Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
privacy_interests_in_research [2016/07/06 09:58] wikiadmin [General Issues] |
privacy_interests_in_research [2016/08/15 11:23] (current) wikiadmin [Proposed Privacy Code for consideration and discussions:\\] |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| ---- | ---- | ||
| - | **Note:** A public consultation on the Implementing Rules and Regulations (IRR) of the Data Privacy Act will be on July 13, 2016, 8am-5pm, University of the Philippines, DIliman. Sign up here: **[[http://privacyph.org/irrsignup|privacyPH.org/irrsignup]]**\\ | ||
| Latest version of the IRR: [[http://privacyPH.org/dpairr|privacyPH.org/dpairr]] | Latest version of the IRR: [[http://privacyPH.org/dpairr|privacyPH.org/dpairr]] | ||
| Line 10: | Line 9: | ||
| ---- | ---- | ||
| - | This wiki aims to discuss privacy issues in health research and to propose specific research-related implementing rules and regulations (IRR) for {{::joint_ao_2016-0002_privacy_guidelines_for_the_implementation_of_phie.pdf|the Privacy Guidelines}} (based on [[http://www.gov.ph/2012/08/15/republic-act-no-10173/|RA 10173]]). The main IRR-drafting exercise for the Guidelines is done [[:consolidated_workshop_outputs|here]]. While the immediate application of the exercise is limited to the Philippine Health Information Exchange (PHIE), the rules crafted here may have an impact on health research in the Philippines in general. In a parallel development, the National Privacy Commission (NPC) has just been constituted. You may also consider engaging the Commission directly on special issues in research privacy. \\ | + | This wiki aims to discuss privacy issues in health research and to propose specific **Privacy Code** for {{::joint_ao_2016-0002_privacy_guidelines_for_the_implementation_of_phie.pdf|the Privacy Guidelines}} (based on [[http://www.gov.ph/2012/08/15/republic-act-no-10173/|RA 10173]]). The main Code-drafting exercise for the Guidelines is done [[:consolidated_workshop_outputs|here]]. While the immediate application of the exercise is limited to the Philippine Health Information Exchange (PHIE), the rules crafted here may have an impact on health research in the Philippines in general. In a parallel development, the National Privacy Commission (NPC) has just been constituted. You may also consider engaging the Commission directly on special issues in research privacy. \\ |
| \\ | \\ | ||
| - | **Privacy rules** relating to research (especially health research) are proposed towards the end of this page. Well thought-out changes, additions, suggestions, comments are most welcome.\\ | + | **Privacy Code** relating to research (especially health research) are proposed towards the end of this page. Well thought-out changes, additions, suggestions, comments are most welcome.\\ |
| \\ | \\ | ||
| Line 71: | Line 70: | ||
| \\ | \\ | ||
| - | {{ :screen_shot_2016-07-06_at_9.50.41_am.png?nolink&200 |}} | + | {{ :screen_shot_2016-07-06_at_9.50.41_am.png?nolink&500 |}} |
| --- | --- | ||
| - | - | ||
| Line 85: | Line 85: | ||
| * "strict confidentiality" - does this mean having the same data security rules for research?\\ | * "strict confidentiality" - does this mean having the same data security rules for research?\\ | ||
| * Section 4(d) appears to provide a global "non-applicability" for research. But that doesn't sit well with the above provisions that are clearly about limited exception. Having a blanket exception does not necessarily help research because that will mean having a research regime incompatible at least with its North American and EU counterparts that extend privacy protection to research and data subjects alike. That can mean, in part, being excluded from multi-country research projects. There's also the risk of databases just being arbitrarily labelled as part of "research" in order to avoid privacy regulations. \\ | * Section 4(d) appears to provide a global "non-applicability" for research. But that doesn't sit well with the above provisions that are clearly about limited exception. Having a blanket exception does not necessarily help research because that will mean having a research regime incompatible at least with its North American and EU counterparts that extend privacy protection to research and data subjects alike. That can mean, in part, being excluded from multi-country research projects. There's also the risk of databases just being arbitrarily labelled as part of "research" in order to avoid privacy regulations. \\ | ||
| + | \\ | ||
| + | **Inclusion of Research in Privacy Coverage as Part of the International Norm**\\ | ||
| + | * EU [[http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32016R0679|General Data Protection Regulation]] | ||
| + | * [[http://www.legislation.govt.nz/act/public/1993/0028/latest/whole.html|Privacy Act 1993]] (New Zealand) | ||
| + | * [[http://www.ipc.nsw.gov.au/sites/default/files/file_manager/privacy_statutory_guidelines_research.pdf|Statutory Guidelines on Research]] (Australia) | ||
| + | * [[http://www.ipc.nsw.gov.au/sites/default/files/file_manager/PID%20on%20Disclosure%20for%20Research%20-%20FINAL.pdf|Direction on Disclosures of Information by Public Sector Agencies for Research Purposes]] (Australia) | ||
| + | * [[https://www.oaic.gov.au/privacy-law/privacy-registers/privacy-codes/privacy-market-and-social-research-code-2014|Privacy (Market and Social Research) Code 2014]] (Australia) | ||
| + | |||
| + | \\ | ||
| + | |||
| --- | --- | ||
| - | - | ||
| - | ##Proposed Rules | + | ##Proposed Privacy Code for consideration and discussions:\\ |
| - | Rules for consideration and discussions:\\ | + | |
| - | //Research Subject.//\\ | + | **See [[Health Research]]** |
| - | * The research participant shall be made to understand that he or she can opt-out of the study or have their personal information deleted from the project's database if they so request in writing. \\ | + | \\ |
| - | * //Acceptable recruitment methods.// Acceptable methods for recruiting research subjects may include: advertisements, notices, media (social or tri-media), websites, letter or email to colleagues or healthcare staff to distribute to potentially eligible individuals.\\ | + | \\ |
| - | * //Unacceptable recruitment methods.// Unacceptable methods for recruiting research subjects include (but not limited to): searching through medical records or databases (e.g. patient registry) for qualified subjects and having a researcher with no prior contact with potential subject recruit; recruiting subjects immediately prior to sensitive or invasive procedure (e.g. in pre-op room); retaining sensitive information obtained at screening without the consent of those who either failed to qualify or refused to participate for possible future study participation.\\ | + | |
| - | + | ||
| - | //Research Protocol//\\ | + | |
| - | * Study protocols shall incorporate data protection measures. Protocols shall describe how the participant's privacy will be protected in the entire research process and shall include provisions on how to protect data and samples during use and subsequent storage. \\ | + | |
| - | + | ||
| - | A letter of request addressed to the Local Chief Executive or the Head of the Facility shall be made and is subject for approval. The letter of request shall contain the objective of the study, the type of data to be collected, and the method of data gathering.\\ | + | |
| - | + | ||
| - | Individuals, organizations or third-parties who may access identifiable health information shall be identified in the research protocol and in registration with review bodies.\\ | + | |
| - | + | ||
| - | //Research Projects //\\ | + | |
| - | * A research project involving 1,000 or more data subjects shall register with the National Privacy Commission or its duly deputized body (for health research, possibly the Health Privacy Board).\\ | + | |
| - | * Data breach reporting protocol shall be followed and researchers must ensure that there is privacy protection of data during the entire research process: recruitment, study proper, close-out, and even after study conduct. \\ | + | |
| - | *All personnel involved in the study will be required to sign agreements to protect the privacy, security and confidentiality of identifiable health information prior to accessing any personal information of data or research subject.\\ | + | |
| - | * A copy of the completed research study/project shall be provided to the health facility.\\ | + | |
| - | + | ||
| - | //Research Data//\\ | + | |
| - | * Data or specimen collected from research shall be de-identified or destructed as deemed appropriate. Identifiers will be removed from study-related information, whenever feasible. \\ | + | |
| - | * //Paper-based records.// Paper-based records are to be kept in a secure location and made accessible to personnel involved in the study purposes only. \\ | + | |
| - | * //Electronic records.// Computer-based files will be encrypted and made available to personnel involved in the study through the use of secure access privileges and passwords.\\ | + | |
| - | * Audio or video recording of subjects will be transcribed and then destroyed to eliminate audible or visual identification of data. Collection of visual images shall be subject to patient's consent and identifiable information shall be removed or obscured.\\ | + | |
| - | * //Data Sharing.// Aside from the ones indicated in the study protocol and the original consent document, the research subject shall give his or her permission prior to data sharing arrangements. Data sets publicly made available shall have undergone thorough technical anonymization procedures and shall have been cleared for public access by a duly-constituted ethics committee. The risk of re-identification of study participants or data subjects should be low to none.\\ | + | |
| ##See Also | ##See Also | ||
| - | * [[consolidated_workshop_outputs|Privacy Set of Rules (SOR)]] | + | * [[consolidated_workshop_outputs|Health Privacy Code]] |
| ##References: | ##References: | ||
| * Wiles,R., Prosser,J., Bagnoli A., Clark A., Davies K., Holland, S., Renold E., (2008). Visual Ethics: Ethical Issues in Visual Research. Retrieved from http://eprints.ncrm.ac.uk/421/1/MethodsReviewPaperNCRM-011.pdf | * Wiles,R., Prosser,J., Bagnoli A., Clark A., Davies K., Holland, S., Renold E., (2008). Visual Ethics: Ethical Issues in Visual Research. Retrieved from http://eprints.ncrm.ac.uk/421/1/MethodsReviewPaperNCRM-011.pdf | ||
| ---- | ---- | ||