Résumés
Abstract
The Data Privacy Assessment Tool for Health (D-PATH) is a proof-of-concept online tool designed to help users intending to share biomedical data identify applicable legal obligations and relevant best practices. D-PATH provides a series of simple questions to assess important aspects of the data sharing task, such as the user’s legal jurisdiction and the types of entities involved. Based on the combination of answers that the user provides, D-PATH will generate a list of privacy obligations and security-best practices, categorized into themes of 1) accountability, 2) lawfulness of storage, transfer, and protection, and 3) security and safeguards that will likely apply in the user’s scenario. Currently, the D-PATH focuses on Canadian and European privacy laws and various global best-practice policies, but there are plans to extend this in later iterations of the tool. D-PATH was developed specifically to inform users about their legal privacy obligations and best practices and was written to facilitate compliant and ethical data sharing. As a proof-of-concept, D-PATH demonstrates the potential value of a tool in simplifying and translating complex concepts into more accessible formats. Such a tool can be adapted and valuable in many different contexts, such as training core researchers in data sharing laws and practices.
Résumé
L’outil d’évaluation de la confidentialité des données dans le domaine de la santé (D- PATH) est un outil de preuve de concept en ligne conçu pour aider les utilisateurs, ayant l’intention de partager des données biomédicales, à identifier les obligations juridiques applicables et les meilleures pratiques pertinentes. D-PATH propose une série de questions simples afin d’évaluer les aspects importants du partage de données, comme la juridiction de l’utilisateur et les types d’entités concernées. En fonction de la combinaison de réponses fournies par l’utilisateur, D-PATH génère une liste d’obligations relatives à la protection de la vie privée et de pratiques exemplaires en matière de sécurité, classées selon les thèmes suivants : 1) responsabilité, 2) légalité du stockage, du transfert et de la protection, et 3) sécurités et mesures de protection qui s’appliqueront vraisemblablement au cas de l’utilisateur. Présentement, D-PATH se concentre sur les lois canadiennes et européennes en matière de protection de la vie privée, ainsi que sur diverses politiques mondiales de pratiques exemplaires, mais il est prévu d’étendre sa zone d’application dans les versions ultérieures de l’outil. D-PATH a été rédigé pour faciliter un partage des données conforme aux normes juridiques, éthiques et aux pratiques exemplaires. En tant que preuve de concept, D- PATH démontre la valeur potentielle d’un outil pour simplifier des recherches complexes dans des formats plus accessibles. Un tel outil peut être utilisé dans de nombreux contextes, incluant celui de la formation des chercheurs aux lois et pratiques exemplaires du domaine du partage des données.
Veuillez télécharger l’article en PDF pour le lire.
Télécharger
Parties annexes
Acknowledgements
We would like to acknowledge and express our gratitude to Genome Canada, Genome Quebec, the Canadian Foundation for Innovation, Calcul Québec, Compute Canada and the International Human Epigenomic Consortium for funding and supporting our research.
Bibliography
- ThePersonalInformationProtectionandElectronicDocumentsAct(PIPEDA), SC 200 c 5 2000.
- Leonelli, Sabina, Data-Centric Biology (University of Chicago Press, 2016).
- Beauvais, Michael J S & Bartha Maria Knoppers, “Coming Out to Play: Privacy, Data Protection, Children’s Health, and COVID-19 Research” (2021) 12 Front Genet 524, online: https://www.frontiersin.org/article/10.3389/fgene.2021.659027.
- Becker, Regina et al., “DAISY: A Data Information System for accountability under the General Data Protection Regulation” (2019) 8:12 Gigascience, online: https://academic.oup.com/gigascience/article/8/12/giz140/5652251.
- Ben-Eghan, Chief et al., “Don’t ignore genetic data from minority populations” (2020) 585:7824 Nature 184–186, online: http://www.nature.com/articles/d41586-020-02547-3.
- Bernier, Alexander & Bartha Maria Knoppers, “Pandemics, privacy, and public health research” (2020) 111:4 Can J Public Health 454–457, online: https://doi.org/10.17269/s41997-020-00368-5.
- Chawinga, Winner Dominic & Sandy Zinn, “Global perspectives of research data sharing: A systematic literature review” (2019) 41:2 Libr Inf Sci Res 109–122, online: http://www.sciencedirect.com/science/article/pii/S074081881830330X.
