Privacy

CaNIOS Privacy Statement 

At CaNIOS, we treat health and research information with respect and sensitivity according to applicable laws. The CaNIOS National Lupus Registry is used solely for research and statistical purposes. All data situated at our server’s host office are kept strictly confidential to protect the privacy of individuals through multiple means: 

Physical measures: Maintenance of security measures and procedures consistent with industry standards such as a secure hosting facility, 24-hr surveillance, keypad entry & auditing, bullet-proof encasement around the machine room, access limited to only authorized personnel and by changing security locks, appropriate attention to flooding and fire threat; 

Organizational measures: Strict employee confidentiality agreements (with immediate dismissal as a sanction) and limiting access on a “need-to-use” basis; all necessary steps will be taken including instruction of employees and/or agents to ensure that the confidentiality of all input data, output data files and the master file belonging to CaNIOS is maintained. 

Technological measures: Secure (https) access to the internet, actively maintained dedicated firewalls, ongoing virus/worm surveillance, recovery from virus infection events, passwords, audit trail, encryption of data, regular backup every 24 hours to a secondary disk system on site and restore procedures; and, 

Anonymization: All data are stripped of conventional personal identifiers therefore personal health information can not be updated nor corrected at the level of the CaNIOS National Registry, unless individual CaNIOS Centre collecting the data verifies and updates the information. 

Policy Compliance: The CaNIOS Privacy Committee implements and monitors compliance of security policies and practices. 

 

CaNIOS Privacy Code 

 

The CaNIOS   Privacy Code is reflective of various provinces’ privacy legislation and based on Ontario’s Personal Health Information Protection Act (PHIPA, 2004), Schedule 1 of the Personal Information Protection and Electronic Document Act (PIPEDA), and adapted from the Institute for Clinical Evaluative Sciences (ICES) Privacy Code. 

 

CaNIOS Privacy Commitment

 

CaNIOS’ mandate to perform research that contributes to the effectiveness, quality, equity, and efficiency of health care for the Canadian lupus population is complimented by its promise to respect personal privacy, safeguard the confidentiality of data and provide a secure environment for the databases under its management. CaNIOS meets this commitment by having: 

  • - Ensured data anonymity; 
  • - Principles and policies in place for the protection of health data; 
  • - Strict policies which limit access to anonymized data; 
  • - Heightened security measures: organizational, technological and physical;
  • - Processes for review and approval of research proposals; 
  • - An active Privacy Compliance subcommittee, at the working and governance levels; 
  • - Mandatory staff training to keep health information protection matters a constant priority; 
  • - Requirements that all staff sign a pledge of confidentiality;
  • - Regular review of its policies to ensure they are in line with current health information legislation and protection practices.