Research Ethics Board FAQ

To submit data access requests through the Controlled Access Mechanism, External Researchers must possess an affiliation with an accredited academic institution, think tank, company, or other research organization. External Researchers can be local, national, or international members of the general science or health care community.

The request will be reviewed by the Data Access Committee (DAC). The DAC consists of representatives from the Ontario Brain Institute’s (OBI) Integrated Discovery Programs (IDPs) partners and will include members knowledgeable in privacy. A community advocate and/or patient experience representative may also be a member of the DAC.  

The request will also be reviewed by the Brain-CODE Informatics Steering Committee (ISC) to ensure adherence to the Ontario Brain Institute’s Principles. The Brain-CODE ISC will approve or deny the request based on input from the DAC.

The following documents are required for a Data Access Request submission:

• REB approval letter / exemption letter

• REB approved protocol (with matching version number / code)

Under the Brain-CODE Governance Policy, all data access requests for data stored in Brain-CODE must be approved or exempted from review by the External Requester’s local IRB/REC/REB. Approved study protocols should explicitly mention using the specific data set the External Requester is seeking access via Brain-CODE.

If the Brain-CODE data set being requested is being used in addition to an existing IRB/REC/REB-approved study, External Requesters are asked to complete an IRB/REC/REB amendment explicitly mentioning use of said data set. For support on preparing such an amendment, please contact governance@braincode.ca.

Prior to review by the DAC and the ISC, the Informatics Team, which manages the Brain-CODE platform, will review the request and contact the External Researcher if there are any concerns or questions about the application. If upon review of the Data Access Request, the decision is made to deny the request, the Informatics Team at OBI will explain the decision to the External Researcher. The External Researcher who has requested access to the data can email governance@braincode.ca to request further information about why the request was denied and appeal the decision.

The DAC consists of representatives from the Integrated Discovery Programs (IDPs) and will include members knowledgeable in privacy. A community advocate and/or patient experience representative may also be a member of the DAC.  The ISC consists of OBI senior management staff.

Data that was collected that did not previously contain identifiable health information (PHI) can be released via the Public Data Access Mechanism which does not require approval from a Data Access Committee or Research Ethics Board (REB). These data include animal model data, phantom MRI data, or anonymous survey data. Upon submission of the Public Data Access Request, the External Researcher will receive an email with instructions on how to download the Data. Data that is accessed via the Controlled Data Access Mechanism is data that may have contained PHI when it was originally collected and has since been de-identified as outlined in the Brain-CODE Informatics Governance Policy.

Direct identifiers, as listed below, must be removed for the Data to be considered de‐identified for the purposes of OBI. All names, telephone numbers, facsimile numbers, home addresses, electronic mail addresses, health insurance numbers, social insurance numbers, medical record numbers, account numbers such as certificate and license numbers, vehicle identifiers and serial numbers, including license plate numbers, unique device identifiers, web universal resource locators (URLs), internet protocol (IP) address numbers, biometric identifiers including fingerprints, voiceprints, retinal scans, or dental x‐rays, full face photographic images, and any comparable images, and full birth date and full date of death.

The data is de-identified. The TCPS2 defines de-identified (coded) data as where direct identifiers are removed from the information and replaced with a code. Depending on access to the code, it may be possible to re-identify specific participants (Chapter 5 of TCPS2). The data released in zone 3 of Brain-CODE has had all direct identifiers removed. While the original data which may contain identifiers will likely remain in Zone 1, these direct identifiers will not be released to External Researchers under any circumstances.

Each Brain-CODE user signs a Platform Terms of Use Agreement that binds them to appropriate use of the data, including a prohibition to attempt to attribute, link, connect, or associate any data with any natural person. In addition to a Terms of Use Agreement, every researcher that applies via the Controlled Access Mechanism will be required to sign a legally binding Data Use Agreement with the Ontario Brain Institute.

