Abstract
Objective To describe the challenges the Canadian Primary Care Sentinel Surveillance Network (CPCSSN) experienced with institutional research ethics boards (IREBs) when seeking approvals across jurisdictions and to provide recommendations for overcoming challenges of ethical review for multisite and multijurisdictional surveillance and research.
Background The CPCSSN project collects and validates longitudinal primary care health information (relating to hypertension, diabetes, depression, chronic obstructive lung disease, and osteoarthritis) from electronic medical records across Canada. Privacy and data storage security policies and processes have been developed to protect participants’ privacy and confidentiality, and IREB approval is obtained in each participating jurisdiction. Inconsistent interpretation and application of privacy and ethical issues by IREBs delays and impedes research programs that could better inform us about chronic disease.
Results The CPCSSN project’s experience with gaining approval from IREBs highlights the difficulty of conducting pan-Canadian health surveillance and multicentre research. Inconsistent IREB approvals to waive explicit individual informed consent produced particular challenges for researchers.
Conclusion The CPCSSN experience highlights the need to develop a better process for researchers to obtain timely and consistent IREB approvals for multicentre surveillance and research. We suggest developing a specialized, national, centralized IREB responsible for approving multisite studies related to population health research.
The Canadian Primary Care Sentinel Surveillance Network (CPCSSN—pronounced sipsin) is a pan-Canadian primary care “network” of primary care research networks, consisting of family practices across 8 provinces (British Columbia, Alberta, Manitoba, Ontario, Quebec, New Brunswick, Nova Scotia, and Newfoundland), that use electronic medical records (EMRs). Through the EMRs, CPCSSN collects and validates longitudinal primary care health information relating to hypertension, diabetes, depression, chronic obstructive lung disease, and osteoarthritis.1
The main purpose of CPCSSN is to maintain the infrastructure to support the operations of a robust, longitudinal data repository, to demonstrate the ability to extract relevant data from multiple EMRs in multiple primary care practice sites, to create a primary care database for disease surveillance and research on chronic disease, and to generate real-time surveillance reports for government and other bodies about chronic disease in Canada.
Given the purpose of the CPCSSN project, we have developed specific privacy and data-storage security policies and processes, to protect participants’ privacy and confidentiality, and have received approval from institutional research ethics boards (IREBs) in each participating jurisdiction. We found that inconsistent interpretation and application of privacy and ethical issues by the individual IREBs delayed implementation of this project. In this paper we describe the IREB challenges we experienced when seeking approvals across jurisdictions and recommend addressing some of the challenges of ethical review for multisite and multijurisdictional surveillance and research.
BACKGROUND
Institutional research ethics boards
The IREBs approve and monitor safety, privacy, and confidentiality for research participants. In Canada the principles guiding the role of IREBs include the Tri-Council Policy Statement on research ethics (TCPS),2 good clinical practice guidelines,3 the Health Information Protection Act,4 La loi sur les services de santé et les services sociaux,5 La loi sur l’accès aux documents des organismes publics et sur la protection des renseignements personnels,6 the Personal Information Protection and Electronic Documents Act,7 and the Personal Health Information Protection Act.8 In addition to participant protection legislation, IREBs interpret complex federal, provincial, and local regulations, acts, and policies that govern their role, and IREBs also define how or when personal health information can be used for health surveillance and research.
These regulations have become increasingly complex, and IREBs’ workload has increased. This increase has resulted in difficulty recruiting and retaining appropriately qualified members, in securing adequate resources and staff, and in responding to investigators quickly.9–11 While important, these regulations, policies, acts, and guidelines (Figure 1) are nonspecific and produce substantial variations of interpretation by IREBs. These disparities create considerable challenges for researchers conducting health surveillance and research requiring participation at multiple sites.10 In the CPCSSN project, variation among IREBs demonstrated a lack of clarity about explicit informed consent for using pre-existing de-identified data for health surveillance and research.
Map of regionally applicable privacy acts across Canada
ATIPPA—Access to Information and Protection Privacy Act, FIPPA—Freedom of Information and Protection of Privacy Act, FOIP—Local Freedom of Information and Protection of Privacy Act, HIA—Health Information Act, HIPA—Health Information Protection Act, PHIA—Personal Health Information Act, PHIPA—Personal Health Information Protection Act, PIPA—Personal Information Protection Act, MFIPPA—Municipal Freedom of Information and Protection of Privacy Act.
