IWK Research Ethics - Workshop Series The Nova Scotia Personal

advertisement
Bev White, Manager, Research Ethics
Research Services, IWK Health Centre

Background
◦ Legislation
◦ Guidelines



The Act - PHIA
Circle of Care
Impracticability
Legislation
 Governs the collection, handling, storage of
personal information, including research records.
◦ PIPEDA - Personal Information Protection and Electronics
Documents Act
◦ Nova Scotia Hospitals Act
◦ PIIDPA - Nova Scotia Personal Information International
Disclosure Protection Act
◦ PHIA - Nova Scotia Personal Health Information Act

Guidance document
◦ CIHR Best Practices for Protecting Privacy in Health
Research (2005)
◦ PHIA Toolkit
CIHR Best Practices for Protecting Privacy in Health
Research (2005) – 10 Elements:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Determining the research objectives and justifying the data
needed to fulfill these objectives
Limiting the collection of personal data
Determining if consent from individuals is required
Managing and documenting consent
Informing prospective research participants about the research
Recruiting prospective research participants
Safeguarding personal data
Controlling access and disclosure of personal data
Setting reasonable limits on retention of personal data
Ensuring accountability and transparency in the management
of personal data
TCPS2 Chapter 5 – Privacy - A. Key Concepts





Privacy - Privacy is respected if an individual has an opportunity to exercise
control over personal information -consenting or withholding consent
Confidentiality - Obligation to protect information from unauthorized access,
use, disclosure, modification, loss or theft. “Essential to the trust relationship
between researcher and participant, and to the integrity of the research
project.”
Security - Measures used to protect information, both administrative &
technical
Identifiable Information – …may reasonably be expected to identify an
individual, alone or in combination with other available information
(“Personal Information”)
Types of Information: Directly & Indirectly identifying information, Coded
information, Anonymized and Anonymous information
TCPS2 Chapter 5 – Privacy - B. Ethical Duty of Confidentiality







5.1 Researchers shall …not misuse or wrongfully disclose it.
5.2 Researchers shall describe measures for meeting obligations and explain
foreseeable disclosure requirements to the REB; and in the consent
(Participant)
5.3 Researchers shall provide details for the full life cycle …its collection,
use, dissemination, retention and/or disposal.
5.4 Institutions or organizations share responsibility to establish safeguards.
5.5 Waiver of Consent for secondary use of identifiable information only if
the REB is satisfied that:
◦ (a) identifiable information is essential to the research;
◦ (b) is unlikely to adversely affect the welfare
◦ (c) appropriate measures to protect the privacy
◦ (d) comply with any known preferences of the individual
◦ (e) it is impossible or impracticable to seek consent
◦ (f) the researchers have obtained any other necessary permission
(custodian/owner)
5.6 If waiver under 5.5 is approved, researchers who propose to contact
individuals for additional information shall seek REB approval.
5.7 Data linkage requires REB approval describing the likelihood that
identifiable information will be created through the data linkage
IWK – SOP (2004)
Privacy is a fundamental value perceived by many as
essential for protection and promotion of human
dignity. When a research participant confides
personal information to a researcher, the
researcher has a duty to protect the information
from reaching others without the participant’s
informed consent.
Breaches of confidentiality may cause harm to the
researcher and to the research community.
Provincial Health Information Legislation
Personal Information
Protection Act
Protection of Personal
Information in the Private
Sector (1994)
(January 2004)
eHealth
Act
(2008/09
)
YK
BC
AB
SK
April 2011
MB
PQ
ON
Health
Information Act
(April 2001)
PIPEDA
Privacy Act
Personal Health
Information Act
NU
NWT
Federal
Health Information
Protection Act
Personal Health
(September 2003)
Information Act
NL
Personal Health
Information Act
June 1, 2013
NB
Personal Health
Information
Privacy & Access
Act
Personal Health
Information
Protection Act (September 2010)
(December 1997) (November 2004)
Nova Scotia Personal Health Information Act
 Came into force June 1, 2013

Aims to achieve a balance between an individual’s right to
privacy and the benefits of use of personal health information