As part of the Zone 3 Data Use Agreement, they are agreeing to only access the specific data requested and to only use the data for the specific purposes outlined in the agreement, the REB-approved application, and the Data Access Request. The agreement binds researchers to keep all data strictly confidential and to notify OBI in writing of any data breaches or unauthorized access. Researchers agree to provide OBI with annual updates on the data use and data access. The agreement explicitly states that attempt to re-identify individuals from the data is strictly forbidden and under no circumstances is contact with individuals permitted.  

Brain-CODE was designed with best-practice privacy strategies at the forefront to enable secure capture of sensitive participant data in a manner that abides by ethical principles and government legislation. As such, privacy and security features have been robustly incorporated into the foundation of Brain-CODE’s infrastructure and are reinforced by guidelines and safeguards that ensure participant data security.

These measures include encryption and data de-identification to protect participant data and enhanced validation certificates to guarantee the authenticity of outward-facing software applications, as well as administrative, physical, and technical safeguards and security processes that are aligned with Code of Federal Regulations Title 21, Part 11 standards (CFR Title 21, Part 11, 2017). As a result, OBI has been named a “Privacy by Design” Ambassador by the Office of the Information and Privacy Commissioner of Ontario (Cavoukian, 2011). This designation refers to the mitigation of privacy and security risks through a proactive and preventative approach to research data management by embedding privacy and security measures directly into the design of systems and practices.

While each consent form may have minor changes to the standard consent form language based on local Research Ethics Board (REB) and institutional requirements, the original consent language will be very similar to the following. OBI has a robust process for tracking consent and approval for third-party data sharing which is adhered to at all times. The Brain-CODE Standard Consent Language is currently as follows:

Which data will be collected and why?

These data are being collected as part of an Ontario collaborative study on [ID Program], and will be used in conjunction with data collected from persons with the same and different conditions. This will allow researchers to study the causes of the disorder, improve diagnoses, and develop treatments and interventions. In addition to the data that will be collected from [study intervention], we will also be collecting your health card number and other demographic information like [insert details]. Your encrypted health card number or [other data we collect in this study] may be used to link with data stored in independent databases, such as OHIP, or other databases in a secure environment.

By providing consent to this study, you are agreeing that the data collected during this study will be stored electronically in a database developed and maintained by the Ontario Brain Institute (OBI). This database is known as Brain-CODE, and it will be stored in reputable facilities with high level security protocols. Brain-CODE will allow researchers to use the data collected in these collaborative studies to perform research and learn more about how [disease] affects the brain.

What will happen to my data?

Brain-CODE is an open-access database. This means that researchers and organizations outside this study can request access to data that have been stripped of information that can identify you. Your health card number will be encrypted upon entry into Brain-CODE and will remain encrypted at all times.

How will my information be kept confidential?

We wish to assure you that your privacy is very important to us. When you join the study, you will be given an ID number. Researchers will use this ID number to organize your data, instead of your name or other information that can identify you directly. Any data collected for study purposes that could potentially identify you will be stored in a highly secure manner and never be released or disclosed in a form that could identify you. We will use tools that remove identifying information using the most advanced tools available to minimize the risk of identifying you from the information we collect or release. This process will be applied to all data, including any new data that have been linked through other databases, such as OHIP.

[Organization] and OBI have entered into legal agreements to protect your data, and to set out the purposes for which these data will be collected, used, stored and disclosed. Steps have been taken to make sure your data are safe and the risk of identifying you is minimized. The OBI will continue to monitor these safeguards as new technologies evolve in order to limit any new risks to privacy.

Who will have access to my information, and what will they see?

Data collected through this study and stored in Brain-CODE will be available to researchers in this study. A current list of these researchers and organizations can be found at: [Email governance@braincode.ca for the program specific link].

Data from this study that have had identifying information removed using the most advanced tools available may be shared with local, national and international researchers and organizations that are not part of this study. This open approach is being used by researchers internationally to better understand disease. Access to data by outside researchers or organizations will require a detailed plan for the use of the data, and approval from a Research Ethics Board, as described in OBI’s Data Sharing Policy Brain-CODE | Ontario Brain Institute . These researchers or organizations will be required to enter into an agreement with OBI that clearly states the safeguards that will be in place to protect those data, and the purposes for which these data may be collected, used, stored and disclosed.

