All participating networks that make up the Canadian Primary Care Sentinel Surveillance Network (CPCSSN) meet Privacy by Design Principles, developed by the Information and Privacy Commissioner of Ontario. These principles have been adopted by government ministries and privacy commissioner offices throughout the world as the standard for privacy and security of personal and health information. CPCSSN complies with the privacy legislation in each province and territory and this includes meeting the Information Standards Organization (ISO) 27001/2 [WS1] that governs information system security and the Tri-Council Policy Statement of the Ethical Conduct of Research Involving Humans (TCPS2) [WS2] that governs the use of health information for research purposes.
CPCSSN has completed Privacy Impact Assessments and Threat Risk Assessments across its participating networks. Each network has received a comprehensive report of findings after an information handling audit and there is a privacy compliance checklist that enabled each network to take steps to mitigate any identified privacy risks and conduct their own compliance monitoring. CPCSSN was awarded the 2013 International Association of Privacy Professionals Privacy Innovation Award.
CPCSSN does NOT extract all patient data. CPCSSN mainly extracts structured data and only data managers who have undergone confidentiality training can view de-identified data.
CPCSSN data are standardized. The data are then encrypted and stored in a secure repository which complies with the privacy legislation in each province and territory.
Further de-identification tools are applied before data are released. CPCSSN was awarded the International Association of Privacy Professionals Privacy Innovation Award.