All participating networks that make up the Canadian Primary Care Sentinel Surveillance Network (CPCSSN) meet Privacy by Design Principles, developed by the Information and Privacy Commissioner of Ontario. These principles have been adopted by government ministries and privacy commissioner offices throughout the world as the standard for privacy and security of personal and health information. CPCSSN complies with the privacy legislation in each province and territory by meeting the Information Standards Organization (ISO) 27001/2 [WS1] that governs information system security and the Tri-Council Policy Statement of the Ethical Conduct of Research Involving Humans (TCPS3) [WS2] that governs the use of health information for research purposes.
CPCSSN has completed Privacy Impact Assessments and Threat Risk Assessments across its participating networks. Each network receives a comprehensive report of findings after an information handling audit and there is a privacy compliance checklist that enables each network to take steps to mitigate any identified privacy risks and conduct their own compliance monitoring. Each participating network is required to complete an annual ethics renewal through their host institution and the pan-Canadian CPCSSN also completes an annual renewal for a Health Canada research ethics board certificate of ethics approval. CPCSSN was awarded the 2013 International Association of Privacy Professionals Privacy Innovation Award.
CPCSSN does NOT extract all patient data. CPCSSN mainly extracts structured data and only data managers who have undergone confidentiality training can view de-identified data.
CPCSSN data are anonymized. The data are then further encrypted and stored in a secure repository which complies with the privacy legislation in each province and territory.
Further de-identification software is applied before data are released. CPCSSN was awarded the International Association of Privacy Professionals Privacy Innovation Award.