Canadian research ethics: Caught in a quagmire of privacy legislation?

“Trend to privacy seen as hurting research”

This article, from the National Post (September 24) revisits, again, the cry from researchers that overzealous privacy legislation, at both federal and provincial levels,  are preventing researchers from accessing individuals and databases. This quick overview of an article originally in the Canadian Journal of Public Health (July- August 2008, A. Harris et al) illuminates two important points that researchers and  REBs continue to agonize over. 

First, privacy legislation is making it difficult, if not impossible to access data that previously was available to researchers, even anonymized data stripped of all possible identifiers.

Second, and most importantly, the privacy legislation is difficult for many to understand and therefore, is applied and interpreted very differently by different agencies, data stewards and, I would add, REBs and researchers, who are obligated to understand the legislation as applied to specific situations, agencies, information across a variety of contexts.

True enough, the legislation is more than difficult for even smart people to interpret. The “basic reader” on Canadian privacy laws published by the Canadian government that I keep on my desk is thick and heavy with enough very small print to make it a daunting task to try to find an answer to the simplest question. It makes a great paperweight but is not overly helpful in my own interpretation and application of the Acts. 

According to the Canadian government, Canada has the most comprehensive privacy legislation in the world. Few would argue with that. At a federal level, there is PIPEDA and the Privacy Act. In addition, provinces and territories have their own privacy legislation statutes, and even the most educated persons are not always quite sure whether federal legislation trumps provincial or vice versa, on an ad hoc basis. 

Ontario, interestingly enough, has both PHIPA (The Personal Health Information Protection Act) and FIPPA (The Freedom of Information and Protection of Privacy Act). PHIPA allows for the protection of the privacy of persons and the confidentiality of their personal health information. FIPPA is designed in part to protect individuals’ identifiable information held by institutions, guide institutions on how to handle information and allow individuals access to the information that an institution holds about them. 

Most REBs in Ontario are involved with applying both PHIPA and FIPPA when reviewing researchers’ plans on accessing personal data and health information. Most researchers have to work within the constraints of FIPPA and/or PHIPA to access individuals and information. But it is a laborious task for all concerned. And many people aren’t even sure which act is which if they aren’t engaged with privacy issues on a daily basis. 

I was also amused to find that while everyone refers to FIPPA phonetically, some also pronounce the acronym for the Personal Health Information Act (PHIPA) exactly the same, correctly pronouncing the “ph” as a “f”. Yet more confusion, no doubt, probably quite unknowingly, in many conversations…. 

While there are certainly clear distinctions between the Privacy Act, PIPEDA, PHIPA, FIPPA and other provincial statutes, it remains that the legislation created with the laudable aim of protecting Canadian citizens is unclear, the separate Acts can be difficult for both lay persons and academics to untangle and many institutions and agencies are either not applying the Acts at all, or interpreting and thereby applying them in an incorrect way. The valuable objectives and good intentions of protecting private information and those most vulnerable to a breach in privacy are obscured against a backdrop of confusion and a lack of guidance and clarity by governing bodies.

~ by Nancy Walton on October 7, 2008.

One Response to “Canadian research ethics: Caught in a quagmire of privacy legislation?”

  1. I can appreciate the sentiments. I am a health services researcher and we are conducting a large study with multiple health facilities; some accept our university REB approval without question; some accept basic documentation and support expedited review; others require extensive documentation, modification of forms and protocols to conform to their requirements, claiming they must do so under PHIPA. I don’t necessarily blame them, in fact the most overzealous are the ones trying to do their job properly. The lack of consistency is what is the most frustrating, a point of major contention for one REB is not even mentioned by another, but they in turn pick up on a completely different point and run with it, barring the door for a sufficient period of time to make everyone annoyed, before, usually, they let the door open, as if we had all suffered enough at that point…

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: