Canada is investing a lot of effort and resources into its healthcare system. To ensure that it provides the best possible care, high quality research data must be regularly fed into the system. Much of the data relevant to health research arise from interactions within the health system — every encounter with a physician, a pharmacist, a laboratory technician, or hospital staff generates data.
The amount of data has grown significanly in the last several years. Due to the advances in information technolody, there are multpile ways to manage health and health-related data. Understanding the best ways to access, store, and govern these data is an important issue for Canada and Canadians.
In 2013, the Canadian Institutes of Health Research (CIHR) asked the Council of Canadian Academies to answer the following question:
What is the current state of knowledge surrounding timely access to health and social data for health research and health system innovation in Canada?
The Panel of Canadian experts examined the technological and methodological challenges of accessing data; the benefits and risks of such access; legal and ethical considerations; and best practices for governance mechanisms that enable access. This report provides a foundation of knowledge that will support policy-makers, administrators, clinicians, and researchers in health-related fields who seek to improve the delivery of health and social services to the public.
In order to achieve its goal, the Panel looked for organizations, institutions, programs, or other entities that had been successful in enabling timely access (less than four-months) and protecting privacy.
It selected and investigated six entities, three from Canada and three from other jurisdictions with similar legal and social systems: Manitoba Centre for Health Policy (MCHP), Ontario-based Institute for Clinical Evaluative Sciences (ICES), Ontario-based Better Outcomes Registry and Network (BORN), Wales Secure Anonymised Information Linkage Databank (SAIL), Data Linkage Western Australia (Data Linkage WA), and Farr Institute (Scotland).
These “best practice entities” are mandated, in some cases under legislation, to receive data from encounters in the health-care system and to provide access for public interest research. They all succeed in providing access within a four-month timeframe and share four common principles:
Enabling appropriate use of data to enhance public well-being;
Managing risk by identifying the range of risks involved in providing data access and minimizing those risks where possible, while acknowledging that risks cannot be entirely eliminated;
Respecting privacy to reassure citizens that risks to their core personal interests are kept to an absolute minimum; and
Maintaining public trust by providing evidence of trustworthiness, including using data appropriately and demonstrating the social value of the resulting research.
- For effective research with health and health-related data, disparate sources of data must be brought together. Providing these data in an “analysis-ready” format, thereby allowing statistical relationships or patterns to be derived, is a central methodological challenge.
- Evidence shows that timely access to data enables significant high-quality research that can have far-reaching effects for health care and the overall health of Canadians.
- The risk of potential harm resulting from access to data is tangible but low. The level of risk can be further lowered through effective governance mechanisms.
- Timely access to data is hindered by variable legal structures and differing interpretations of the terms identifiable and de-identified across jurisdictions. Instead of rigidly classifying data as either identifiable or non-identifiable, it is useful to view de-identification as a continuum and to adjust access controls accordingly.
- Evidence demonstrates that a shift is occurring among leading entities from a “data custodianship” model to a “data stewardship” model. Central to the success of this shift is the adoption of good governance practices, specifically in privacy governance, research governance, information governance, and network governance.