Privacy, Ethical Review, System Security and Database Management Policy
Statement...
It is CORI’s policy to control the collection, use, and disclosure of personal
information in accordance with requirements set out in the Freedom of
Information and Protection of Privacy Act of Alberta and other relevant
provinces, as well as, the Personal Information Protection and Electronic
Documents Act of Canada. In the case that CORI must comply to new legislation
or additional legislation from other jurisdictions, CORI will make a commitment
to do so in a timely manner, as is reasonably possible. The Board of CORI
reserves the right to make changes to these policies in the cases where CORI
needs to improve adherence to legislation, adhere to new legislation, or to
provide quality service.
Part A: CORI Privacy Policy Statement
Part B: Ethical Review Policy
Part C: System Security & Database
Management Policy
Part A: CORI Privacy Policy Statement
1. Accountability
The CORI is responsible for personal information under its control and
designates the Executive Director to be accountable for the CORI's compliance
with the Acts.
2. Identifying Purposes
The purposes for which personal information is collected shall be identified by
the CORI at or before the time the information is collected.
3. Consent
The knowledge and consent of agency directors and individuals are required for
the collection, use, or disclosure of personal information.
4. Limiting Collection
The collection of personal information shall be limited to that which is
necessary for the purposes identified by the agency for case management,
outcome management, and administrative data collection that would normally
occur in the day-to-day work of agency personnel. CORI will not demand any
additional data collection for any research, best practice, or other evaluation
projects. All associate agencies have the right to decline involvement in
collection of data for evaluation of CORI service’s.
5. Limiting Use, Disclosure and Retention
Personal information shall not be used or disclosed for purposes other than
those for which it was collected, except with the consent of the individual or
as permitted by law. Personal information shall be retained only as long as
necessary for the fulfillment of those purposes or where stated by law. CORI
will not use, disclose, or retain information for corporate interest. In the
case that CORI uses information to investigate best practices of services
within specific client or community problem and need areas, only aggregated
data will be reported. All analyses of such data must comply to the policies
and procedures of the CORI Ethics Procedures and Policies (based upon the
“Tri-Council Policy Statement for Ethical Research with Humans”).
6. Accuracy
Agency personnel are responsible to be as accurate, complete, and up-to-date as
is possible and necessary. CORI will not edit any agency information unless
directed to do so by the agency user.
7. Safeguards
CORI will protect Personal information using security safeguards such as
encryption coding, firewalls, hierarchical security login models, and other
technology where appropriate to protect the confidentiality of information.
8. Openness
The CORI shall make readily available to individuals specific information about
its policies and practices relating to the management of personal information.
9. Individual Access
Upon request, an individual shall be informed of the existence, use, and
disclosure of his or her personal information and shall be given access to that
information. An individual shall be able to challenge the accuracy and
completeness of the information and have it amended as appropriate. In the case
that clients request such information, the agency collecting data will be
informed and a joint agency. Client, and CORI meeting can be established to
fully disclose any personal information available on the CORI system.
10. Challenging Compliance
An individual may challenge compliance with the above principles to the
Executive Director of CORI or individuals accountable for the CORI's
compliance.
11. CORI Responsibility
Compliance. All CORI employees, who collect, maintain and/or use
personal information, are responsible for insuring that the collection, use and
disclosure of this information is carried out in accordance with this policy
and relevant procedures.
Noncompliance. CORI employee noncompliance to the above policies or CORI
Ethical Procedures may result in the employees termination.
Accountability. The Executive Director is accountable for the CORI's
policies and practices, management of the CORI System, and is the individual to
whom complaints and inquiries can be forwarded.
Part B: Ethical Review Policy
Introduction...
Prior to developing an application for ethic review, all investigators should
become familiar with the CORI policy statements. Familiarization with the
ethics review process and the parameters for conducting research will ensure
that the process proceeds as smoothly as possible. The CORI has adopted the
Tri-Council Policy statement on Ethical Conduct for Research Involving Humans
to develop its policy statements, ethics review procedures, and to act as the
basis for ethical decision-making (a copy can be accessed through:
http://www.nserc.ca/programs/ethics/english/policy.htm
).
