The Institute for Work & Health (IWH) regards the access to personal information for research purposes as an important privilege. Protecting the privacy of individuals whose personal information is used in our research and the confidentiality of personal information in our custody is an integral commitment of IWH.
We meet this research commitment by:
- establishing clear principles and policies for the protection of personal information, emphasizing high standards of organizational, technical and physical security practices and protocols;
- communicating privacy protection policies and practices to IWH staff, affiliates and stakeholders;
- restricting access to personal information to those members of the organization who have authorized access for research purposes;
- submitting research protocols involving personal information to external research ethics boards;
- designating the position of IWH Privacy Officer to oversee the Institute's privacy protection polices and practices;
- ensuring all staff are trained in the principles and practices of personal information protection and requiring all staff to annually commit, in writing, to respect the Institute's principles, policies and practices in the protection of personal information; and
- ensuring that the Institute's policies and practices are consistent with the best national and international standards of privacy protection in health research and legislative requirements.
The Institute’s full set of policies and practices with respect to protecting the privacy of individuals and the confidentiality of personal information are set out in a handbook prepared by IWH’s Privacy Committee: Privacy, confidentiality and data security: handbook of research policies and procedures (revised in March 2020). The handbook outlines our privacy commitment, ethical principles guiding research involving human participants, privacy protection principles, legislative framework, and privacy protection policies and procedures. You can download the handbook here.
Institute staff have even more detailed policies and procedures for the collection, use and disclosure of personal information used in research at IWH. This information is located on the organization’s internal website and includes four chapters: privacy, security, compliance, and governance and risk management.
Key IWH privacy protection policies and procedures are outlined below.
Research ethics review policies and procedures
All research protocols proposing to use personal information are required to present a copy of the research protocol to a Research Ethics Board (REB) at a health-care institution or university. Where personal information is collected or disclosed by a health-care institution, an additional institutional level REB approval may also be required.
It is the responsibility of the Institute principal investigator to prepare a REB submission and to respond to any concerns raised in the ethics review. All proposed research, whether funded from internal Institute resources, external granting agencies or contract-funding sources, must receive a REB review and approval before research activity may commence.
Investigators are always encouraged to discuss questions or concerns about REB review requirements with the Institute’s Privacy Officer, the Director of Research Operations or their delegate.
Use of secondary data and record linkage
Secondary or administrative data sources can be very useful resources for research. These data sources are collected by organizations to conduct their business. For example, workers’ compensation boards collect information in the course of administering employee compensation claims and collecting employer insurance premiums. Compared to directly surveying or interviewing respondents, these administrative data sources generally save time and money for the researcher, as well as reduce the burden on respondents. Often, these data sources cover entire populations.
Contemporary standards for ethical research practice expect that researchers obtain informed consent from people who are invited to participate in research. It is often not feasible to obtain individual consent from people whose information is recorded in administrative records. To address this special circumstance, enhanced standards for using secondary data sources without individual consent have been developed through an initiative called Harmonizing Research & Privacy, funded by the Canadian Institutes of Health Research.
The Institute is committed to respecting these standards and the guidance outlined in the CIHR document, Best Practices for Protecting Privacy in Health Research (September 2005). To that end, whenever we plan to conduct a study using secondary data and/or record linkage without individual consent, we submit our study protocol for ethical review to a Research Ethics Board at a recognized organization. This submission includes assessments of the benefits of conducting the research, the risks involved, whether other methods could be used, and the safeguards in place to protect the data and the confidentiality of the study subjects.
The following is a current list of research projects being conducted at the Institute for Work & Health that are using secondary data without individual consent. Click on any of the following Privacy Impact Assessments (PIAs) for more details.
- Workplace Safety & Insurance Board Data for Research Purposes (PDF, 95KB)
- Workplace Safety & Insurance Board and WorkSafeBC Lost-Time Injuries and Income Sources Post-Injury (IWH # 406/418) (PDF, 95 KB)
- Early Opioid Prescriptions for Work-Related Musculoskeletal Disorders of the Low Back (IWH # 2170) (PDF, 167 KB)
- Methods for Surveillance of Work Injury by Time of Day in Ontario (IWH # 1185) (PDF, 86 KB)
- Improving information on worker health protection in Ontario: a study based on record linkage (IWH # 1370) (PDF, 67 KB)
Employee privacy training
All new Institute employees receive a privacy orientation and sign a confidentiality agreement as a condition of employment. Privacy information sessions are offered annually, and attendance is mandatory for all employees.
All IWH employees are also required, every three years, to complete the latest edition of the Tri-Council Policy Statement (TCPS) Course on Research Ethics (CORE).
A privacy breach is the loss of, unauthorized access to, or disclosure of personal information. Some of the most common privacy breaches happen when personal information is stolen, lost or mistakenly shared. The Institute has a procedure for containing breaches. If you feel there has been a breach, please contact the Institute Privacy Officer.
Revisions and notifications
Updated: March 2020
Original version: June 2001
Who to contact
For more information about privacy and confidentiality policies and procedures at the Institute, or to express any concerns about the Institute's handling of private or confidential information, please contact:
Dr. Monique Gignac
Scientific Co-Director & IWH Privacy Officer