We were recently asked by one of PHSA’s Data Stewards to clarify when, if ever, they are allowed to share Personal Health Numbers (PHNs) with research teams working within another Health Authority.
We always prefer that data are de-identified before they are shared to lower the privacy risks to patients and participants. In most cases, Data Stewards can de-identify data before they are shared. They can also take responsibility for linking the data for study teams as well. However, there are times when linking must be done outside of PHSA. When this is the case, we strongly prefer that the linking is done by a trusted third party such as PopData BC.
However, if for some compelling reason the study team must do the linkage themselves and therefore require PHNs, the process becomes more complex since sharing personal information for linking purposes is considered a higher risk activity. PHNs are of course personal information. In addition, linking data can reveal personal information about individuals or be used to identify individuals so great care must be taken to ensure that existing or newly emerging privacy risks to individuals and groups have been managed.
First, the justification for needing the PHNs and conducting the linking outside of PHSA must be significant and compelling. PHSA will want to ensure that all appropriate security, privacy, and ethics standards will be met. The process will also require involvement from the Data Steward, the Research Privacy Advisor, and possibly PHSA legal counsel as well.
Second, an information sharing plan (ISP) would be required between PHSA and the other Health Authority where the linking will take place since that Health Authority would be then taking a governance role over these data. This would be an ISP under the General Health Information Sharing Agreement (GHISA) since the party to whom the data are being disclosed is a Health Authority. To avoid the need to enter into an ISA every time information is shared, certain parties have agreed to the GHISA. The GHISA sets out a standard set of provisions that apply to any sharing situation. Therefore, if there is sharing of data between any two GHISA parties, all that is required is an ISP to detail the specifics of the information being shared; the GHISA provisions automatically apply to the sharing situation. Where a non-GHISA party is involved, either the non-GHISA party can be on-boarded to the GHISA or the party can enter into an ISA.