Investigators must familiarize themselves with this document. Most requests to
use CORI data for any research or evaluation must go through the Ethics Review
Process prior to any data analyses. However, some exceptions do apply. For
example, evaluation of a single agency and its programs with the informed
consent of the agency, or when requested by the agency does not require an
ethics review using the CORI Review Process. The ethics review also does not
need to occur when more than one agency wishes to produce a joint evaluation of
services. In such instances, all agencies must consent to evaluation and submit
their own data sets to the evaluator.
Review Process
In all instances where evaluation or research is planned using multiple
agency data and the analyses require complied data using the CORI database,
then an ethics review is required.
In these cases, all applications to use CORI data for any research or
evaluation must go through the Ethics Review Process prior to any data analyses
(see the Ethics Committee Review Flow Chart and the CORI Ethics Review
Application Form Introduction for specific procedures).
Purpose of Review
The purpose of the Ethics Review is to ensure that all research and
evaluation using CORI data meet basic criteria for best practice research. It
also ensures that both client and agency confidentiality and anonymity are
protected and that there is a maximum of benefit to clients, agencies, regions,
and the community while minimizing harm.
Review Committee Meetings
The ethics Review Committee or Research Ethics Board (REB) will meet 30
days or more after an application is forwarded to the CORI and one week or more
after all members receive the application proposal.
Committee Meeting Costs
All costs that are related to ethics committee meetings are the responsibility
of the investigator that submits the proposal and/or his or her sponsoring
organization.
Client Consent
Each Agency using the CORI or HOMES system must create its own consent form
indicating that the client, as a part of service with the agency, consents to
having information stored and retained by the Hull Outcome Monitoring and
Evaluation System (HOMES). The agency will inform the client that stored
information is for the purposes of project and service case management and for
evaluation of the effectiveness of the services the client will receive. CORI
data is collected with the intent to determine the best practices within
specific service areas or to assist human service professionals to better
address specific client-related problems. In all cases, research or evaluation
proposals must fit within this stated purpose.
In the case that a proposal requests that additional research or evaluation be
completed with client sets, then agencies must approve such requests prior to
submission, and all clients and/or guardians must sign an additional consent
form stating the purpose of the research or evaluation. In addition, relevant
regional authorities must be contacted and prior approval be given within each
region to consent to the proposed research or evaluation.
Releases of Data
All releases of data must be for case management, program management or
program evaluation. Agency Executive Directors may release data from their own
data sets for their own case management, program management or program
evaluation purposes.
-
The ethics committee is convinced that the basis of the research or evaluation
is to determine the best practices within a specific service area or to assist
human service professionals to address specific client-related problems.
-
The ethics committee is convinced that the investigator can give assurances
that the released analyses will not be used for purposes other than to advance
knowledge regarding best practices within specific service areas or to assist
human service professionals to address specific client-related problems.
-
The ethics committee is convinced that the risks associated to the proposal are
clearly outlined and justified.
-
The ethics committee is convinced that the benefits to the clients, agencies,
community, and/or regions are great enough to out weight any inherent risks in
the proposal.
-
The analyses of data will be conducted at the CORI site.
-
The results of the data are compiled to ensure client and agency anonymity.
-
Only data analyses results are submitted to external researchers, not raw data.
Analyses Guidelines
All analyses will only occur after the Ethics Review Process has been conducted
and the review process ends with approval and consent of the analyses. Only the
data from regions that consent to the analyses will be used in the actual
analyses. The following guidelines must all be met in the analyses:
-
The basis of the research or evaluation is to determine the best practices
within specific service areas or to assist human service professionals to
better address specific client-related problems.
-
Assurances be given that the released analyses will not be used for purposes
other than to advance knowledge regarding best practices within specific
service areas or to assist human service professionals to better address
specific client-related problems.
-
The proposal states that data analyses do not require identification of any
clients.
-
The proposal states that data analyses do not require identification of any
agencies.
-
The proposal states that data analyses do not require identification of any
projects.
-
The data analyses uses sample sizes greater than 30.
-
The requested data analyses use samples from greater than 3 projects in each
identified sector area.
-
The requested data analyses do not require a file transfer of any unaggregated
CORI data to an external site.
-
The researcher shall provide a copy of all reports generated using CORI data.
-
The CORI and the CORI HOMES system shall be acknowledged on all reports.