OBI may take some of your data, combine them with data from many other people, and make them available to enhance the public’s awareness of research. We will use tools to remove identifying information from these combined data sets, making the risk of identifying you minimal.

If I decide later on that I no longer want to be part of this study, what happens?

        You can withdraw from the study at any point. No new data will be collected or linked to other data from that point on. Upon your request, any data that have not been processed to remove identifying information will be destroyed. However, we are not able to remove any data that have already been analyzed, processed to remove identifying information or linked with other data for placement in Brain-CODE. To withdraw from the study, contact [Site PI; email; phone].

If you have any questions, please ask [appropriate person at site]. Further information about Brain-CODE is available at Brain-CODE | Ontario Brain Institute .

Any of the information in this letter can be sent to you by mail, upon your request.

Platform Terms of Use Agreement

I have requested a license to use Brain-CODE (the “License”). Brain-CODE (as the same exists from time to time, including any upgrades, replacements, or supplements thereof, “Brain-Code”) is an informatics platform that permits the storage, access and analysis of data (any information or data on Brain-CODE from time to time, is referred to herein as “Data”).  I hereby agree to abide by the following terms:

1. I certify that the details of my identity that I have provided to Ontario Brain Institute (“

OBI”) in association with applying for a Brain-CODE account, the License, or otherwise, are accurate.

1. I agree that I will only use Brain-CODE and the Data for the purpose of (i) conducting scientific research (ii) participating in scientific research where the data derived therefrom will become Data or (iii) browsing Data for my personal interest ((i), (ii) and (iii) collectively the “

Permitted Purpose”) and not for any other purpose, including without limitation any commercial purpose, without the prior written consent of OBI. 

1. Under no circumstances will I attempt to attribute, link, connect, or associate any Data with any natural person.

2. I will follow and adhere to OBI’s

Informatics Governance Policy as the same may be amended from time to time.  The Informatics Governance Policy can be found at Brain-CODE | Ontario Brain Institute . 

1. I will not try to hack in to, or gain access to areas of Brain-CODE and Data which I am not authorized to access. 

2. I will not copy, decompile, reverse engineer, disassemble, modify, or create derivative works of the software comprising Brain-CODE or any part thereof.

3. I will keep the login details of my account for Brain-CODE, including all passwords, strictly confidential.  I agree that I shall be liable for any damage caused to OBI or Brain-CODE, or any systems upon which Brain-CODE relies or is connected, on account of the use of my Brain-CODE account or login particulars, including third party access thereto. 

4. I agree that I am fully liable for the confidentiality of any Data that I have downloaded or made copies of with respect to the obligations listed in this Agreement.  I agree that I am fully liable for the unauthorized use of any such Data whether be me, or a third party, however such third party may have obtained access to such Data.

5. I may use the Data for the Permitted Purpose provided I include the following language in any publication, or any presentation or disclosure of the Data, or works derived from or including the Data:

“We would like to acknowledge the individuals and organizations that have made data [and analysis] used for this research available including [ID program name/Data producer name], the Ontario Brain Institute, the Brain-CODE platform, the Government of Ontario, as well as [independent collaborator names].”

10.   I will immediately provide written notice to OBI upon gaining knowledge of the occurrence of any of the following: (i) unauthorized use of, or access to, Brain-CODE and/or the Data and (ii) abnormalities in the Data or evidence that certain Data is incorrect.

1. I will abide by all applicable laws that relate to the use of Brain-CODE and the Data.

2. OBI makes no representations that Brain-CODE or the Data are appropriate or available for use in any particular location.

3. OBI reserves the right to change, suspend, remove, or disable access to Brain-CODE or the Data at any time without notice. In no event will OBI be liable for the removal of or disabling of such access. OBI may also impose limits on the use of, or access to, Brain-CODE or the Data, as the case may be, without notice or liability.

