should make the initial contact to: (i) inform eligible individuals about the research so that they can contact the researcher, if interested, or (ii) to seek consent from individuals to release their nominal information to the researcher who will contact them to inform them about the research. |
B) If the REB considers option A impracticable or inappropriate, the REB may permit the researcher to access minimal personal information for assessing eligibility and/or making contact with eligible individuals, if permitted by law and under strict controls (e.g. access restricted to data holder's site). |
In some cases, the preferred option above may be considered impracticable or inappropriate. For example, the preferred option may be impracticable if:
The preferred option may be considered inappropriate where the data holder has undue influence over eligible individuals; professional or other legal requirements makes the data custodian's involvement in the recruitment process inappropriate; or the data holder's contacting of eligible individuals would defeat the purpose of the research.Footnote 68 When the preferred option is impracticable or inappropriate, an REB may consider whether a researcher should be permitted access to minimal personal data only for the purposes of determining eligibility for the research or contacting individuals to invite them to join the studyFootnote 69. If it is legally permissible and the REB gives approval, the researcher may be given access to personal information with appropriate confidentiality protections such as a signed confidentiality agreement with access restricted to the data holder's site, and use limited to the stated purpose. Minimal personal data provided to the researcher should normally contain only contact information and no other personal information related to health status. However, if health-related data are inherent in the eligibility criteria used to assemble the list of individuals to be contacted, an REB may determine that camouflage sampling or other masking techniques should be used to enable researchers to contact individuals while preventing researchers from viewing any identifiable health-related information of eligible individuals prior to gaining consent.Footnote 70 |
Option A: Examples of recruitment methods:
Health professional society makes contact with members |
Prospective research participants are members of a health professional society. The Society mails out a letter (drafted by the researcher) to its members, which explains how to contact the researcher to learn more about the research. |
Health professionals assess eligibility and make contact |
Given the criteria provided by the researchers, pharmacists are automatically notified by a computer flag in a centralized database, at the time of filling a prescription, of any patient eligible for the research study (e.g. receiving a certain number of concurrent medications). This automatic flag of eligible individuals for the study is visible only to pharmacists in participating pharmacies. Once the eligible persons are identified, the pharmacists seek consent from these individuals to release their contact information to the researcher. |
Researcher assesses eligibility and makes initial contact for data holder |
Hospital administrators do not have the personnel necessary to search through files in order to identify potentially eligible research participants according to selection criteria provided by the researcher, or to establish prior contact with these individuals on behalf of the researcher. Therefore, with the approval of the REB and a signed undertaking of confidentiality by the researcher, hospital administrators provide the researcher with the names of staff, their work location and full or part-time status, in the form of a computer file. The researcher then uses the computer file to exclude staff that do not fit the eligibility criteria and to select a random sample of eligible staff. Senior hospital staff explain the study in general terms to their staff members and inform them that the researcher will be writing in the near future to individuals eligible to be included in the study. Senior staff emphasize that participation is on a purely voluntary basis. Accordingly, the researcher sends letters of invitation to participate in the research only to eligible staff members. |
Data holder assesses eligibility and provides camouflaged list to researcher to make initial contact |
The study is approved by the REB and the privacy branch of the Ministry of Health. Ministry of Health staff produces a "camouflaged" list of patient names for the researchers, containing scrambled personal health numbers of patients potentially affected by a new health care policy with scrambled numbers of a random sample of patients who are not affected by the policy. When the scrambled numbers are unscrambled and converted to names, addresses and telephone numbers by the Ministry of Health's Client Registry, the health status of each patient remains unknown to the researchers and to the Ministry of Health staff. The addition of persons not affected by the health condition prevents the researchers from knowing who is affected and who is not; only those who respond are identified. In order to be most effective, camouflaging should aim to protect the privacy of targeted patients, while limiting the total number of patients who need to be contacted. |
6.3.6 Scenario: * A clinician/researcher at a health care facility wants to conduct research on patients being treated by another physician in the same facility. * An academic wants to conduct research on students in his or her university department or program, but not in a class that he or she is currently teaching.
In these scenarios, the researcher is not the data holder, but does potentially have undue influence over prospective participants with regard to the research.
Preferred approaches to assessing eligibility for research and contacting eligible individuals will depend on whether the REB considers the data holder to have undue influence over prospective research participants (see the Options table).