Decision-Making Criteria and Key Questions:
The ethics Review Committee or Research Ethics Board (REB) and will use the
Tri-Council Policy Statement on the Ethical Conduct for Research Involving Human
Research as the guiding document for ethical processes and decision
making.
The REB may decide it’s own decision making criteria based on specific
proposals. However, such criteria must be rooted in the principles found within
the Ethical Conduct for Research Involving Human Research. Some examples
of additional criteria might include specific client issues, academic
responsibilities, or legal considerations (see the Ethical Conduct for Research
Involving Human Research for details).
Proposals must demonstrate that minimal risk to clients, project/programs,
agencies, communities, and regions would be created if the research or
evaluation proposal were conducted. Other criteria should include practical
considerations concerning the CORI and its data. With this in mind key
questions have been developed to ensure that proposals are critically examined.
Although the REB is not limited to these questions, some key questions REB
members will be asked include:
-
Are you convinced that the basis of the research or evaluation is to determine
the best practices within a specific service area or to assist human service
professionals to address specific client-related problems?
-
Can assurances be given that this proposal will not be used for purposes other
than to advance knowledge regarding best practices within specific service
areas or to assist human service professionals to address specific
client-related problems?
-
Are the risks associated to the proposal clearly outlined and justified?
-
Are you convinced that the benefits of the research and/or are great enough to
out weight any minimal risks in the proposal?
Such key questions are hoped to ensure that the proposal is critically examined
to ensure minimal risk to clients, agencies, communities, and/or regions.
Conflicts of Interest
Applicants will disclose any actual, perceived or potential conflicts of
interest to the REB prior to the review of proposals.
Part C: System Security & Database Management
Policy
Systems Developer Qualifications
The Canadian Outcomes Research Institute will only hire or contract with
systems developers with a diploma or degree in a computer related field with
training and/or experience in Internet architecture and development, and web
page design using HTML, SQL, ASP, VB, JAVA, and JAVA Script computer languages.
CORI will retain at least one full-time systems developer with security and
database management as his or her major duties.
Security Awareness Training
All HOMES system developers must attend training sessions to become aware
of the security risks and responsibilities for use of the HOMES. This includes
the use of computer and database security ID’s and passwords, limits to this
security model, the nature of the data contained within the HOMES, and a
requirement to seek informed consent from clients. They are trained not to
disclose or alter any information contained within the agency site database,
not to disclose configuration of the hardware, not to disclose software or web
page code for the HOMES system that may compromise security, and trained not to
provide registration of users except when approved the Executive Director of
CORI.
Database Backup Policy
The HOMES system and database is stored on multiple computers (server) and
backed up daily on tapes. A rotating back-up cycle is used such that 5 tapes
are rotated through a back-up cycle each week. In addition, four additional
tapes back-up one day each week on a four-week rotating cycle. Two additional
tapes are used to back-up data on a two week rotating cycle within each month
(monthly tapes). The most recent completed back-up tapes are removed from the
CORI site each day.
Continuity Planning, Disaster Recovery
The servers that contain the HOMES software and database must use hardware that
mirrors the memory of the hard drive on alternate hard drives. This is to
ensure that if one hard drive becomes damaged, then an alternate hard drive can
be used as a backup. Backup tapes must be stored in a separate location and
rotated among many tapes so that many backups provide assurance that data is
not only difficult to loose, but also if it is lost a backup copy exists to
ensure minimal loss of data entry. The monthly back-up tape must be stored in a
separate location away from CORI at the fiscal agency’s site.
Location and Distribution of Information, Physical Security
The Internet server is located in CORI’s office in Calgary. The office must be
locked and protected by an alarm system. The alarm system requires a personal
ID to activate and deactivate. Default activation occurs after the office is
vacated after a set period of time, no more than one minute. The back up tape
location for monthly back-ups is at the main office of CORI’s fiscal agent.
These tapes must be stored in a lock and alarmed location at the fiscal agent.
HOMES Security and System Design
Security and User Authentication. Access to the server occurs using a
firewall, Secure Sockets Layer technology, encryption coding using a VerisignÔ
Certificate, Active Server Page technology, Agency User ID and Passwords, and
specific Personal User Authentication ID’s and passwords. Access to all data on
the HOMES system must use all of these security features. In addition, database
tables are not directly read so that knowledge about the construction of the
database itself is not released to individuals or organizations external to
CORI.
