DataBreaches.Net

Report of the Health Data Research Forum: Office of the Information & Privacy Commissioner for B.C. and the B.C. Ministry of Health

Posted on by Dissent

From the report:

On December 9, 2013, the Office of the Information and Privacy Commissioner for British Columbia (OIPC) and the B.C. Ministry of Health (MoH) convened a meeting of 38 representatives from the health research community and its stakeholders in British Columbia. The attendees were invited to come together to discuss and seek solutions on timely access to, and appropriate use of, health data under the stewardship of the MoH and health authorities for research, evaluation, planning and quality improvement while maintaining academic independence and enhancing privacy protections and security safeguards. Discussion included, but was not limited to:

  • The current state of health data access for research and health system innovation in B.C.;
  • Best practices for improving access to health data for research purposes;
  • Methods to ensure strong privacy protections and security safeguards; and
  • Principles for an improved future state with identified priority action items for continuous improvement.

Moreover, this forum built upon previous efforts to enhance timely and appropriate access to health data by identifying opportunities, barriers and solutions to health data access discussed in the OIPC’s Report of the Roundtable Discussion on Access to Data for Health Research – held on June 25, 2012 and the efforts of the MoH to implement recommendations following three recent health data breaches and the associated investigations. This report serves as the record of the discussions of the Health Data Research Forum held on December 9, 2013.

[…]

The key recommendations for the next 12 months to develop robust and enabling privacy and security frameworks include:

  • Reviewing the role of the Data Stewardship Committee (DSC);
  • Designing proportionate and tailored privacy and security framework;
  • Articulated and common principles within the GHISA and training for the principles and framework developed in the GHISA;
  • Standardized data request, review and approval process within health authorities;
  • Clearly identified roles and responsibilities for all parties involved;
  • Clarification on the “use for contact purposes” in the FIPPA S.35 (1)(a)(i);
  • Acceptable alternatives to encryption;
  • Workshops to review existing privacy and security frameworks and work towards a harmonized approach; and
  • Develop a library of Privacy Impact Assessments (PIAs).

The key long-term recommendations to develop robust and enabling privacy and security frameworks include:

  • Mechanisms to keep the framework current;
  • Clear guidelines to researchers for safe storage of personal health and/or sensitive information;
  • Consistent standards for data linking regarding identification;
  • Data Stewardship Committee guidance on sensitivity of data;
  • Population Data BC to have access to HealthIdeas; and
  • Defined criteria for low-risk data regarding the potential identification of subjects.

You can download the full report here (pdf).