Options for assessing eligibility and making contact with individuals when the researcher has undue influence over prospective individuals
Option | Assessing eligibility and contacting individuals |
A) If the data holder is not in a position of undue influence. | If the data holder is not in a position of undue influence over prospective research participants, the REB may permit the data holder to assess eligibility and make the initial contact with these individuals, if the data holder is permitted to do so by law (see scenario 6.3.5, option A). |
B) If the data holder is in a position of undue influence. | If the data holder is considered by an REB to have undue influence on prospective participants, the researcher could make initial contact with eligible individuals by neutral means such as by putting up notices in public areas of the facility or institution with information on how to contact the research team, and a neutral member of the research team or staff could inform interested individuals about the research (see scenario 6.3.4, option B). |
LINK TO TRI-COUNCIL POLICY STATEMENT: [Secondary use of data for prospective collection] Article 3.5 "Researchers who wish to contact individuals to whom data refer shall seek the authorization of the REB prior to contact." Explanatory text: "In certain cases, the research goal may only be achieved by follow-up contact and interviews with persons. It is evident that individuals or groups might be sensitive if they discover that research was conducted on their data without their knowledge; others may not want any further contact. This potential harm underlines the importance for researchers to make all efforts to allow subjects the right to consent that their data and private information be part of a study." (pg. 3.6) |
Element #7: Safeguarding personal data
General statement
Institutions or organizations where research data are held have a responsibility to establish appropriate institutional security safeguards. Data security safeguards should include organizational, technological and physical measures.Footnote 71
Researchers should take a risk assessment and management approach to protecting research data from loss, corruption, theft or unauthorized disclosure, as appropriate for the sensitivity and identifiability of the data. Formal privacy impact assessments (PIAs) are required in some institutions and under legislation or policy in some jurisdictions.Footnote 72
REBs should review and approve researchers' proposed measures for safeguarding any personal data to be collected.
The safeguards described in this Element are particularly relevant to research conducted within large institutions or other organizations. However, smaller scale projects should also demonstrate acceptable ways of protecting the confidentiality of data.
7.1 Threat-risk vulnerability assessmentFootnote 73
A vulnerability assessment assists researchers and institutions in determining an appropriate level of security for research data and the means by which the data should be received, used, stored, and managed. The following are the main steps in a vulnerability assessment:
Assessment | Examples |
a) Determine what assets need to be protected |
|
b) Determine what to protect against |
|
c) Assess the probability of the threat occurring |
|
d) Assess the magnitude of the impact and consequences of the threat if it occurs |
|
e) Assess existing safeguards and need for additional safeguards |
|
f) Recommend the appropriate security safeguards to protect the assets from threats |
|
g) Update and regularly review these safeguards (at least annually) |
|
7.2 Security measures
7.2.1 Organizational safeguards
- There should be ongoing commitment to privacy and continued emphasis of its importance by all involved in the research and the institutional/organizational management.
- All involved in the research project should be subject to a pledge of confidentiality.
- Access to personal information should be strictly limited in terms of numbers of persons, for legitimate purposes, and strictly on a realistic need-to-know basis.
- Data-sharing agreements between the researcher/institution and all involved should be signed prior to providing any access to data.
- Consequences for breach of confidentiality, including dismissal and/or loss of institutional privileges, should be clearly stipulated.
- Institutions and organizations housing research projects and archived data should, with ongoing commitment of adequate resources:
- develop, monitor and enforce privacy and security policies and procedures;
- appoint privacy officers and create data stewardship committees as needed; and
- implement internal and external privacy reviews and audits.
7.2.2 Technological measures
- Encryption, scrambling of data and other methods of reducing the identifiability of data should be used to eliminate unique profiles of potentially identifying information.
- Direct identifiers should be removed or destroyed at the earliest possible opportunity.
- If direct identifiers must be retained, they should be isolated on a separate dedicated server/network without external access.
- Camouflage samplingFootnote 74 or other techniques should be used, when appropriate, to prevent researchers from viewing health-related information of eligible individuals prior to gaining their consent.
- Authentication measures (such as computer password protection, unique log-on identification, etc.) should be implemented to ensure only authorized personnel can access data.
- Special protection for remote electronic access to data should be installed.
- Virus-checking programs and disaster recovery safeguards such as regular back-ups should be implemented.
- Where possible, a detailed audit trail monitoring system should be instituted to document the person, time, and nature of data access, with flags for aberrant use and "abort" algorithms to end questionable or inappropriate access.
