FAQ – Secure Island Data Repository

FAQ

……..

Why is SIDR able to receive and use my information?

SIDR is a research data repository, under the Health Information Act (PEI). This designation allows us to collect, use and disclose personal health information, which is available in administrative health data, for specific research purposes. We completed a Privacy Impact Assessment that was reviewed by the Privacy and Information Commissioner of PEI to ensure that it complies with the Health Information Act and we have established the required security and privacy safeguards to protect the data in our custody.

How does SIDR use my information?

As research data repository, we can use your information to:

conduct and facilitate research to describe and explain health care patterns and profiles of health and illness
assist in the evaluation or monitoring of health care service planning or the delivery of a government service, or

facilitate research between or among areas such as health care, justice, education, and social services

We will never use your information for marketing or other undisclosed purposes.

Where does SIDR get the information from?

The de-identified information we currently hold comes mainly from Health PEI. We may receive additional administrative data from other government departments, public bodies, or organizations.

How does SIDR protect my information?

We have put physical, technical, and administrative safeguards in place to protect the data within SIDR. Some examples include:

Physical safeguards

Access to our facility is restricted and monitored.
Researchers can only access data in-person. There is no remote access.

Technical safeguards

Our servers only transmit data to local workstations, and the data is encrypted while in transit.
There is no data connection with any other network or service.
Workstations are protected with unique passwords and anti-virus software.
We audit and monitor our systems regularly.

Administrative safeguards

We comply with various legal agreements, procedures and processes to collect, use, disclose and protect the data housed at SIDR.
Researchers who wish to access these data must go through a rigorous application process and must be approved prior to accessing the data.
Researchers and SIDR staff must receive privacy training prior to accessing the data.
We only grant data access for pre-determined roles and projects.

Can a researcher find out who I am or inadvertently publish my personal information?

No. SIDR only receives de-identified information. Before SIDR receives any personal information, all direct identifiers such as names, street addresses, and health card numbers are removed from the data.

After a research project is complete, SIDR staff check the research results thoroughly to ensure personal information cannot be re-identified. Results cannot be released outside of SIDR without being reviewed by SIDR staff.

Who can access my information? Does SIDR share my information with anyone?

Only SIDR staff and approved researchers can access the de-identified data we have about you. To access this information, researchers must go through a rigorous research application process and must obtain approvals from the UPEI Research Ethics Board, the PEI Research Ethics Board, the SIDR Data Release Committee, and the UPEI Office of Research Services. SIDR does not share your information with anyone else.

Can I get access to my information if I contact you?

No. We only collect data that has been de-identified. There are no names or other direct identifiers that we could use to identify you.

Can I voice a concern or make a complaint?

Yes. To raise a concern or make a complaint, please see the UPEI Access to Information and Privacy Office webpage for details about the UPEI privacy complaint form.