*Quebec acts: Respecting the Protection of Personal Information in the Private Sector, Respecting Access to documents Held by Public Bodies and the Protection of Personal Information, la loi sur services de santé et services sociaux due Québec.
Consent
Consent recognizes the individual’s autonomy, protects the public from duress or fraud, and informs decision making by health professionals. Ideally, consent should be provided after patients are fully informed about what they are consenting to.12 Clinical research that involves interventions or collection of new information generally requires explicit and individual informed consent. However, for research collecting pre-existing de-identified data for health surveillance and population research, or for investigations that pose minimal risk, that offer no direct benefit or harm to patients, and in which validity requires a non-biased sample population,13 a waiver of explicit consent is recommended and is permissible once the IREB approves. The CPCSSN project uses the waiver of explicit patient consent because gaining individual consent would not be feasible (large geographic region) and because pre-existing de-identified aggregated data will be collected and analyzed. All primary care sentinel (PCS) practices display IREB-approved patient information to inform patients about the CPCSSN project and to explain that patients’ information will be included unless they request otherwise. All CPCSSN PCSs are themselves considered to be study participants because their demographic information is used for research purposes; hence explicit informed consent is obtained from each participating PCS.
Data collected
De-identified demographic information on participating PCS physicians is collected by CPCSSN, as is de-identified health information on their patient population as listed in Figure 2. Patients’ provincial health card numbers are not collected, and only the first 3 digits of their postal codes are collected as part of the database.
The CPCSSN data elements
CPCSSN—Canadian Primary Care Sentinel Surveillance Network, DIN—drug identification number, EMR—electronic medical record, FSA—forward sortation area, ID—identification, MD—medical degree.
Privacy and confidentiality
Privacy and confidentiality are critical components in any health surveillance system; ideally it should be impossible for any individual in the database to be identified. However, this limits the amount of information that can be collected, making it impossible to conduct validated health surveillance. There is always a tradeoff between utility and security, therefore, and a small risk of identification. Many protections relate to formal contractual obligations within the surveillance work force and the threat of legal prosecution in the event of breaches, rather than to technological barriers. In CPCSSN, investigators and custodians of patients’ data sign research agreements outlining their individual roles, the nature of the project, how and what data are being collected, and how individual privacy is protected in accordance with provincial health information legislation.14 Additionally, CPCSSN staff, consultants, and stakeholders sign confidentiality agreements, and the researcher extracting data from any EMR uses a unique user identification and password.
Data security, extraction, and transfer to a central data repository
Data (Figure 2) are de-identified at the PCS’s office or remotely using a secure, encrypted connection. De-identified data are sent by secure electronic transfer to a regional virtual server where each patient’s data are assigned a unique CPCSSN number, cleaned, put into a standard format, and further de-identified using advanced de-identification algorithms.14,15 These data are then transferred securely to the CPCSSN central server and are combined with data from other regional databases to create an aggregated national CPCSSN database. The central and regional servers are located in a secure centre housed at Queen’s University’s High Performance Computing Virtual Laboratory to ensure standardization of security practices.
The CPCSSN number is copied onto a “CPCSSN key” containing the patient’s residential postal code, date of birth, sex, provincial health number, and identity of the issuing province. This key resides in a secure location at the PCS’s office or on the local EMR server.
Challenges with IREB approval
Despite rigorous policies and procedures developed by CPCSSN, obtaining IREB approval from across participating provinces was challenging. Inclusion of approvals from other IREBs, as permitted by Article 1.2 of the TCPS,2 to assist IREB approval had mixed success. Table 1 provides an overview of the IREB submissions and approval timelines.
Institutional research ethics board approval timelines
It is possible to summarize these challenges as follows: clarification was frequently requested about specific data elements to be collected; about privacy, confidentiality, and security safeguards for data use and storage; about our justification for not using explicit consent; and about the level of specificity required for future linkage with other data sets. Another challenge was the effects of IREB caseloads and IREB meeting schedules, which affected approval timelines.
These challenges resulted from variations in IREB interpretations of applicable ethical and privacy guidelines, and are best illustrated by 2 networks from the same province, subject to the same Health Information Act and privacy laws. One network required far more interaction before IREB approval than the other did. For one of these networks, operational approval was required in addition to IREB approval, resulting in a repetition of ethical and privacy questions addressed through the IREB approval process. Operational approval resulted in a 6-month delay and limitations on types of data approved for collection. Approval to collect all required data elements was obtained 12 months after initial IREB submission. In contrast, the other network in the same province received full IREB approval without limitations within 3 months of initial IREB submission.
