Privacy
Commitment statement
ICES@uOttawa is committed to protecting the privacy, confidentiality and security of all data to which it has been entrusted to by ICES in order to carry out its mission to conduct research that contributes to the effectiveness, quality, equity and efficiency of health care and health services in Ontario.
ICES Track Record
ICES faculty and staff work hard at maintaining the confidentiality of the data held at ICES. For more than 13 years of service to Ontarians, ICES has protected data confidentiality.
Protection at Every Level
Health information held at ICES is used solely for research and analytical purposes. All data are kept confidential to protect the privacy of individuals through the use of multiple, leading edge methods.
Anonymous data – Before our research begins, all data held at ICES are made anonymous by removing personal identifiers (including name, address, and health card number). ICES researchers study the health of Ontarians collectively by grouping anonymous data together, to understand trends such as treatment outcomes for a particular condition.
Physical measures – ICES is a locked facility and the premises are video-monitored 24 hours a day, inside and out. Tracked key access is required to move through the building. All staff and visitors must wear identification, and all visitors are required to sign in and out of the facility.
Technological measures – Data are housed on an isolated, secure system that can only be accessed by ICES faculty and staff within the ICES facility. Data cannot be copied or printed. As added precautions, frequently changedpasswords, data encryption and specialized software are used to enhance security.
Organizational enforcement – Our Chief Privacy Officer implements and monitors compliance with all security policies and practices, and provides ongoing privacy education for all staff, to make privacy part of ICES’ work culture.
Policy review and compliance – The ICES’ Confidentiality Committee and the Chief Privacy Officer regularly review and audit data security, privacy and confidentiality policies to ensure continued compliance with current health information legislation and data protection practices.
External review – As required by Ontario’s health information privacy legislation, PHIPA, ICES undergoes a site audit and review of all practices, policies and procedures by the Information and Privacy Commissioner of Ontario every three years. Additionally, ICES undergoes electronic security audits by external security experts to ensure the integrity of our systems.
ICES and Ontario’s Privacy Legislation:
The Personal Health Information Protection Act (PHIPA)
ICES is named as a prescribed entity in Section 45 of the Personal Health Information Protection Act (PHIPA - Regulation 329/04, Section 18). Under this designation, ICES can receive and use health information without consent for purposes of analysis and compiling statistical information about our health care system. Data may be collected from multiple health information custodians, including the Ministry of Health and Long-Term Care, physicians, hospitals, laboratories, pharmacies, long-term care facilities and other custodians named in the Act.
To have this privilege, however, ICES must have established policies, practices and procedures that have been audited and approved by the Information and Privacy Commissioner (IPC) of Ontario. Furthermore, this audit and review must be done every three years to ensure that ICES not only complies with PHIPA, but is also diligent in its attention to these approved policies and procedures.
Additional Resources
Privacy brochure
Privacy code
Privacy FAQ
The Ottawa Hospital Research Ethics Board
Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans
For more detailed information on our privacy policies and practices, please contact Anne Lavigne, ICES@uOttawa's Privacy Officer at anlavigne@ottawahospital.ca or visit the Privacy Section of the Institute for Clinical Evaluative Sciences (ICES) website.