Includes provisions for:
• collection, use, disclosure, destruction and disposal of
personal health information
• consent
• information practices
• access and correction
• complaints
• reviews
“ …to govern the collection, use, disclosure, retention,
disposal and destruction of personal health information
in a manner that recognizes both the right of individuals
to protect their personal health information and the need
of custodians to collect, use and disclose personal
health information to provide, support and manage
health care.”
“Custodians”
•
Custodians must have “custody or control”
of the personal health information

PHIA also applies to “agents” of custodians
•
Example: employees, volunteers, regulated
health professionals with privileges, vendors
“Custodians”
•
Custodians shall limit the collection, use and
disclosure …to what users “need to know” to do
their job
•
record of user activity
•
Specific regarding use of Health Card numbers
•
Retention Schedules
•
Required reporting of a Breach: to the individual or
the Provincial Privacy Officer
•
Not Researchers!
Express consent
• oral or written
Knowledgeable implied consent
• used only within circle of care
Without consent
• covered in sections 31 (collection), 35 (use) and 38
(disclosure)
• custodian may collect, use and disclose without consent,
but may also choose to seek consent
Nurses
Volunteers
Physiotherapist
(private)
Physician (GP)
Health
Records
Dietician
Physicians
EXPRESS CONSENT
EXPRESS CONSENT
District Health Authority
Lab techs
Knowledgeable
implied
consent
Exceptions
DHW initiative
Patient invokes s. 17
14

•
Rules for use of personal health information by
custodian for research purposes include:
• development of a research plan
• Research Ethics Board approval
• prior to commencement of research meets conditions
of Research Ethics Board
• research plan must address consent & specifically
where consent is not being sought, an explanation as
to why seeking consent is “impracticable”
Requirements regarding the use of information for
research are new requirements for custodians
A custodian may disclose personal health
information for research without consent if:
• An Research Ethics Board has determined that the consent
of the individual is not required; and
• The custodian is satisfied that:
• the research cannot be conducted without using personal
health information;
• the personal health information is limited to the
information necessary to accomplish the purpose of the
research;
• the personal health information is in the most de-identified
form possible;
Continued…
• The custodian is satisfied that:
• the personal health information will be used in a manner
that ensures its confidentiality;
• it is impracticable to obtain consent; and
• the custodian informs the provincial Review Officer
Penalties & Fines

Penalty for an individual: up to $10,000 and/or
imprisonment for six months,

Penalty for a corporation: up to $50,000
Definitions:
 52 In Sections 53 to 60,
 (a) "data matching" means the creation of
individual identifying health information
…without the consent of the individuals;


(b) "impracticable" means a degree of difficulty
higher than inconvenience or impracticality but
lower than impossibility;
(c) "research" means a systematic investigation
designed to develop or establish principles,
facts or generalizable knowledge,;



53 Planning and management of the health system does
not constitute research for the purpose of this Act.
54 The use and disclosure of personal health
information by a custodian is limited to the minimum
amount of information necessary to accomplish the
research purposes for which it is to be used or
disclosed.
55 A custodian may use personal health information for
research if, before commencing the research, the
custodian
◦
◦
◦
◦
(a) prepares a research plan
(b) submits the research plan to the REB;
(c) receives the approval of the REB; and
(d) meets any of the REB.

56 A custodian may disclose personal health
information about an individual to a researcher if
the researcher
◦ (a) submits to the custodian
◦ (i) an application in writing,
◦ (ii) a research plan that meets the requirements of Section
59, and
◦ (iii) a copy of the submission to and decision of a research
ethics board that approves the research plan; and
◦ (b) enters into the agreement required by Section 60.