In another province initial IREB approval took approximately 8 months and was granted on the condition that individual patient consent was obtained. This resulted in a biased local sample data set not sufficiently representative for the purpose of health surveillance research. After clarifications over an additional 4 months, approval to waive explicit patient consent was provided; however, linkage to other data sets was prohibited.
The delays associated with IREBs’ approval can in most cases be attributed to IREBs’ desire to be diligent in performing their role. However, in many cases the delay is a direct result of the ever increasing burden that IREBs face trying to interpret complex sets of provincial and federal guidelines written with the aim of protecting patients who participate in clinical research. These guidelines rarely make it clear how these rules should apply in case of public health surveillance.
DISCUSSION
The experiences CPCSSN had with IREB approval highlight the difficulty of conducting pan-Canadian health surveillance and multicentre research. A multitude of laws and local policies affecting ethics, privacy, and confidentiality means that IREBs are challenged to interpret complex guidelines and to determine how these guidelines relate to the use of pre-existing de-identified aggregated data for the purpose of health surveillance and research. Investigators face substantial challenges16,17 in obtaining consistent IREB approvals particularly when a waiver of explicit individual informed consent is needed to minimize sample bias.13,18
A lack of clarity in guidelines impedes advances in Canadian public health surveillance and research seeking to improve our understanding of health determinants and chronic disease management. Seeking approval from a multitude of IREBs produces inconsistent regional requirements (which undermines the reputation of IREBs) and serious delays (which are magnified when operational approvals are also required).
The problem with obtaining timely, consistent IREB approval is not unique to Canada or to public health surveillance. In Ontario the Ontario Cancer Research Ethics Board (OCREB) was launched specifically to address the issue of regional research ethics boards review delays and inconsistent reviews for multicentre oncology clinical trials. The OCREB’s specialization and centralization allows it to serve as the research ethics board for multiple institutions and reduces duplication during the submission and ongoing monitoring phases.9 The process is facilitated by appointing one lead primary investigator; all other institutions’ investigators are listed as co-investigators for review by OCREB. Similarly, the US National Cancer Institute established the Centralized Institutional Review Board, which provides an expert national IREB review before protocols are distributed locally, allowing local IREBs to approve the protocols rapidly using an expedited and facilitated review process.19 This approach is mirrored in Australia, where National Health and Medical Research endorsed a national system whereby the single ethical review of a Human Research Ethics Committee would be recognized by all institutions participating in a collaborative research project.20
In the United Kingdom 2 approaches have been tested to better facilitate multicentre research21,22: research ethics committees and a central office of research ethics (now the National Research Ethics Service). In 1997, 13 multicentre research ethics committees (MRECs) were created to reduce delays and burdens placed on local research ethics committees (LRECs). The larger MRECs review multicentre projects that involve participation over 5 or more geographic boundaries. If projects are approved, the LRECs are encouraged to expedite their own review procedures and defer to the MREC decision.23 In 2000, the Department of Health established a Central Office of Research Ethics Committees (COREC) to implement, develop, maintain, standardize, and oversee MREC and LREC operating procedures throughout the United Kingdom. The COREC members work closely with colleagues in Scotland, Wales, and Northern Ireland, and their mandate is strongly focused on the process of ethical review. In 2007, COREC became the National Research Ethics Service, part of the National Patient Safety Agency.
This trend toward establishing ethics review agencies for multicentre research is also reflected in Canada. In the second edition of the TCPS, chapter 8 explicitly discusses potential arrangements for streamlining the review of multicentre research proposals without compromising ethical rigour.24
Other solutions relate to increasing familiarity with EMRs. The slow standardization of EMR databases in Canada through the natural disappearance of unsuccessful systems could create opportunities for automated extraction of de-identified data into a central database or for automated queries and reporting on the data without extraction of data (a federated database model). The development of a prescribed entity within the terms of federal data protection legislation, and with a specific remit to hold and manage data derived from the national EMR-based primary care sentinel surveillance system (ie, CPCSSN), would help ensure transparent and consistent “rules” of data protection leading to greater consistency and efficiency in applications to multicentre health surveillance. This would in turn lead to harmonization of national regulatory frameworks about what one can and cannot do for surveillance purposes through explicit, frequently updated, guidance on those issues.
