Privacy
Privacy
Respecting personal privacy, safeguarding confidential information, and ensuring security are critical to HRDP-SK’s mission. HRDP-SK has embedded privacy and security checks throughout our policies and standard operating procedures.
HRDP-SK privacy safeguards include, but are not limited to:
physical and network security measures
human resource controls
ethical review
All direct users of HRDP-SK data must also complete:
user and confidentiality agreements
conflict of interest declarations
criminal record checks
privacy training
Data included in HRDP-SK contains information about people and providers who have interacted with Saskatchewan health care services. Several protections for this data are taken, including:
The information in the HRDP-SK central repository is de-identified, which means that all patient and provider information that could potentially identify an individual has been removed or replaced (e.g., name, telephone number, address, and identifying numbers such as Health Services Number, chart number)
Before the data can be used, the individual’s health card number is masked, which means the real number is replaced with a fake number.
All research approved to use the HRDP-SK must complete ethical review and maintain current Research Ethics Board approval throughout the life of the project.
Any results that are used by researchers must be anonymized. For example, each number in results that are removed from the Secure Research Environment must represent at least six people. This ensures that no single person can be identified.
Data Governance
The HRDP-SK is governed by the Master Health Data Sharing Agreement (MHDSA). The MHDSA was signed on August 1, 2022, by Health data Trustees/Health system partners in Saskatchewan. Theis includes the Saskatchewan Ministry of Health, eHealth Saskatchewan, Saskatchewan Health Authority, Health Quality Council, Saskatchewan Cancer Agency, Health Shared Services Saskatchewan, and Saskatchewan Association of Health organizations. The MHDSA allows the HRPD-SK to hold individual-level data. However, HRDP-SK is not the trustee of any of the data holdings. The approval to access the data will depend on the assessment from data trustees.
Data currently available within the HRDP-SK belongs to the Ministry of Health and eHealth Saskatchewan.
The Trustee organization (Trustee) is the legal entity responsible for the personal health information under The Health Information Protection Act. A Government Institution, defined in the The Freedom of Information and Protection of Privacy Act or a Local Authority, defined in The Local Authority Freedom of Information and Protection of Privacy Act, may also be responsible for personal information in their custody and control. At this time, HRDP-SK only contains data sets of personal health information.
Each Trustee is responsible for assessing each HRDP-SK project to ensure it aligns with the applicable legislation. The Trustee representatives are also a part of the team that creates the processes and policies that govern the HRDP-SK.
Patient Partner Roles
Patient Partners are not direct users of the HRDP-SK, as the platform is intended for individuals who employ a primary role in data analytics or research. The data included in the HRDP-SK is available in a format that requires specialized training in data software, such as SAS and R; software that supports statistical analysis and data visualization. The legislation that governs data does not allow access to the public or to Patient Partners.
Patient Partners do, however, take on a key role in guiding what data their research team should access from the HRDP-SK and how it should be used. Thus, we support Patient Partners to actively participate in:
Completing the HRDP-SK data training programs
Co-establishing what data should be pulled from the databases to support the research questions
Participating in reviews of the data outputs that are pulled from HRDP-SK and supporting the team with analysis
Five Safes Framework
The HRDP-SK data access process adopts the Five Safes Framework to provide approved research team members (users) with controlled access to sensitive or confidential data. This ensures that no identifying personal health information or other personal information is disclosed and no one person can be identified.
Under the Five Safes Framework, data access is assessed and based on the following questions:
Safe Projects: Is the use of data appropriate?
Safe People: Can the researchers be trusted to use the data appropriately?
Safe Data: Is there a disclosure risk in the data itself?
Safe Settings: Does the access facility limit unauthorized use?
Safe Outputs: Are the statistical results non-disclosive?
Privacy Impact Assessment
HRDP-SK prioritizes the security and privacy of the data in the central repository and Secure Research Environment (SRE). We continuously review our information security practices addressing any concerns and ensuring the ongoing protection of the data. Our Privacy Impact Assessment details HRDP-SK’s operating principles and includes information on the systems and security measures we have in place to protect privacy as mandated by legislation.
If you would like to view our Privacy Impact Assessment, email us at hrdp-sk@usask.ca.
Contact us at hrdp-sk@usask.ca if you have any question or any privacy concern. We will respond to all inquiries within 3 business days.