Under current oversight regimes, the REB is the often only institutional gatekeeper providing oversight of research projects. While their primary mandate is to deal with ethics issues, they often have to deal with privacy issues. For example, the primary issues with many protocols that involve the secondary analysis of data are related to privacy.
The answer to the above question is no, and there are two reasons for that:
- In practice, many REBs do not have privacy experts. it is not a requirement to have a privacy expert on the board. And even if there is a privacy expert on the board, identifiability issues are a sub-discipline within privacy. For example, a privacy lawyer on the board may be able to address questions around legislation and agreements, but may not have the technical expertise to deal with questions about identifiability of the data.
- The process of deciding whether a particular data set is identifiable, and resolving any re-identification risk concerns is iterative. An investigator may easily agree to have dates of birth converted to age or to have admission & discharge dates converted to length of stay if these were raised as presenting unacceptable re-identification risk. But at the same time the investigator may not be too happy with suppressing some records in the data set. This process of deciding on the trade-offs to convert an original data set to a de-identified data set that is still useful for the planned research requires negotiations with the investigator. The REB process and workflow is not well equipped for these types of iterative interactions (or if these interactions are attempted they can be very slow and consequently frustrating).
Therefore, an alternative approach that tends to work better in practice is for the re-identification risk assessment to be done prior to submitting a protocol to the REB. An expert on re-identrification works with the investigator to decide how to manage the risk of re-identification through security controls and de-identification. This process would be quite interactive and iterative. For this to work there must be an individual expert assigned to the investigator rather than a committee which reviews data requests at, say, monthly meetings. The expert may be assigned to work with multiple investigators at the same time, but it is always one expert per protocol. Once the expert and the investigator have agreed on how to de-identify the data, a standard risk assessment report is produced. An example of one is shown here. This report is then sent to the REB.
When the REB receives the risk assessment report, the report indicates to them how the re-identification risk has been managed. This issue would then be considered dealt with and the REB can move on to any other issues with the protocol. By moving the re-identification risk assessment outside the REB, it ensures that this is done thoroughly by an expert and that the final outcome on this issue is satisfactory for the REB and the investigator.
The REB still has accountability for the decision, but essentially delegates the analysis to an expert on de-identification who does the assessment and negotiation with the investigator. The REB also defines acceptability criteria. For example, the REB may say that the probability of re-identification must be below 0.2 for data that will be provided to researchers within Canada and 0.1 for researchers in other countries. The expert would then use these as parameters for the assessment and negotiation with the investigator. The REB may stipulate other conditions, such as the requirement for the investigator to sign a data sharing agreement. The expert ensures that these conditions are met before the protocol is submitted to the REB.
The
author(s) retain all copyright to this knowledgebase article. Please
include a citation to the web page if you reuse this material. More information is available at our lab web site: http://www.ehealthinformation.ca/.
Categories