- European Parliament, “Regulation (E.U.) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation)” (2016) O.J. 2016 L 119/1, online: https://gdpr-info.eu/.
- Granados Moreno, Palmira, Yann Joly & Dylan Roskams-Edris, “Could Open Be the Yellow Brick Road to Innovation in Genomics in North America?” (2020) 13:1 McGill J Law Health 119–180, online: https://mjlh.mcgill.ca/publications/volume-13-issue-1-131-2019/could-open-be-the-yellow-brick-road-to-innovation-in-genomics-in-north-america/.
- Gurdasani, Deepti et al., “Genomics of disease risk in globally diverse populations” (2019) 20:9 Nat Rev Genet 520–535, online: https://www.nature.com/articles/s41576-019-0144-0.
- Harris, Theresa L & Jessica M Wyndham, “Data Rights and Responsibilities: A Human Rights Perspective on Data Sharing” (2015) 10:3 J Empir Res Hum Res Ethics 334– 337.
- Hulsen, Tim, “Sharing Is Caring—Data Sharing Initiatives in Healthcare” (2020) 17:9 Int J Environ Res Public Health, online: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7246891/.
- Joly, Yann et al., “Are Data Sharing and Privacy Protection Mutually Exclusive?” (2016) 167:5 Cell 1150–1154.
- Joly, Yann et al., “Data Sharing in the Post-Genomic World: The Experience of the International Cancer Genome Consortium (ICGC) Data Access Compliance Office (DACO)” (2012) 8:7 PLOS Computational Biology e1002549.
- Kalaitzopoulos, Dimitris, Ketan Patel & Erfan Younesi, “Advancements in Data Management and Data Mining Approaches” in Aamir Shahzad, ed, Translational Medicine Tools and Techniques (Academic Press, 2016) 36.
- Kaye, Jane, “The Tension Between Data Sharing and the Protection of Privacy in Genomics Research” (2012) 13:1 Annu Rev Genom Hum Genet 415–431, online: https://www.annualreviews.org/doi/10.1146/annurev-genom-082410-101454.
- Knoppers, Bartha M. et al., “A human rights approach to an international code of conduct for genomic and clinical data sharing” (2014) 133:7 Hum Genet 895–903.
- Knoppers, Bartha Maria & Michael J S Beauvais, “Three decades of genetic privacy: a metaphoric journey” (2021) 30:R2 Hum Mol Genet R156–R160, online: https://doi.org/10.1093/hmg/ddab164.
- LeBel, Etienne P, Lorne Campbell & Timothy J Loving, “Benefits of open and high- powered research outweigh costs” (2017) 113:2 J Pers Soc Psychol 230–243.
- Levenstein, Margaret C & Jared A Lyle, “Data: Sharing Is Caring” (2018) 1:1 Adv Meth Pract Psychol Sci 95–103, online: https://doi.org/10.1177/2515245918758319.
- Mecredy, Graham, Roseanne Sutherland & Carmen Jones, “First Nations Data Governance, Privacy, and the Importance of the OCAP® principles” (2018) 3:4 International Journal of Population Data Science, online: https://ijpds.org/article/view/911.
- Middleton, Anna et al., “Global Public Perceptions of Genomic Data Sharing: What Shapes the Willingness to Donate DNA and Health Data?” (2020) 107:4 Am J Hum Genet 743–752, online: http://www.sciencedirect.com science article piiS0002929720302925.
- Pergl, Robert et al. “‘Data Stewardship Wizard’: A Tool Bringing Together Researchers, Data Stewards, and Data Experts around Data Management Planning” (2019) 18:1 Data Sci J 59, online: http://datascience.codata.org/articles/10.5334/dsj-2019-059/.
- Salvagno, Michele, Fabio Silvio Taccone & Alberto Giovanni Gerli, “Can artificial intelligence help for scientific writing?” (2023) 27:1 Critical Care 75.
- Saulnier, Katie M et al., “Benefits and barriers in the design of harmonized access agreements for international data sharing” (2019) 6:1 Sci Data 297.
- Stark, Zornitza et al., “Integrating Genomics into Healthcare: A Global Responsibility” (2019) 104:1 Am J Hum Genet 13–20, online: http://www.sciencedirect.com/science/article/pii/S0002929718304221.
