All participants must consent to participation in the screening program and to the sharing of their data with the CDL RSC (as described in sections above). Organizations can choose to either adopt the CDL RSC Consent Form (link here), or add the required consent language to their own internal consent form. Changes to the Consent Form must be reviewed by CDL.
Data De-Identification and Aggregation
Data collected during the screening program is de-identified, and select data elements are aggregated, prior to sharing with CDL RSC Central Data Infrastructure.
The foundational principles of the outlined de-identification and aggregation process are:
- To ensure privacy and security of participants’ personal information.
- To collect all relevant data elements necessary to assess the operational efficiency, efficacy and impact of the rapid screening program.
- To provide sufficiently granular data to meet reporting requirements of government organizations such as Provincial Health Authorities & Health Canada.
- Participant data that is collected by a pilot site will be stripped of personally identifiable information (e.g. name, contact information, age [range]) prior to sharing with the CDL RSC.
- Data will be de-identified by associating the information with a Unique ID (in lieu of identifiable participant information) assigned by the participating organization for the purposes of:
- Monitoring the frequency and screen results of regularly screened participants throughout the screening program at a participating organization.
- Linking self-reported PCR test results to the rapid screening results of a given participant.
- De-identification will occur in two-steps for the purpose of data privacy and operational efficacy.
Step 1: Participants will be assigned an Unique ID by the Results Manager upon registration.
- For ‘CDL RSC Excel Template’ users: This process is to be explicitly defined and managed at the local screening site.
- For ‘CDL RSC App’ users, this is done automatically upon registration as all participants are assigned a Globally Unique ID (GUID).
- Screen administrators or Healthcare Professionals will record the screening results associated with only the Unique ID of the participant -- thus ensuring the privacy of personal health data at the pilot site.
- The matching list, between Unique ID and personally identifiable information, is to be exclusively maintained and secured at the screening site level.
- The matching list is never to be shared with the CDL RSC for any purpose.
Step 2: The Unique ID that is assigned during Step 1 is converted or ‘hashed’ to a new Unique ID prior to receipt by the CDL RSC.
- This process is defined and managed by the CDL RSC Central Data Infrastructure (CDI) administrator.
- The format of the new Unique ID will be consistent in the CDI for all data entries, regardless of the format of the pilot site assigned Unique ID.
- This two-step process improves data privacy and security. Two separate matching lists, owned by two different organizations, are required for linking the de-identified data in the CDI with the corresponding personal information. Thus, a breach of the CDI-maintained list would not yield access to personal health information of participants.
- Step 1: Participants will be assigned an Unique ID by the Results Manager upon registration.
Aggregate data that is shared with the CDL RSC will not be sufficiently granular to enable identification of any of the organization’s employees.
- In lieu of specific values that may be identifiable, aggregate values have been created instead:
- Age -> Age Range
- Check-in Time & Screen Start Time -> Check-in Length
- Screen Start Time & Screen Reporting Time -> Screen Length
- Check-in Time & Screen Reporting Time -> Total Turnaround Time