Privacy Best Practices in Research

While most of the business case arguments for eHealth are associated with the treatment and care of individuals, there are tremendous societal benefits to be gained through health research. I sometimes get the feeling that we have to be apologetic about using health databases for legitimate research purposes. Only through research will we master the medical and social challenges facing humanity.

A couple of years ago (in 2005 to be exact), the Canadian Institutes of Health Research published a document titled CIHR Best Practices for Protecting Privacy in Health Research. This document defines 10 elements that should be considered in the design, conduct and evaluation of health research to address privacy and confidentiality concerns. These elements are:

• Element #1 - Determining the research objectives and justifying the data needed to fulfill these objectives
• Element #2 - Limiting the collection of personal data
• Element #3 - Determining if consent from individuals is required
• Element #4 - Managing and documenting consent
• Element #5 - Informing prospective research participants about the research
• Element #6 - Recruiting prospective research participants
• Element #7 - Safeguarding personal data
• Element #8 - Controlling access and disclosure of personal data
• Element #9 - Setting reasonable limits on retention of personal data
• Element #10 - Ensuring accountability and transparency in the management of personal data

This is a comprehensive guide (169 pages) for anyone involved in health research who is interested in applying best practices for protecting the privacy rights of individuals.