How does the Ontario Brain Institute ensure the privacy of participants with data held or shared within Brain-CODE?
OBI is and will continue to be committed to the highest standards of data privacy and security.
In recognition of our continued efforts to adhere to a rigorous framework of privacy and security, the Ontario Brain Institute (OBI) has been designated a Privacy by Design Ambassador by the Information and Privacy Commissioner of Ontario. An ongoing collaboration with legal, IT security and privacy experts, and ethics policy advisors, has yielded a set of safeguards and a robust governance framework that are in accord with the sensitive nature of the data input into Brain-CODE. OBI has therefore taken action, and put in place policy and technology measures to protect these data that include:
De-identification tools that remove any directly identifying information from data input into Brain-CODE to the extent possible where Research Ethics Board (REB) approval to store such data is not in place.
Continuous monitoring of the data to ensure compliance under the Personal Health Information Privacy Act (PHIPA).
A risk analysis and the application of de-identification tools to data that have been linked or augmented to other data prior to release.
An Informatics Governance Policy that outlines Data Sharing and Privacy Policies, and the Privacy Breach Policy, which outlines the steps taken in the event of a breach.
Routine updates and consultations with the Office of the Information and Privacy Commissioner of Ontario.
The recent completion of a Privacy Impact Assessment (PIA), and a Threat Risk Assessment (TRA), by independent contractors as updates to previous assessments, and will become routine practice.
A detailed Information Security Policy that outlines the IT measures taken to maintain the safety and proper stewardship of data.
Zones that permits the functional separation of data and ensures that access is only granted to authorized users.
Processes to approve data access requests that require approval by a Research Ethics Board (REB) and the OBI Data Access Committee (DAC).
Operation of the High Performance Computing Virtual Laboratory (HPCVL), which houses Brain-CODE, in compliance with USA FDA 21 CFR Part 11.
Training for all technical staff on how to identify and respond to any sort of breach, and a process by which to report and manage threats to data in Brain-CODE.