7.2.3 Physical security
- Computers and files that hold personal information should be housed in secure settings in rooms protected by such methods as combination lock doors or smart card door entry, with paper files stored in locked storage cabinets.
- The number of locations in which personal information is stored should be minimized.
- Architectural space should be designed to preclude public access to areas where sensitive data are held.
- Routine surveillance should be conducted.
- Physical security measures should be in place to protect data from hazards such as floods or fire.
LINK TO TRI-COUNCIL POLICY STATEMENT: Article 3.2 Explanatory Text: "Researchers should ensure that the data obtained are stored with all the precautions appropriate to the sensitivity of the data. Accordingly, information that identifies individuals or groups should be kept in different databases with unique identifiers. Researchers should take reasonable measures to ensure against inadvertent identification of individuals or groups, and must address this issue to the satisfaction of the REB." (pg. 3.4) |
Element #8: Controlling access and disclosure of personal data
General statement
Data sharing for research purposes - whether of linked or unlinked data sets - is an important way of enabling socially valuable research. It avoids unnecessary duplication of data collection, which reduces the burden on research participants and permits researchers to use limited or scarce resources more productively.
However, there should be strict limits on access to data and secure procedures for data linkage, subject to REB approval and data-sharing agreements.
When personal data are essential to research objectives and questions, researchers need a plan for making public the results of research in ways that do not permit tracing back to individuals if they do not wish their identities to be known.
8.1 Controlled levels of data access within research team and for secondary use
Researchers and institutions should protect against unauthorized disclosure and use of sensitive data or data subjects' identities, by controlling access to personal data.
Controlling access to data for research purposes means, under most circumstances, that:
- sensitive and/or highly identifiable data are accessible to the minimum number of persons necessary on the research team on a need-to-know basis (e.g. for cleaning data, conducting data linkages, and verifying the accuracy of data matches);
- team members have appropriate training in, and comply with, security safeguards;
- access to coded data, or to data where the direct identifiers are removed but potentially identifying elements remain in the dataset, may be permitted for researchers outside the research team only under strictly controlled conditions described in a written agreement and following REB approval; and
- non-identifiable data about individuals and aggregated data are made available to the general scientific community and for public use after appropriate scrutiny to minimize or avoid risks of inadvertent disclosure of individuals' identities.
Controlled access to personal data for research purposes
Access to: | Who should be permitted access: (examples) | Required safeguards to include: |
Direct identifiers |
|
|
Not directly identifiable data (single or double coded; or without codes) |
|
|
Non-identifiable data in public use files (where data have been scrutinized and altered to protect against risks of inadvertent disclosure of individuals' identities).Footnote 75 |
|
|
8.2 Conducting data linkages
The most secure way of conducting data linkages requested by external researchers is for the data holder to conduct the linkage and provide linked datasets to the researcher without identifiers, and at the minimum level of identifiability required for the research purpose.Footnote 77 If that is not practicable, a trusted third party may conduct the linkage or the researcher may conduct the linkage on the data holder's site. As a last option, a researcher may be permitted to conduct the linkage at a secure site but under strict controls, as specified in a data-sharing agreement.Footnote 78
Ranked options for conducting data linkages
Who should conduct the linkage | Conditions for REB consideration |
A) Data holder (Preferred) | The data holder performs the linkage(s) and subsequently removes all direct identifiers, or replaces direct identifiers with a code, prior to releasing the linked data set to the external researcher. |
B) A trusted third party (e.g. a statistical agency) or C) The researcher conducts the linkage on the data holder's site |
When the original data holder does not have the technical capacity or resources to perform linkages in-house:
The third party and the researchers should be bound by equivalent conditions of confidentiality and security as apply to the data holder and the data holder's employees. |
D) The researcher conducts the linkage off site | If Options A, B or C are demonstrably impracticable, the researcher may conduct the linkage in compliance with a data-sharing/confidentiality agreement with the data holder, setting out their respective and shared obligations, including restrictions on use and disclosure and appropriate security requirements (see 8.3 below). In this situation, any direct identifiers or other personal data not required to answer the research question should be destroyed or returned to the original data holder as soon as is practicable, and in compliance with the terms of the data-sharing agreement. |
Following the linkage of datasets, the person doing the data linkage should reduce datasets to the lowest level of identifiability needed to accomplish the research objectives.
