...
De-identification tools that remove any directly identifying information from data input into Brain-CODE to the extent possible where Research Ethics Board (REB) approval to store such data is not in place.
Continuous monitoring of the data to ensure compliance under the Personal Health Information Privacy Act (PHIPA).
A risk analysis and the application of de-identification tools to data that have been linked or augmented to other data prior to release.
An Informatics Governance Policy that outlines Data Sharing and Privacy Policies, and the Privacy Breach Policy, which outlines the steps taken in the event of a breach.
Routine updates and consultations with the Office of the Information and Privacy Commissioner of Ontario.
The recent completion of a Privacy Impact Assessment (PIA), and a Threat Risk Assessment (TRA), by independent contractors as updates to previous assessments, and will become routine practice.
A detailed Information Security Policy that outlines the IT measures taken to maintain the safety and proper stewardship of data.
Zones that permits the functional separation of data and ensures that access is only granted to authorized users.
Processes to approve data access requests that require approval by a Research Ethics Board (REB) and the OBI Data Access Committee (DAC).
Operation of the High Performance Computing Virtual Laboratory (HPCVL), which houses Brain-CODE, in compliance with USA FDA 21 CFR Part 11.
Training for all technical staff on how to identify and respond to any sort of breach, and a process by which to report and manage threats to data in Brain-CODE.
...