4. If any aspect of Brain-CODE or the Data is governed by a separate license agreement, and the terms of that separate license agreement contradict or are otherwise incapable of being construed in conjunction with the provisions of this Platform Terms of Use Agreement (this “Agreement”), the provisions of that separate license agreement shall take precedence over those contained herein.

5. In the event that I enter into a Data Use Agreement with OBI, any provisions of the Data Use Agreement contradict and are otherwise incapable of being construed in conjunction with the provisions of this Agreement, the provisions of the Data Use Agreement shall take precedence over those contained in this Agreement, including without limitation the ability to download and share Data.

6. I expressly acknowledge and agree that use of Brain-CODE and access to the data are at my sole risk and that the entire risk as to satisfactory quality, performance, accuracy and effort is with me.  To the maximum extent permitted by applicable law, Brain-CODE and the data and any services performed or provided by brain-code ("services") are provided "as is" and “as available”, with all faults and without warranty of any kind, and OBI hereby disclaims all warranties and conditions with respect to the brain-code and the data and any services, either express, implied or statutory, including, but not limited to, the implied warranties and/or conditions of merchantability, of satisfactory quality, of fitness for a particular purpose, of accuracy, of quiet enjoyment, and non-infringement of third party rights. OBI does not warrant against interference with your enjoyment of Brain-CODE or the data, that the functions contained in, or services performed or provided by, Brain-CODE will meet your requirements, that the operation of brain-code or services will be uninterrupted or error-free, or that defects in brain-code, the data, or services will be corrected. No oral or written information or advice given by obi or its authorized representative shall create a warranty.

7. To the extent not prohibited by law, in no event shall OBI be liable for personal injury, or any incidental, special, indirect or consequential damages whatsoever, including, without limitation, damages for loss of profits, loss of data, business interruption or any other commercial damages or losses, arising out of or related to your use or inability to use Brain-CODE or access the data, however caused, regardless of the theory of liability (contract, tort or otherwise) and even if OBI has been advised of the possibility of such damages.

8. Any rights I have to access Brain-CODE and the Data are non-transferable and not exclusive.

19.   My obligations under this Agreement with respect to access to Brain-CODE continue for the entire period over which I have access to Brain-CODE.  The following sections of this Agreement survive termination: 2,3, 4, 5, 6, 7, 8, 9, 11, 14, 15, 19, 20, 21, 22

20.   No amendment to or modification of this Agreement will be binding unless in writing and signed by OBI.

21.   This Agreement is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. If for any reason a court of competent jurisdiction finds any provision, or portion thereof, to be unenforceable, the remainder of this Agreement shall continue in full force and effect.

22.   The undersigned is hereby put on notice that the confidentiality and the terms of use of data are extremely important to OBI and any breaches of this Platform Terms of Use Agreement will be vigorously prosecuted.

23.   It is my express wish that this Agreement and any related documents be drawn up and executed in English. Il est la volonté expresse des parties que cette convention et tous les documents s’y rattachant soient redigés et signés en anglais.

DATA USE AGREEMENT

RESEARCH USE OF DE-IDENTIFIED DATA

TO: The Ontario Brain Institute ("OBI")
DATED AS OF: 

Background

This Data Use Agreement ("Agreement"), effective as of the last date of signature below, is entered into in favour of OBI as a condition to, and as consideration for OBI providing External Researcher with access to Data in Brain-CODE. Brain-CODE (as the same exists from time to time, including any upgrades, replacements, or supplements thereof, "Brain-CODE") is a software platform that permits the storage, access and analysis of data (any information or data on Brain-CODE from time to time, is referred to herein as "Data").

The undersigned (herein referred to as "External Researcher") has entered into a Platform Terms of Use Agreement in favour of OBI that, amongst other things, addresses a license to use Brain-CODE and Data (as defined in the Platform Terms of Use Agreement, and hereinafter the "Data") for the Permitted Purpose, as set out therein.