For example, direct identifiers (e.g. name or personal health number) or potentially identifying elements when combined (e.g. a full date of birth or full postal code) may be needed for data linkage but may not be needed to answer the research questions. In such cases, these identifiers should be destroyed as soon as is reasonably practicable or returned to the data holder, as per the terms of the data-sharing agreement.
Universities may have specified retention periods for research data. Researchers should either destroy the new linked dataset at the end of the specified period, or use enhanced security measures to store it as per the terms of the data-sharing agreement. Within some research or statistical agencies it may not be practicable to unlink datasets after each use. However these institutions should document a process to ensure that the linked datasets are used only for authorized purposes (e.g. for REB-approved projects).
8.3 Data-sharing agreements
Data-sharing agreements bind data providers and researchers to their respective responsibilities and obligations for protecting personal data.
Data-sharing agreements should set out the terms and conditions under which data providers will allow researchers to access personal data for research purposes.Footnote 79
Data-sharing agreements typically include the following information related to privacy concerns:
Basic information | Explanation |
1) Research purposesFootnote 80 |
|
2) Data elements and usesFootnote 81 |
|
3) Informed consent materials and formFootnote 82 |
|
4) ContactFootnote 83 |
|
5) Data access and disclosure |
|
6) Reporting results |
|
7) SecurityFootnote 84 |
|
8) Retention/ destruction of dataFootnote 85 |
|
9) Required approvals/ authorizationsFootnote 86 |
|
10) Compliance with laws and policiesFootnote 87 |
|
11) AccountabilityFootnote 88 |
|
8.4 Controls over disclosure in public reports of research findings
Appropriate measures should be taken to avoid or minimize the identifiability of data in publications or public databases. Statistics Canada guidance in this area is available online.Footnote 90
8.4.1 Reporting qualitative research results when concealing individuals' identities is not desired
In assessing the privacy aspects of research, researchers and REBs should also be aware of the possibility that in some instances individuals may want their identities to be known-for example, when individuals want their contribution to research as participants to be recognized, or where they want to help others afflicted with a similar condition. In some qualitative research, individual participants may understand and willingly accept the possibility that their identities may be revealed in the public reporting of research results.
LINK TO TRI-COUNCIL POLICY STATEMENT: [Disclosure controls] "Data released should not contain names, initials or other identifying information. While it may be important to preserve certain types of identifiers (e.g., region of residence), these should be masked as much as possible using a standardized protocol before the data are released for research purposes. However, legitimate circumstances may exist where such information is critical for the research project..." (pg. 3.4) [Human genetic research] Article 8.2 "The researchers and the REB shall ensure that the results of genetic testing and genetic counseling records are protected from access by third parties, unless free and informed consent is given by the subject. Family information in databanks shall be coded so as to remove the possibility of identification of subjects within the bank itself." (pg. 8.2) [Secondary uses] Article 3.3, 3.4 - See Element #3 [Data linkage] Article 3.6 "The implications of approved data linkage in which research subjects may be identifiable shall be approved by the REB." Explanatory note: "...Only a restricted number of individuals should perform the function of merging databases; researchers should either destroy the merged file immediately after use, or use enhanced security measures to store it. Whether the data are to be used statistically or otherwise, confidentiality of the information must be maintained by all members of the research team." (pg. 3.6) |
Element #9: Setting reasonable limits on retention of personal data
General statement
Personal data should be retained as long as is necessary to fulfill the research purposes.Footnote 91 Personal data may then be destroyed or returned to the data provider, if appropriate, as set out in the terms of the original collection, data-sharing agreement, institutional policies and legal requirements.
There is a tension between the privacy principle of limiting the retention of data and the scientific principle of preserving research data so that published research results can be replicated and verified, and opportunities for further investigation of valuable data are maximized. While this is a very complex area in need of further reflection and development, the default principle is to define retention periods for personal data, in writing. Researchers should be explicit about what they plan to do with the data they collect and have storage, management and access policies in place.
9.1 Retention of personal data
9.1.1 Specific research project
Where personal data are collected and used in the context of a specific research project, identifying personal data should be retained by the researcher as long as necessary to fulfill the original research objectives,Footnote 92 including related purposes such as tracing, validating or auditing research results as may be required by regulators, study sponsors and/or publishers.Footnote 93
9.1.2 Database for general health research purposes
When personal data are collected in a database to support general health research purposes in the future, personal data may be retained for the general purposes originally consented to, subject to security safeguards proportionate to the identifiability, sensitivity and amount of the data, as well as its format and method of storage.
