Requirements using data held or maintained by Fraser Health (e.g. medical records or administrative data).
A data access agreement (DAA) is required when projects are using data held or maintained by Fraser Health for a purpose other than which it was originally collected. The DAA collects comprehensive information on the collection, use, transfer, retention and destruction of the study data, including the detailed security protections.
Research projects should apply for a DAA via the ROMEO Research Portal.
If the project is determined to involve complex privacy and security concerns, such as data linkage or transfer of personal information outside of Canada, a privacy impact assessment may be required. Please use the Research Privacy Checklist as a guide to navigate more complex privacy and security concerns.
Consent to use contact information:
Health authorities have ethical and legal obligations to maintain the confidentiality of their patients and must get permission from their patients to release their contact information to third-party researchers. As outlined in section 33(3)(h)(ii) of the Freedom of Information and Protection of Privacy Act (FIPPA), public bodies, such as Fraser Health, are prohibited from disclosing personal information for the purposes of contacting patients to participate in research, unless the individual has either provided consent to be contacted for this purpose or the BC’s Information and Privacy Commissioner approves the recruitment strategy.
However, at health authorities where research is integrated with care, this restriction can create a burden in terms of process for hospital staff, clinicians, researchers and patients. Please use the Indirect Consent to Contact Guidance instructions aimed for researchers and staff on how to best navigate this process.
Surveys:
Research surveys projects receive privacy review as part of the research ethics board review and do not require additional review by the Fraser Health Information Privacy Office.
The Fraser Health Information Privacy Office has approved the following survey platforms for use if hosted in Canada:
- Qualtrics
- Survey Monkey
- Fluid Surveys
- Checkbox
- Healthchat
- Simple Survey
Research teams should consider whether collecting personal information is necessary for the project objectives. Personal information includes personal opinions as well as IP addresses. Care should be taken to ensure the information collected does not include identifiers and results should only be reported in an aggregated manner to avoid potential re-identification.
Projects involving new software, information systems or technologies that interface with Fraser Health information systems:
A privacy and security impact assessment (PIA) is an information management tool that helps to determine whether new technologies, information systems, programs, initiatives, projects, strategies or proposals meet basic privacy requirements. The PIA measures compliance with the BC Freedom of Information and Protection of Privacy Act.
The PIA provides a framework to better understand the privacy and security issues. It is used to identify major issues including:
- the nature, source, use, disclosure and security of information collected
- examine the individuals affected
- the authorization of, and notification for collection
It is important to understand that supports are in place within Health Informatics to guide and assist you. Contact the Fraser Health Service Desk at servicedesk@fraserhealth.ca once you have approval from your business area. You will be linked to a Health Informatics customer service liaison or the Fraser Health Information privacy office.