Presentation from Phoebe Macleod, Legal Counsel and Business Development Manager, and Amandine Philippart De Foy, Paralegal, from the Murdoch Children’s Research Institute.
Phoebe and Amandine presented on legal considerations for data sharing.
Webinar: https://www.youtube.com/watch?v=pwtlr7BtdQU
Full Webinar: https://youtu.be/FSlA1noJ1VU
Overview of privacy and data protection considerations for DEVELOPTrilateral Research
Ähnlich wie ANDS health and medical data webinar 23 May 2017. Ethics, Legal issues and Data Sharing. Phoebe Macleod and Amandine Philippart De Foy (20)
2. Outline
•Personal Information & Legal Framework
•Personal Information in the Context of
Research
•How to “De-Identify” Personal Information?
•Additional Legal Recommendations & Wrap Up
•Questions
4. What is Personal Information?
Personal Information & Legal Framework
Personal information is:
Information/opinion about an individual
identified (or who is reasonably
identifiable)
• True or not;
• Recorded in material form or not;
• General (name, DOB)
• Sensitive (including health
information and genetic
information)
Personal information is not:
Any information which is anonymous or
which has been de-identified
no longer about an identifiable
individual or an individual who is
reasonably identifiable
Whether a person is ‘reasonably identifiable’ depends on the circumstances!
5. What is the legal framework
around Personal Information?
Personal Information & Legal Framework
FEDERAL LAWS STATE & TERRITORY LAWS OTHER SOURCES OF
PROTECTION
Privacy Act 1988
(incl 13 APPs)
PERSONAL INFORMATION HEALTH
INFORMATION
• Privacy Policy;
• Privacy Statement;
Consent Form;
• Contractual
arrangement.
ACT: Information Privacy
Act 2014;
NSW: Privacy and Personal
Information
Protection Act 1998;
NT: Information Act
2002;
QLD: Information Privacy
Act 2009;
SA: Information Privacy
Principles Instruction;
TAS: Personal Information
Protection Act 2004;
VIC: Privacy and Data
Protection Act 2014.
ACT: Health Records (Privacy
and Access) Act 1997;
NSW: Health Records and
Information Privacy Act
2002;
VIC: Health Records Act 2001.
Cth agencies χ χ
S/T agencies
(incl public
hospitals)
χ
Organisations χ
7. Guiding Principles – Collection
and UseManage personal information in an open and transparent way
Only collect health information if
it is reasonably necessary
Get the individual’s consent (unless
exception applies)
Voluntary
Informed
Current
Specific – including details on sharing data
with collaborators
Capacity
Respect the individuals’ rights
Right to know, to access, to correct and to
withdraw consent
Personal Information in the Context of Research
8. PRIOR TO SHARING ANY DATA:
• Is de-identification an
option?
•Do you have the right to share?
•On which legal conditions are you sharing?
Guiding Principles –
Disclosure
Personal Information in the Context of Research
“Generally” OK to share
NON-IDENTIFIABLE DATA
Does not enable identification of an
individual – identifiers permanently
removed
“Generally” OK to share
RE-IDENTIFIABLE DATA
A code is needed to link the
information to an individual
Prior informed consent
must be obtained
IDENTIFIABLE DATA
Data enables identification of an
individual
10. How to De-Identify Personal Information?
Is my data “de-
identified” enough?Relevant factors to consider:
• Cost of re-identification
• Difficulty of re-identification
• Practicality of re-identification
• Likelihood of re-identification
ANDS De-identification guide -
http://www.ands.org.au/__data/assets/pdf_file/0
If re-identification is
technically possible,
but doing so is highly
impractical with almost no
likelihood of it occurring,
the information would not
generally be regarded as
‘personal information’.
12. Understand your systems and information assets
• What? Why? Where? Who?
Implement adequate internal processes
• How?
Enter into an appropriate agreement
• Liability
• Warranties
• Compliance with Australian privacy
laws
• Security
• Data breach notification
Additional Legal Recommendations & Wrap Up