Requirements using data held or maintained by Fraser Health (e.g. medical records or administrative data).
A data access agreement (DAA) is required when projects are using data held or maintained by Fraser Health for a purpose other than which it was originally collected. The DAA collects comprehensive information on the collection, use, transfer, retention and destruction of the study data, including the detailed security protections.
Research projects should apply for a DAA via the ROMEO Research Portal.
If the project is determined to involve complex privacy and security concerns, such as data linkage or transfer of personal information outside of Canada, a privacy impact assessment may be required.
Surveys:
Research surveys projects receive privacy review as part of the research ethics board review and do not require additional review by the Fraser Health Information Privacy Office.
The Fraser Health Information Privacy Office has approved the following survey platforms for use if hosted in Canada:
- Qualtrics
- Survey Monkey
- Fluid Surveys
- Checkbox
- Healthchat
- Simple Survey
Research teams should consider whether collecting personal information is necessary for the project objectives. Personal information includes personal opinions as well as IP addresses. Care should be taken to ensure the information collected does not include identifiers and results should only be reported in an aggregated manner to avoid potential re-identification.
Projects involving new software, information systems or technologies that interface with Fraser Health information systems:
A privacy and security impact assessment (PIA) is an information management tool that helps to determine whether new technologies, information systems, programs, initiatives, projects, strategies or proposals meet basic privacy requirements. The PIA measures compliance with the BC Freedom of Information and Protection of Privacy Act.
The PIA provides a framework to better understand the privacy and security issues. It is used to identify major issues including:
- the nature, source, use, disclosure and security of information collected
- examine the individuals affected
- the authorization of, and notification for collection
It is important to understand that supports are in place within Health Informatics to guide and assist you. Contact the Fraser Health Service Desk at servicedesk@fraserhealth.ca once you have approval from your business area. You will be linked to a Health Informatics customer service liaison or the Fraser Health Information privacy office.