Skip to main content

Approvals & Agreements

Please note that the responses are for guidance only and do not constitute legal advice. Please contact Research Privacy at holly.longstaff@phsa.ca if you have specific legal questions and the appropriate consultation will be arranged.

 

We are working on ways to streamline the privacy review and information sharing processes for studies that involve multiple health authorities and institutions beyond PHSA. The group leading this effort is called the Privacy and Research Advisory Group (PRAG). For more information on how PRAG can help you in your research please visit our New Initiatives to Facilitate Research page.

 

An information sharing plan (ISP) is needed wherever there is an information sharing situation for secondary purposes (i.e. other than provision of direct health care), so it covers research uses. An ISP details the specifics relating to the particular information sharing situation e.g. what the data is, how it is being shared, etc. An ISP is accompanied by an information sharing agreement, which covers high-level legal and governance matters such as security, access and audit rights, disposal, custody and control, dispute resolution etc. 


To avoid the need to enter into an ISA every time information is shared, certain parties have agreed to the General Health Information Sharing Agreement (GHISA). The GHISA sets out a standard set of provisions that apply to any sharing situation. Therefore, if there is sharing of data between any two GHISA parties, all that is required is an ISP to detail the specifics of the information being shared; the GHISA provisions automatically apply to the sharing situation. Where a non-GHISA party is involved, either the non-GHISA party can be on-boarded to the GHISA or the party can enter into an ISA. 


Remember that the parties with whom you are sharing are bound by the sharing agreement(s). There are restrictions around how data can be used after it is shared. The information sharing agreement you develop should specify that these data may not be used except for the stated purpose outlined in the agreement and there should be no attempts made to link the data, etc. Research Privacy can help you develop these agreements and make sure that legal counsel is consulted when appropriate. It is important to keep in mind that the steps you take must be reasonable given the circumstances. You can never eliminate all possible risks under all circumstances when data sharing.

 

Desperately Seeking Signatures?


Referencing the PHSA Signing Authority Policy (PDF), item 15 of the Contracting Authority Matrix states that research contracts are to be entered into by the relevant functional officer as set out in the Spending Authority Matrix (see Attachment 2 to the policy on page 13).


The Spending Authority Matrix sets out the spending levels along with the appropriate signing person. Generally speaking, research agreements (unless they are grant agreements) don’t involve money, with most being data exchange/sharing arrangements. In those instances, a person no lower than a director (e.g. program director/medical director) should sign off on the agreement. That way, we can be sure that entering into the agreement is authorised by someone who has overall responsibility for the relevant program/area.‎


The process for acquiring signatures really involves two sets of responsibilities as described below. First, the person seeking signatures must do their best to ensure that they have selected the correct person to sign the agreement. Second, the person signing on behalf of the PHSA body must recognize that they are binding that PHSA body (and not the individual) to the agreement.

Please consider the following: 

1. If you are seeking signatures:

Generally speaking, a person no lower than a Director (e.g., Program Director/Medical Director) should sign off on the agreement. That way, we can be sure that entering into the agreement is authorised by someone who has overall responsibility for the relevant program/area.


2. If you are signing on behalf of a PHSA body: 

Those individuals signing on behalf of a PHSA body bind that body to the stipulations within the agreement even if they did not actually have the authority to sign. If you are asked to sign an agreement, it is your responsibility to ensure that you have the authority to do so. The other signatories cannot be expected to know our signing process at PHSA. When you sign, you sign on behalf of the body you represent. Even if you leave your position at PHSA, the PHSA body is still bound to the agreement. There is no time limit to the agreement except those limits indicated in the agreement itself. That is why it is vital to keep a repository of all agreements your body has signed over the years. New personnel should be able to review these documents in order to educate themselves about what the body has agreed to over the years.


 

‎Data sharing within PHSA between PHSA Programs 

Use the new PHSA Intra-Program Data Sharing Form. This form provides information for data transmission, privacy and security, and use when sharing data between PHSA programs. All parties must agree to the conditions in this one page document and keep a copy of the form for each of their files. Contact Research Privacy for more information. 


Data sharing with parties external to PHSA

To avoid the need to enter into an Information Sharing Agreement (ISA) every time information is shared, certain parties have agreed to the General Health Information Sharing Agreement (GHISA). The GHISA sets out a standard set of provisions that apply to any sharing situation. Therefore, if there is sharing of data between any two GHISA parties, all that is required is a brief Information sharing plan (ISP) to detail the specifics of the information being shared; the GHISA provisions automatically apply to the sharing situation. Where a non-GHISA party is involved, either the non-GHISA party can be on-boarded to the GHISA or the party can enter into an ISA.  

Sharing data from a PHSA database with another PHSA study team 

‎If the researcher has REB approval, and the director or relevant authority who governs your database has approved this study, and the information that you provide is de-identified and stays within PHSA, then no other documentation or approvals are necessary.

Sharing de-identified data with a private company as part of a research study 

There are a number of issues you should consider before you engage this private company. 

First, you should identify who from the company will have access to the data. That way, they can be listed as an authorised user.  If you simply list the entity itself, it then becomes a question of who is authorised to sign on behalf of the entity and who within the organization has access to the data. From a control perspective, it is better to list the individuals involved. 

Second, even if the company is a private entity, your group is considered a public body since it is within PHSA. So this private company will have to comply with FIPPA and any other legislation that applies to your group within PHSA. Similar to a Canadian private company, a US based private company is also required to comply with FIPPA and any other legislation that applies to your group within PHSA. In other words, the governing privacy law in BC applies. This is something that should be made clear in your data management plan and sharing agreement. In addition, the private company should be aware of this before they receive any data. 

The third issue concerns the de-identification of the data. It is acceptable to transfer de-identified personal information inside or outside of Canada.

Who can help me with these agreements? 

Your Research Privacy office can help you with these processes and may send you to our PHSA agreement experts at the Technology Development Office (TDO)

 

‎How the Technology Development Office (TDO) can help 

The TDO drafts, negotiates and executes agreements on behalf of PHSA researchers with external institutions and commercial entities. Note that individual scientists and personnel are not usually authorized to sign agreements with external parties and so doing may expose themselves to legal liabilities. The TDO is responsible for preparing and signing:

  • Non-Disclosure Agreements (NDAs)
  • Material Transfer Agreements (MTAs)
  • Service Agreements
  • Collaborative Research Agreements (CRAs)

Research Partnering

The TDO acts as a networking and information resource to assist researchers seeking industry expertise for specified projects. They help bring together parties with mutual interests for collaborative efforts and will aid in identifying sources of private and government funding.


For more information please contact their office


 

SOURCE: Approvals & Agreements ( )
Page printed: . Unofficial document if printed. Please refer to SOURCE for latest information.

Copyright © Provincial Health Services Authority. All Rights Reserved.

    Copyright © 2021 Provincial Health Services Authority