Administrative databases such as hospital discharge records and vital statistics registries, which may be used to support health research, may retain personal data over the long term, provided that this is permitted according to legislation or the mandate of a public body such as a government health department.
Any long-term retention of personal data established for general health research purposes should be subject to periodic audits and effective oversight by independent third parties including REBs.
Element #10: Ensuring accountability and transparency in the management of personal data
General statement
Individuals and organizations engaged in health research involving personal data are accountable for the proper conduct of such research in accordance with applicable funding policies, privacy principles and/or legislation. Processes and practices must be clearly established and implemented in order to give meaningful effect to these policies, principles or laws. Proper accountability and transparency practices require adequate resources for such things as communication, education and training relating to privacy.
Roles and responsibilities of all those involved in the conduct and evaluation of research should be clearly defined and understood, including those of researchers, their employing institutions, REBs, any data stewardship committees, Privacy Commissioners and other legally-designated privacy oversight agencies. Their concerted efforts should aim to provide a coherent governance structure for effective and efficient data stewardship.Footnote 94
10.1 Transparency
Recognizing that transparency may enhance public support for, and interest in, socially valuable research, individuals and organizations engaged in the conduct and evaluation of health research should:
- be open to the public with respect to the objectives of the research;
- be open about the policies and practices relating to the protection of personal data used in the research;
- promote ongoing dialogue between the research community and privacy oversight agencies; and
- promote ongoing dialogue between the research community and the community at large (the public).
10.2 Accountability
Key roles and responsibilities with respect to privacy concerns of those involved in designing, conducting and approving publicly-funded health research are outlined below.
10.2.1 Researchers (Principal investigator, researchers)Privacy-related responsibilities include:
- being aware of all applicable policies and laws in the jurisdictions in which the research is conducted and conducting their research in accordance with such requirements;
- seeking REB and institutional approval and, where required or considered appropriate, the review or approval of other relevant legal privacy oversight bodies;
- providing a mechanism to handle queries and complaints from participants about the privacy aspects of the research (e.g. REB contact information in the consent form); and
- promoting openness and accountability through publicly available information which describes the purpose and conduct of the research project(s) and how privacy concerns are being managed.
Privacy-related responsibilities include:
- developing and applying institutional privacy policies and procedures for the conduct and review of research that meet, as a minimum, the requirements set out in the TCPS and other applicable funding policies and laws;
- designating an individual who is accountable for the institution's compliance with those policies and procedures;
- providing for the education and training of researchers and REB members on how to manage personal data in health research;
- providing a mechanism for handling queries and complaints about the privacy and confidentiality aspects of research;
- demonstrating impartial and accountable procedures to investigate allegations of individual non-compliance, with appropriate sanctions for non-compliance;
- being open with the public about research supported by the institution; processes and practices for managing personal information; and procedures for receiving and handling complaints; and
- fostering coordinated data stewardship and institutional review processes within and between institutions.
Privacy-related responsibilities include:
- reviewing any proposed and ongoing research involving humans in accordance with the TCPS and its principles,Footnote 95 as well as other applicable laws and policies, including:
- the institution's own policies;
- federal, provincial and territorial legislation; and
- relevant laws, regulations, policies and/or research contexts of other countries, when research is to be conducted in those countries;
- serving as a consultative body to the research community and thus contributing to education in research ethics;
- fostering coordinated and consistent REB review processes, particularly with respect to multi-jurisdictional and multi-site research; and
- undertaking regular monitoring of research and coordinating reviews of multi-centre research to ensure equivalencies in standards across jurisdictions, by conducting:
- an annual review of the research (required under TCPS);
- an audit of critical aspects of the research protocol including the consent process, safeguards and, where relevant, methods of reducing the identifiability of data prior to disclosure; and
- other effective monitoring mechanisms, as appropriate.
When a database is created for multiple research purposes, or across multiple sites or jurisdictions, researchers and institutional data holders should promote coordinated and streamlined approaches to data stewardship over the long term. A centralized data stewardship committee could be put in place to authorize future uses of the database in accordance with the research objectives, REB approval and, where applicable, within the parameters set by the consent obtained from participants.
