Policies and procedures

Privacy and data security

The CPSP collects only non-nominal data. The CPSP Steering Committee has always strived to balance the goals of data collection for the common good against the essential need to respect the privacy and confidentiality of patients. The CPSP treats all data collected with sensitivity, according to strict guidelines, procedures and multiple physical and technical safeguards.

The CPSP has transitioned to a new database system that offers web-based reporting to participants. Each researcher also has secure electronic access to data relevant to his/her study. The information below relates both to current CPSP policies and procedures, and also those that apply to web-based reporting.

Why we collect data:

Public health surveillance has been referred to as the epidemiological foundation of modern public health. The CPSP collects and analyses pre-existing scientific health data to study uncommon disorders with high morbidity and mortality in childhood or rare complications of more common diseases of such low frequency that data collection nationally is required to generate a sufficient number of cases to derive meaningful results and advance knowledge. The health impact of such surveillance research is beneficial not only to the individual patient but also to the community at large.

Data collected by the CPSP is used to:

  • Describe populations that are at risk, and to obtain important epidemiological data on their circumstances
  • Evaluate the success of public health interventions by tracking their effectiveness
  • Provide supporting scientific evidence for the stance taken by health-care professionals in establishing and promoting public health programs/interventions
  • Take the pulse at the national level on injury prevention issues
  • Serve as an important beacon in the event of emerging public health issues.

What we collect:

The CPSP limits the data collected to non-nominal information, and to information that is absolutely necessary for the purpose of the study. The CPSP requires each study to obtain ethical approval by a Research Ethics Board which carefully considers the data to be collected. The CPSP Steering Committee also performs a careful review before proceeding to collect data.

Only the reporting physician is aware of the patient’s identity. A case code is assigned to the reporting physician for use in communications with the CPSP. The case code contains the year, study name abbreviation and an incremental report number only. In fact, neither the CPSP nor the study investigator could link a specific child to any report.

The data collected by the CPSP is only used for the purpose described in the approved research plan.

Aggregate provincial data appear on statistical reports to CPSP participants. In the event that fewer than five cases are reported for a study, only aggregate pan-Canadian data appear on these reports. Only pan-Canadian data are published and presented publically.

Physical safeguards:

  • CPSP data is hosted in Canada by the Canadian Network for Public Health Intelligence (CNPHI) infrastructure, which is managed by security-cleared CNPHI team members. The data stored is non-nominal.
  • Hard-copy information is stored in Canada in locked cabinets and strict controls are in place for access and handling by authorized personnel.

Technical safeguards:

  • Data is transmitted using SSL technology.
  • Host servers are protected by firewalls.
  • Role-based user-level security is in place to limit access to electronic data.
  • Auditing of user actions is performed.

Organizational policies and procedures:

  • Access, use, storage and disposal of all data are controlled by protocol and signed user agreements.
  • The identity and location of the reporting physician are not shared with the researcher.
  • CPSP staff members are security cleared.
  • Mandatory staff training on privacy and security protocols is conducted upon hire and as changes occur.
  • Strict procedures govern secure destruction and disposal of data. At the end of the required storage period, documents are shredded on site by certified personnel and a certificate of destruction is obtained.
  • The CPSP’s privacy protocols and procedures are strictly enforced.

Ethical approval

The specific right of privacy/confidentiality for children is set out in article 16 of the 1989 United Nations Convention on the Rights of the Child.

A review of the Compendium of Canadian Legislation Respecting the Protection of Personal Information in Health Research, prepared by the Canadian Institutes of Health Research, states that information can be used or disclosed for research purposes if it is non-nominal and nonidentifiable, as is the case with the CPSP studies. This is also in agreement with the Canadian Medical Association and the Tri-Council guidelines.

Because patient confidentiality is of tantamount importance to the success of the program, all new CPSP studies must receive ethical approval from a certified research ethics board before commencing, and then the studies can only collect non-nominal, existing data that are related to the condition under surveillance.

The reporting physician does not have to inform the family or obtain consent because no identifying information is ever revealed. The CPSP and the importance of rare disease research may be introduced to families who would welcome additional insight into these rare conditions. If a principal investigator wishes to follow up a cohort of patients over time, a Steering Committee approval is needed from the onset with a consent form to be secured from the patient or the parents through the reporting physician before conducting any follow-up.

For more information: Rights to individual privacy and professional confidentiality – A Canadian Paediatric Surveillance Program ongoing commitment. Paediatr Child Health 2004;9(8):535