What are privacy and ethics?
Privacy has been described as: “the claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.” (1) Some types of information are considered more “private” and sensitive than others and among the most sensitive types of information is information about ones’ health. As a result, the privacy of personal health information (PHI) is protected through ethical and legal principles and legislation.
The two main ethical principles related to privacy of personal health information are consent and confidentiality. Consent relates to the individual’s right to decide who can have access to her/his information while confidentiality imposes a duty to safeguard the secrecy of information concerning another. Security of information is closely tied to both concepts and concerns the methods used to prevent access to information by those who are not authorized.
However, in order for patients to receive health care or benefit from research, personal health information may need to be shared with others in an authorized and secure manner. Privacy legislation is designed to balance the right to privacy with the need to share information. For example, the Nova Scotia Personal Health Information Act (PHIA) states that its purpose is to …
govern the collection, use, disclosure, retention, disposal and destruction of personal health information in a manner that recognized both the right of individuals to protect their personal health information and the need of custodians (holders of personal health information) to collect, use and disclose personal health information to provide, support and manage health care.(2)
Why is knowledge of privacy and ethics important?
To protect the right of privacy of individuals whose personal health information is used for research purposes, there are specific requirements set out in the Tri-Council Policy Statement “Ethical Conduct for Research Involving Humans” (TCPS2) and federal and provincial privacy legislation. These requirements include:
- obtaining consent (or a consent waiver);
- limiting the collection, use, disclosure, retention of and access to the information;
- imposing safeguards to protect the confidentiality and security of the information;
- identifying any foreseeable risks and how those risks will be mitigated; and,
- ensuring that any publication of research findings does not identify the individuals to whom the information relates.
When preparing their research plan, researchers need to be aware of the requirements in the TCPS2 and all applicable privacy legislation. In addition, if researchers wish to access administrative data without obtaining consent from each individual, they must provide details about the requested data including: its sources, secure access and storage, the variables, level of identification, time span, rationale, and level of identification required. Furthermore, specifics about data matching and linkage with other information must be provided.
When do you need to be aware of privacy and ethics?
Short answer: Always!
How do you properly address privacy and ethical matters?
To become knowledgeable about research ethics and receive guidance, researchers should read and familiarize themselves with the TCPS 2 document. Researchers are strongly encouraged to take the online TCPS 2 Tutorial Course on Research Ethics (CORE) which applies the principles and guidelines to practical situations. Many Research Ethics Boards (REBs) have set this course as a requirement prior to approval.
Researchers are also advised to review the relevant privacy legislation in their applicable province. Links to the main privacy legislation affecting personal information and personal health information for each province are provided in on our Resources page.
How does MSSU support privacy and ethics in research?
(1) Klein K, International Association of Privacy Professionals. Canadian privacy : data protection law and policy for the practitioner. Portsmouth, NH: International Association of Privacy Professionals; 2012 at p.1.
(2) Personal Health Information Act S.N.S. 2010 c.41 at s.2