Table Structure and Security. One table each is used to store
identifying information on clients and staff. All other data is stored in
reference tables and data record tables in a coded from. The database stores
information related to clients and staff in coded characters and numerals so
that merely reading a table without relating it to other specific tables makes
reading a table a meaningless collection of numbers and characters.
Access. Agencies must have access to their data sets 24 hours per day,
each day of the year, with the exception of those times that the CORI servers
are not operational due to maintenance. Agencies must directly input data into
the server from their own locations using Internet Explorer and their own
Internet provider. CORI is not responsible for agency’s hardware, software,
networks, Internet access, and not responsible regarding how to best establish
this technology in the agency. Data must be into the data warehouse and
filtered through a security model and Active Server Pages. Thus, agencies may
only have access only to client data related to their own agency. Agencies use
their own data for case management and outcome reporting requirements. Each
agency has the capability to print any data contained within the HOMES
database. Case and agency reports developed for the HOMES are based upon
requests by the member agencies for specific information, reporting formats,
and/or funding/regulatory bodies.
Data Storage
Data is stored using an SQL database connected to a web server. The SQL
database must not have direct access to an Internet line. Only the Internet web
server can have direct access to the internet line. CORI will retain data
entered into the HOMES Database on CORI servers, and:
-
CORI servers must be separate from all of its associate agency operational
servers,
-
The CORI server room must be locked at all times unless being services by a
database administrator,
-
Back-ups to the server data must occur every business day and the back-up tapes
are kept in a separate location,
-
The most recent monthly back-up tapes cannot be taken off the fiscal agent
site.
Access to CORI Servers
-
Access to CORI servers through the Internet can only occur using agency SSL
ID’s and Passwords and using Personal ID and Passwords,
-
Associate Agency personnel will only have a maximum of Evaluation Group level
access, no greater,
-
Associate Regional Agency personnel will only have a maximum of District level
access, no greater,
-
Only the Database Administrators, CORI Executive Director, and Trainers will
have the highest security level, Database Administrator Access,
-
Only the Database Administrators and CORI Executive Director have full access
to the servers.
Unauthorized Access to CORI Servers -
Unauthorized access and hacking will be monitored each business day. The
Executive Director of the CORI will be notified of all unauthorized accesses.
-
The IP address of persons who attempt unauthorized access will be documented
and once identified, they will be immediately locked from use of the CORI
servers.
-
In cases where any data was attempted to be downloaded and/or access was
attempted to be restricted to users, then relevant authorities will be
contacted and possible charges laid.
-
In cases where unauthorized access was suspected and the user was locked out,
the user must contact the Director of the CORI to reinstate the user’s access
to the CORI database. In all such cases, appropriate reasons for suspected
unauthorized access must be given for the reinstatement to occur.
Microcomputing Controls
In addition to the above procedures, all development of the web pages and SQL
design must be tested on developmental servers prior to upgrading web pages and
SQL design on the public access servers. The developmental servers must not be
connected to the CORI web servers and cannot leave the CORI office.
Upgrades to software and hardware technology must occur at regular, minimally
annual, intervals. However, depending on the nature of the software on the
server, upgrades to the software may occur more regularly. Users must be given
at least one week notice when a major upgrade to software code occurs or when
the servers are shut down for maintenance purposes.
Virus checking software must be upgraded every two business days. Servers must
be cleaned of viruses on the same day as the software upgrade or more often
depending on the types of viruses that are current.
Database Architecture
Public release of HOMES architecture, code, and other proprietary information,
such as server IP addresses, is prohibited by CORI staff unless approved by the
Executive Director and CORI Board. Backup knowledge of the architecture and
code of the CORI system must be retained by the fiscal agent of CORI.
The HOMES system includes use of an ISDN line, firewall, web server, SQL
server, and a special application server (i.e. for spell checking or other
applications).
Web page development must use security filtering code to ensure that each
agency may only add, view, and edit data specifically related to their
accounts. Such code will be written using HTML, SQL, ASP, VB, JAVA, and JAVA
Script computer languages.
CORI code and structure relating to the SQL database is broken into three
components: data tables, reference tables, and stored procedures. Release of
SQL code information, including when users view “source” code of the HTML Web
pages, must not contain specific names of the data tables, reference tables,
stored procedures, or other references to the system architecture.
