Article Text
Abstract
Objectives Research organisations experience challenges accessing administrative and record level data due to legislative privacy restrictions and ethical considerations. Ensuring that individuals’ privacy are preserved while maintaining the utility of data, raises legal, ethical and privacy challenges for researchers conducting epidemiological studies.
The Partnership for Work, Health and Safety (Partnership), an innovative Canadian research platform, must operate in a data-rich environment using administrative data such as occupation health data to provide evidence for policy-making that can improve workers health and safety. In order to have access to multijurisdictional data, it operates under an effective data access model that meets legislative, privacy and ethical concerns via our data partner, Population Data BC (PopData).
Methods A flexible data access protocol has been developed accommodating a multi-legislative landscape. It is a centralised privacy and security model encompassing the Privacy by Design principles ensuring privacy controls and safeguards are in place to facilitate access to both linked and unlinked data and meet ethical concerns. These protocols meet ISO 27002 requirements for information security. Research data are housed in a Secure Research Environment (SRE) provided by PopData. The SRE is a central server accessible through a firewall only via an encrypted Virtual Private Network (VPN) using a SecurID token for authentication. The SRE provides the Partnership with secure storage and back up of data while generating audit log of all activities of the SRE. Researchers accessing data must complete privacy training and sign confidentiality undertakings.
Results A model that offers a comparable level of data protection to all data providers and consistent data protection practices through a secure environment resulting in over 9 Data Sharing Agreements executed to access longitudinal population-based data.
Conclusions Data access requires a rigorous “Privacy by Design” data access and infrastructure model and strong partnerships with stakeholders and data providers.