The responsibilities of this advisory committee could include:
- the review of data access requests;
- long-term management of the database;
- coordination of reviews by local REBs, for example, by means of agreements between REBs, institutions and researchers, as appropriate; and
- provision of information to the public (e.g. on a web site).
The composition of the committee should include scientific experts in the field and representatives from the population being studied.
10.3 Legally-designated privacy oversight agencies
As specified in legislation, the responsibilities of privacy oversight agencies, such as the Office of the Privacy Commissioner or Ombudsman in each jurisdiction, may include all or any of the following:
- monitoring and investigating compliance with legal requirements;
- issuing findings and recommendations and/or adjudicating complaints from the public with regard to non-compliance;
- initiating and/or participating in court action for breach of legal requirements for privacy protection;
- conducting audits of organizations' information management practices;
- reviewing privacy impact assessments for proposed research;
- reviewing and/or approving the collection of personal information without consent;Footnote 96
- reporting publicly on matters of privacy compliance;
- reviewing and providing comments or approvals on proposed laws or policies; and
- promoting public education with respect to privacy issues.
LINK TO TRI-COUNCIL POLICY STATEMENT: [Mandate of the three federal research granting agencies: CIHR, SSHRC and NSERC] "The...Agencies have adopted this Policy as their standard of ethical conduct for research involving human subjects. As a condition of funding, the Agencies require, as a minimum, that researchers and their institutions apply the ethical principles and the articles of this policy." (pg. i.2) Article 1.1 "(a) All research that involves living human subjects requires review and approval by an REB in accordance with their Policy Statement, before the research is started, except as stipulated.." (pg. 1.1) [Review procedures for ongoing research] Article 1.13 "(a) Ongoing research shall be subject to continuing ethics review. The rigour of the review should be in accordance with a proportionate approach to ethics assessment. (b) As part of each research proposal submitted for REB review, the researcher shall propose to the REB the continuing review process deemed appropriate for that project.(c) Normally, continuing review should consist of at least the submission of a succinct annual status report to the REB. The REB shall be promptly notified when the project concludes." (pg. 1.10) "In accordance with the principle of proportionate review, research that exposes subjects to minimal risk or less requires only a minimal review process. The continuing review of research exceeding the threshold of minimal risk that is referred to in Article 1.13(b), in addition to annual review (Article 1.13 (c)) might include:
Other models of a continuing ethics review may be designed by researchers and REBs to fit particular circumstances. [Review of multi-centered research] "Principles of institutional accountability require each local REB to be responsible for the ethical acceptability of research undertaken within its institution. However, in multi-centred research, when several REBs consider the same proposal from the perspectives of their respective institutions, they may reach different conclusions on one or more aspects of the proposed research. To facilitate coordination of ethics review, when submitting a proposal for multi-centered research, the researcher may wish to distinguish between core elements of the research-which cannot be altered without invalidating the pooling of data from the participating institutions-and those elements that can be altered to comply with local requirements without invalidating the research project. REBs may also wish to coordinate their review of multi-centred projects, and to communicate any concerns that they may have with other REBs reviewing the same project. The needed communication would be facilitated if the researcher provides information on the institutional REBs that will consider the project." (pg. 1.11) [Equivalence level of protection in multi-jurisdictional research] Article 1.14 "Research to be performed outside the jurisdiction or country of the institution that employs the researcher shall undergo prospective ethics review both (a) by the REB within the researcher's institution; and (b) by the REB, where such exists, with the legal responsibility and equivalent ethical and procedural safeguards in the country or jurisdiction where the research is to be done." (pg. 1.12) LINK TO: Memorandum of Understanding on the Roles and Responsibilities in the Management of Federal Grants and Awards (MOU). Schedule 2- Ethics Review of Research Involving Humans. 1.0 Policy "The Agencies developed, approved and implemented a joint policy statement topromote the ethical conduct of research involving human subjects - the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS). The Agencies will only fund researchers, Institutions or partnering organizations that comply with the ethical principles and articles of the TCPS. In addition CIHR will only fund human pluripotent stem cells research that adheres to its recently published guidelines. In addition to the TCPS, the ethics review of research involving humans may, where appropriate, be subject to other legislation and policies, such as:
Researchers, Institutions and research ethics boards (REBs) should be aware of all applicable policies, regulations and guidelines. In some cases, it may be necessary for Institutions to have recourse to speci0c expertise to identify legal and other issues in the ethics review process..." |
- Date modified: