General

1. Researchers must comply with appropriate policies and procedures based on local legislation and institutional requirements. At the University of Alberta this includes:

• Research Policy

• Research Records Stewardship Guidance Procedure

• The Health Information Act of Alberta

A list of research procedures is available from the University of Alberta Research Services Office.

Note that you may also be required to comply with additional requirements if you are collecting data from residents of other jurisdictions.

2. Passwords and user accounts must be appropriately managed.

• System accounts (login information) must not be shared between multiple users.

• Users are accountable for any actions performed under their ID.

• User’s computers should be protected against viruses and unauthorized use. (Login enforced and password protected screen savers enabled.)

• Principal Investigators are responsible for removing a user’s project related privileges if they leave the research team or no longer require access to a project.

• Institutional email addresses are preferred and users should not use shared email addresses with their REDCap profile.

Online training relating to ethics and privacy is available on the TCPS2 web site at http://www.pre.ethics.gc.ca/eng/education/tutorial-didacticiel/ 

Storing Identifiers

We strongly discourage storage of identifiers in a study database. However some studies may require that identifiers be stored for data matching or administrative purposes. Where this is the case appropriate approvals and consents must be obtained and additional technical safeguards applied.

1. Only the minimum number of identifiers required should be entered into electronic database systems.

2. The project’s ethics application(s) must detail identifiers that are collected and stored in the database and the study team must comply with any conditions imposed by the ethics board(s).

3. Unless consent is waived by the REB, participants must be appropriately consented and this consent should document how personally identifiable information will be handled.

4. REDCap projects that contain direct identifiers must be enabled for two factor authentication. (This is enabled by default).

5. Personal identifiers must be flagged in REDCap’s online designer. Export of identifiers must only be allowed for users who require them for data matching purposes (using REDCap’s User rights module).

6. Identifiers are not required for analysis and should be removed from the database once data matching and cleaning is complete.

7. In Alberta, if the Principal Investigator is obtaining health information from a custodian such as Alberta Health Services, then the Principal Investigator must enter into a research agreement with the custodian (as defined in Alberta's Health Information Act). This agreement must detail how personal identifiers will be collected and stored.  This agreement must also identify with whom the personal information may be shared and for what purposes.

Additional information relating to identifiers can be found at the bottom of this page.

CIHR Best Practices

Investigators should be familiar with CIHR best practice guidelines for protecting privacy in health research. These can be summarized as follows:

• Determining the research objectives and justifying the data needed to fulfill these objectives

• Limiting the collection of personal data

• Determining if consent from individuals is required

• Managing and documenting consent

• Informing prospective research participants about the research

• Recruiting prospective research participants

• Safeguarding personal data

• Controlling access and disclosure of personal data

• Setting reasonable limits on retention of personal data

• Ensuring accountability and transparency in the management of personal data

For more information see the CIHR Best Practices for Protecting Privacy in Health Research, September 2005.

REDCap Surveys

When collecting research data using electronic surveys consent is often implied. However surveys should include an REB approved consent statement indicating that:

1. By completing the form the participant is consenting to the collection and storage of the data

2. The data will be stored in an electronic database and used for research purposes

Mobile and Third Party Applications

Some systems, notably REDCap, provide mechanisms by which applications can communicate with the central server in order to retrieve or update data. The following general principles apply to such applications:

1. Only approved applications will be allowed access to data stored on the server. 

2. Communications between external applications and the server will be conducted using secure protocols such as SSL.

3. External applications must employ appropriate techniques to secure the data. Typically these will include:

   • ID and password based login.

   • Encryption of mobile devices and/or data files.

4. Project managers (typically the Principal Investigator) are responsible for the privacy and security of data that is sourced from University of Alberta and Alberta Health Services systems and must ensure that such data is only accessible to authorized individuals.

Data Retention

REDCap is not an archival system. However, study data will remain in the REDCap system until:

1. an authorized member of the study team deletes the project or requests that the project is deleted,

2. REDCap system managers request removal of a completed project from the system, or

3. the system is decommissioned

If required, and prior to deleting a project from the REDCap system, REDCap support staff will make arrangements with the study team for data to be delivered to the study team for archival.

For privacy reasons it should be noted that deleted studies remain in REDCap for 30 days following deletion. Study data will also remain in system backups for a complete backup cycle. Data pertaining to individual participants is not necessarily deleted when the participant's record is deleted, but may remain in log records. If you are collecting data from jurisdictions where the study participant has a "right to erasure" (for example, European GDPR) you must contact the Privacy Office and the REDCap support team to discuss the request.

Data Access and Other Requests

Certain applicable privacy legislation allows for study participants to request access to their data. Some legislation (such as the European GDPR) may grant participants additional rights. Any such requests must be forwarded to the University’s Privacy Office.

REDCap has certain features that may help you comply with any such request. Contact the support team at redcap@ualberta.ca for additional information.

Obligations Under the Health Information Act

Some projects that use REDCap may be collecting and storing “identifiable healthcare information”. If this is the case then the researcher is obliged to comply with section 54 of the HIA. As employees of the University of Alberta REDCap support staff undertake regular privacy training and are familiar with local privacy legislation. In order to help the researcher meet their obligations REDCap support staff will:

1. Only access study data for the purposes of providing systems support and/or research services.

2. Not distribute identifiable healthcare information outside the study team without the Principal Investigator’s permission.

3. Not  contact any research subject without the consent of the Principal Investigator, except in response to a support request received from the research subject.

4. Allow a Custodian, as defined in the HIA, access to University of Alberta premises in order to confirm compliance with the HIA.

Where a researcher enters into a data disclosure agreement with a Custodian, WCHRI, if requested, will review the agreement and will advise regarding compliance.

Alberta Health Services

The Alberta Health Services standard IPO-2013-0004 also contains recommendations that should be followed by Alberta based clinicians when disclosing health information for research purposes.

GDPR and Extraterritorial Requirements

Researchers collecting data relating to European residents are subject to the ‘extraterritorial’ requirements of GDPR. Other countries such as those in South America may have privacy laws that are based on either GDPR or HIPAA. 

External Researchers

Researchers from institutions other than the University of Alberta may be required to comply with additional local requirements.

Identifiable Information

The Tri Council Policy Statement (TCPS 2) defines identifiable information as follows:

Information that may reasonably be expected to identify an individual, alone or in combination with other available information, is considered identifiable information…

It goes on to further categorize identifiable information.

TCPS Classification

• Directly identifying information – the information identifies a specific individual through direct identifiers (e.g., name, social insurance number, personal health number).

• Indirectly identifying information – the information can reasonably be expected to identify an individual through a combination of indirect identifiers (e.g., date of birth, place of residence or unique personal characteristic).

• Coded information – direct identifiers are removed from the information and replaced with a code. Depending on access to the code, it may be possible to re-identify specific participants (e.g., the principal investigator retains a list that links the participants’ code names with their actual name so data can be re-linked if necessary).

• Anonymized information – the information is irrevocably stripped of direct identifiers, a code is not kept to allow future re-linkage, and risk of re-identification of individuals from remaining indirect identifiers is low or very low.

• Anonymous information – the information never had identifiers associated with it (e.g., anonymous surveys) and risk of identification of individuals is low or very low.

Examples of Identifiers

The US Government’s Health Insurance Portability and Accountability Act (HIPPA) contains useful examples of data items that constitute identifiers. These may be categorized as either direct or indirect identifiers. This categorization is not intended to be definitive but should be considered as guidance for investigators when considering the context of their own study data.