Conclusion
Adoption of EMRs has compounded the need for greater clarity on data protection laws, as it is easier to conduct health surveillance and clinical research over a larger geographic region with multicentre participation. For multicentre projects it is important to create clear IREB guidelines. For health surveillance and population health research, the acceptability of waiving explicit informed consent needs to be better understood. Clarification of roles and responsibilities, so that ethics and privacy issues addressed by IREBs are not revisited at the operational approval level, would assist in avoiding unnecessary delays.
The CPCSSN experience further highlights a need for Canada to develop a better process for researchers to obtain timely and consistent IREB approvals for multicentre research. We suggest developing a specialized, national, centralized IREB responsible for the approval of multisite studies related to population health research, similar to the OCREB model. This could provide more timely and consistent approvals and reduce costs associated with local IREB approval for similar studies, and better preserve the integrity of the ethics approval process.22,23,25
Our EMRs provide a rich source of health information for the purpose of research and health care improvement. However, researchers and IREBs are not yet able to apply current privacy and confidentiality policies on the use of EMR data to ensure that security measures implemented meet the required standard. The development of security measure guidelines for the use of EMR health information would be beneficial to both researchers and IREBs.
Acknowledgments
Funding for this project is from the Public Health Agency of Canada under a contribution agreement (#6271 to 15-2007/3970697) with the College of Family Physicians of Canada. The views expressed herein do not necessarily represent the views of the Public Health Agency of Canada. We acknowledge the contributions of other members of the Canadian Primary Care Sentinel Surveillance Network: Dr Moria Stewart, Dr Alan Katz, Ken Martin, and Brian Frost. We also acknowledge Patricia Sullivan-Taylor, Gregory Webster, and Shaheena Mukhi from the Canadian Institute for Health Information, as well as Research Associates Jane Yealland and Susan Hannah from Queen’s University.
Notes
EDITOR’S KEY POINTS
-
Adoption of electronic medical records has made it easier to conduct health surveillance and clinical research over a larger geographic region with multicentre participation. However, we need to develop a better process for researchers to obtain timely and consistent institutional research ethics board (IREB) approvals for multicentre surveillance and research.
-
Clarification of roles and responsibilities, so that ethics and privacy issues addressed by IREBs are not revisited at the operational approval level, would prevent unnecessary delays.
-
The authors suggest developing a specialized, national, centralized IREB responsible for the approval of multisite studies related to population health research, similar to the Ontario Cancer Research Ethics Board model.
-
A specialized IREB could provide more timely and consistent approvals, reduce costs associated with local IREB approval for similar studies, and better preserve the integrity of the ethics approval process.
POINTS DE REPÈRE DU RÉDACTEUR
-
L’adoption des dossiers médicaux électroniques a fait en sorte qu’il est plus facile d’effectuer de la surveillance de la santé et des recherches cliniques sur une région géographique plus étendue avec participation multicentrique. Dans les cas de surveillance et de recherche multicentriques, toutefois, il est nécessaire de mettre au point un meilleur processus pour permettre aux chercheurs d’obtenir des approbations régulières et en temps opportun de la part des bureaux institutionnels d’éthique en recherche (BIÉR).
-
Une clarification des rôles et responsabilités faisant en sorte que les questions d’éthique et de confidentialité dont s’occupent les BIÉR ne soient pas remises en question au moment de l’approbation opérationnelle pourrait prévenir des délais inutiles.
-
Les auteurs suggèrent de créer un BIÉR national centralisé, spécialisé, responsable d’approuver les études multicentriques sur la santé de la population, en prenant pour modèle le Bureau d’éthique pour la recherche en cancer de l’Ontario.
-
Un BIÉR spécialisé pourrait accorder des approbations plus rapidement et de façon plus constante, et réduire les coûts occasionnés par l’approbation des mêmes études par les BIÉR locaux tout en préservant l’intégrité du processus d’approbation éthique.
Footnotes
-
This article has been peer reviewed.
-
Cet article a fait l’objet d’une révision par des pairs.
-
Contributors
All authors contributed to the concept and design of the program; to data gathering, analysis, and interpretation; and to preparing the manuscript for submission.
-
Competing interests
None declared
- Copyright© the College of Family Physicians of Canada