Agreements made by External Researcher:

1. External Researcher agrees that it shall only access the requested Data in Brain-CODE, and shall not access any other information in Brain-CODE (

without limiting the more expansive definition of the term Data used in this Agreement, all of the data described in the Data Access Request shall be considered “Data” for the purposes of this Agreement);

1. The Data is being provided to External Researcher for the sole purpose of conducting the following study (referred to herein as the "Study");

2. External Researcher agrees that it shall only use the Data for the sole purpose of conducting the Study, including without limitation, performing analysis in respect of results of the Study (such permitted purpose, the "Purpose"). The External Researcher agrees that it shall not use the Data for any purpose other than the Purpose;

3. External Researcher shall use the Data in compliance with: (a) this Agreement, (b) the Platform Terms of Use Agreement, (c) the requirements of the Study, (d) applicable laws, and (e) the REB approval in respect of the Study;

4. External Researcher shall follow and adhere to OBI's Informatics Governance Policy as the same may be amended from time to time. The Informatics Governance Policy can be found at 

Brain-CODE | Ontario Brain Institute ;

1. External Researcher shall use appropriate safeguards to prevent any unauthorized use or disclosure of the Data and shall promptly give written notice to OBI of any unauthorized use or disclosure of which External Researcher becomes aware, or of any breach to this Agreement, at the following address: 1 Richmond Street W #400, Toronto, ON M5H 3W4, Attn: John Clarkson;

2. External Researcher shall not use any Data or permit any Data to be used to identify or contact the individuals from whom such Data were collected;

3. External Researcher shall keep all Data that it has downloaded or made copies of strictly confidential, and will not share any such Data with anyone or permit anyone to access or view such Data. External Researcher agrees to be fully liable for the unauthorized use of any such Data whether by self, or a third party, however such third party may have obtained access to such Data;

4. External Researcher shall give access to the Data only to its staff with a need to know for the purpose of conducting the Study, and who are bound by the External Researcher to comply with the terms of this Agreement. External Researcher shall be liable for any breach of this Agreement (including the confidentiality terms herein) caused by any person or entity to whom External Researcher has disclosed Data;

10. External Researcher shall be granted a license to use Brain-CODE (the "License"), wherein any rights to access Brain-CODE and the Data are non-transferable and not exclusive. Obligations under this Agreement with respect to access to Brain-CODE and Data continue irrespective of whether the License has been granted or terminated, and for greater certainty External Researcher agrees that OBI may revoke the License or access to Data at any time, at the sole discretion of OBI;
11. External Researcher shall, upon request from OBI, provide updates related to use of the Data on an annual basis by completing the Annual Update form. In addition, External Researcher shall make results and processing methods available to other users through the Brain-CODE platform in a timely manner;
12. For greater certainty, this Agreement is in addition to, and not in substitution for the Platform Terms of Use Agreement entered into with OBI. In the event that any provisions of this Agreement contradict and are incapable of being construed in conjunction with the provisions of the Platform Terms of Use Agreement, the provisions of this Agreement shall take precedence over those contained in the Platform Terms of Use Agreement;
13. No amendment to or modification of this Agreement will be binding unless in writing and signed by OBI;
14. The term of this Agreement shall commence as of the effective date and terminate upon Study completion provided that the following Sections of this Agreement shall survive any termination of this Agreement: Sections: 1 through 14. Upon expiration of this Agreement, External Researcher shall destroy all copies (whether physical or electronic) that have been made of Data, and if requested by OBI, provide a certificate confirming the secure destruction of Data under this obligation;
15. This Agreement is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. If for any reason a court of competent jurisdiction finds any provision, or portion thereof, to be unenforceable, the remainder of this Agreement shall continue in full force and effect.

It is my express wish that this Agreement and any related documents be drawn up and executed in English. Il est la volonté expresse des parties que cette convention et tous les documents s'y rattachant soient redigés et signés en anglais.