57 A custodian may disclose personal health
information about an individual to a researcher
without the consent of the subject individual if
◦ (a) the researcher has met the requirements in Section 55;
◦ (b) a research ethics board agrees consent is not required;
◦ (c) the custodian is satisfied that
(i) the research cannot be conducted without using the PHI
(ii) the PHI is limited to that necessary,
(iii) the PHI is in the most de-identified form possible,
(iv) the PHI will be used in a manner that ensures its
confidentiality, and
 (v) it is impracticable to obtain consent; and




◦ (d) the custodian informs the Review Officer. (Provincial)
The Research Plan





















(a) a description of the research proposed to be conducted;
(b) a statement regarding the duration of the research;
(c) a description of the personal health information required and the potential sources of the information;
(d) a description as to how the personal information will be used in the research;
(e) where the personal health information will be linked to other information, a description of the other information as well
as how the linkage will be conducted;
(f) where the researcher is conducting the research on behalf of or with the support of a person or organization, the name
of the person or organization;
(g) the nature and objectives of the research and the public or scientific benefit anticipated as a result of the research;
(h) where consent is not being sought, an explanation as to why seeking consent is impracticable;
(i) an explanation as to why the research cannot reasonably be accomplished without the use of personal health
information;
(j) where there is to be data matching, an explanation of why data matching is required;
(k) a description of the reasonably foreseeable risks arising from the use of personal health information and how those risks
are to be mitigated;
(l) a statement that the personal health information is to be used in the most de-identified form possible for the conduct of
the research;
(m) a description of all individuals who will have access to the information, and
(i) why their access is necessary,
(ii) their roles in relation to the research, and
(iii) their qualifications;
(n) a description of the safeguards that the researcher will impose to protect the confidentiality and security of the personal
health information;
(o) information as to how and when the personal health information will be destroyed or returned to the custodian;
(p) the funding source of the research;
(q) whether the researcher has applied for the approval of another research ethics board and, if so, the response to or
status of the application; and
(r) whether the researcher's interest in the disclosure of the personal health information or the conduct of the research
would potentially result in an actual or perceived conflict of interest on the part of the researcher.
60 (1) Where a custodian discloses PHI to a researcher, the
researcher shall enter into an agreement:
Terms of Access and Disclosure Agreement
 By signing below, I,
[Principal Investigator], certify that
the information I have provided on this form is truthful and
accurate.




I declare that the information requested is the minimum
amount of personal health information that is required to be
accessed.
In exchange for access to the personal health information
requested in this application form, I further agree:
to comply with any terms and conditions imposed by the REB
and/or the IWK Health Centre;
to use the information only for the purposes outlined in the
REB approved research plan;
Terms of Access and Disclosure Agreement Continued:





not to publish the information in a form where it is
reasonably foreseeable in the circumstances that it could be
utilized, either alone or with other information, to identify an
individual, except with the individual’s prior express consent;
to allow the IWK Health Centre to access or inspect my
premises to confirm that I am complying with the terms and
conditions of this agreement;
to notify the IWK Health Centre immediately in writing if the
personal health information is stolen, lost or subject to
unauthorized access, use, disclosure, copying or
modification;
to notify the IWK Health Centre immediately and in writing of
any known or suspected breach of the agreement between
the custodian and the researcher; and
not to attempt to identify or contact the individuals unless the
individuals have provided their consent to do so.
Terms of Access and Disclosure Agreement Continued:








Signed by the Investigator & the Custodian
◦ Delegated to Research Services on behalf of the custodian.
REB approval is active and as described above.
Data Transfer, Funding and other agreements have had appropriate
review of confidentiality related clauses, and are fully executed.
Appropriate security measures are in place for data collection,
storage & review process.
All personnel provided access to Personal Health Information have
signed the IWK Confidentiality Pledge.
Access to PHI for this project is valid for 12 months.
Application must include approved REB application (EAS Form) and
Data Collection Form or Specific Field List.
Continuing REB approval must be maintained – amended if the study
plan or team changes.
For Researchers:
 Foundation
principles are not new!
 Heightened
focus on Impracticability
 Careful
consideration of Circle of Care
 Heightened
institution.
sensitivity throughout the
 Nova
Scotia Department of Health and
Wellness – Presentation for Custodians
 TCPS
2—2nd edition of Tri-Council Policy
Statement:
 CIHR
Ethical Conduct for Research Involving Humans
Best Practices for Protecting Privacy in
Health Research (September 2005)
Download