- Trinidad, M Grace, Jodyn Platt & Sharon L R Kardia, “The public’s comfort with sharing health data with third-party commercial companies” (2020) 7:1 Humanit Soc Sci Commun 1–10.
- Alder, Steve, “What Are Covered Entities Under HIPAA?”, (18 October 2020), online: HIPAA Journal https://www.hipaajournal.com/covered-entities-under-hipaa/.
- Bourque, Guillaume & Yann Joly, Epigenomics Secure Data Sharing Platform for Integrative Analysis (EpiShare). Submitted to the 2017 Bioinformatics and Computational Biology Competition of Genome Canada (2017 Bioinformatics and Computational Biology Competition of Genome Canada, 2017).
- Bujold, David et al., EpiShare: an open platform to securely share epigenomic data (2020).
- Canada, Office of the Privacy Commissioner of, “PIPEDA Findings #2020-004: Joint investigation of the Cadillac Fairview Corporation Limited by the Privacy Commissioner of Canada, the Information and Privacy Commissioner of Alberta, and the Information and Privacy Commissioner for British Columbia paras 113-125”, (29 October 2020), online: https://www.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2020/pipeda-2020-004/.
- CIHR, NSERCC, & SSHRC, “Tri-Council Policy Statement. Ethical Conduct for Research Involving Humans”, (2018), online: https://ethics.gc.ca/eng/documents/tcps2-2018-en-interactive-final.pdf.
- CMSgov, “Covered Entity Guidance Tool”, (2020), online: Centers for Medicare & Medicaid Services https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/Downloads/CoveredEntitiesChart20160617.pdf?fbclid=IwAR02qYceeKBeIU-G_XfEXmq5NLQGg2MXKrzeK5McXQYuRmerZrjbK2EqJi8.
- DSW, “Data Stewardship Wizard”, (13 December 2020), online: https://ds-wizard.org/about.html.
- EpiShare, “EpiShare - About”, (2019), online: EpiShare https://epishare-project.org/about.html.
- European Commission, “European Economic Area (EEA)”, (10 August 2021), online: https://ec.europa.eu/eurostat/statistics-explained/index.php?title=Glossary:European_Economic_Area_(EEA).
- Fidler, Fiona & John Wilcox, “Reproducibility of Scientific Results” in Edward N Zalta, ed, The Stanford Encyclopedia of Philosophy, winter 2018 ed (Metaphysics Research Lab, Stanford University, 2018).
- FNIGC, “OCAP Education and Training”, online: The First Nations Information Governance Centre https://fnigc.ca/what-we-do/education-and-training/.
- GA4GH, “Framework for Responsible Sharing of Genomic and Health-Related Data”, (9 December 2014), online: https://www.ga4gh.org/genomic-data-toolkit/regulatory-ethics-toolkit/framework-for-responsible-sharing-of-genomic-and-health-related-data/.
- GA4GH, “Global Alliance for Genomics and Health: Data Privacy and Security Policy”, (August 2019), online: https://www.ga4gh.org/wp-content/uploads/GA4GH-Data-Privacy-and-Security-Policy_FINAL-August-2019_wPolicyVersions.pdf.
- GNU, “Various Licenses and Comments about them. GNU Operating System”, (May 2020), online: GNU org https://www.gnu.org/licenses/license-list.en.html.
- Health Canada, Health, “Privacy: a fundamental right in Canada”, (8 December 2006), online: https://www.canada.ca/en/health-canada/services/environmental-workplace-health/reports-publications/occupational-health-safety/privacy-fundamental-right-canada-national-dosimetry-services.html.
- McFarland, Michael, “Why We Care about Privacy”, (1 June 2012), online: Markkula Center for Applied Ethics Santa Clara University https://www.scu.edu/ethics/focus-areas/internet-ethics/resources/why-we-care-about-privacy/.
- National Cancer Institute, “Epigenomics and Epigenetics Research”, (24 July 2020), online: National Cancer Institute National Institutes of Health https://epi.grants.cancer.gov/epigen/.
- Office of the Privacy Commissioner of Canada, “Summary of privacy laws in Canada”, (January 2018), online: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/02_05_d_15/.
- OHSU, “Health Insurance Portability and Accountability Act (HIPAA)”, (2020), online: Oregon Health and Science University https://www.ohsu.edu/information-technology/health-insurance-portability-and-accountability-act-hippa.