- Home
- About ICES
- Data Lifecycle
How is my data used for analytics and research projects at ICES?
Data Lifecycle
When we talk about your data we’re referring to pieces of information about you and others from different sources that can be grouped together and used for analytics and research.
Much of the data we have are about your interactions with Ontario’s health system. This includes things like a hospital visit or having a prescription filled.
The diagram below demonstrates the lifecycle of your data at ICES. Throughout the different stages of the lifecycle, we take great care to ensure your data is kept confidential and secure.
Data Lifecycle: Detailed Overview
ICES assesses whether it is able to collect data from an external source (e.g., a hospital, a researcher, etc.) We identify data providers whose information helps us to conduct analytics and research about Ontario’s health system.
ICES’ Privacy Services team conducts privacy assessments, including reviews of relevant privacy legislation, contracts, and internal policies and procedures, to confirm whether our collection of data is legally permissible.
We sign agreements with data providers before receiving their data.
Our Legal Services team negotiates, drafts and reviews legal agreements, which set out the rules for how we can use (and sometimes disclose) the data.
Data are sent to ICES using secure methods.
Data transfers are sent to ICES encrypted while in transit using industry best practices
Example:
- Bob Dylan
18 Folk Street
Toronto, Ontario
M4G 2K5
May 24, 1941
HC #: 1893 657 980
Health and clinical attributes
Data collected by ICES are stored in a secure environment. Access to the data at this stage is limited to a small group of ICES staff who need access to desensitize the data in preparation for use in analytic and research projects.
Only the roles at ICES with a demonstrated ‘need to know’ are permitted to access data in its fully identifiable form.
Personal identifiers are removed to “code” the data.
Using a confidential algorithm, every Ontarian is assigned a unique, 10-digit number based on their original OHIP number, called an ICES Key Number (IKN). The IKN allows individuals’ records to become linkable across different data and over time without the use of direct identifiers.
If data received by ICES does not include OHIP numbers from which IKNs are derived, we utilize other record linkage techniques, such as Fuzzy Matching, to match by individuals’ first and last names, dates of birth, and sex with ICES’ register database, after which their OHIP numbers can be added to the data
Removed:
- First Name and Last Name
- Street Name and Number, Apt. Number
- Hospital Chart number
Encoded:
- OHIP Number
- Physician Number
- Study Number
Example:
- Male
Toronto, Ontario
M4G 2K5
May 24, 1941
IKN (Encoded OHIP #)
Health and clinical attributes
Data are now considered Coded.
Indirect identifiers, such as birth dates and postal codes, are retained in the Coded data for analytics and research that may include age and location as factors in individual and/or population-level health.
- Male
Toronto, Ontario
M4G
1941
IKN (Encoded OHIP #)
Health and clinical attributes
Record linking is performed (if needed) with the Coded data.
Record linking involves the linking of two or more datasets that involve the same individuals, using a persistent, anonymized identifier (the IKN). Record linking can result in the creation of new types of information about these individuals while maintaining their anonymity.
Coded data are now available to be used securely at ICES.
The original data with direct identifiers are securely destroyed. We retain backup copies of the original data until permanently overwritten. They are not allowed to be restored once data on our production servers have been destroyed, in accordance with contractual agreements with our data providers and our retention policies.
Multiple copies of the data are created with different levels of access available to different roles. Access depends on the role and needs of individuals working with the data.
For example, an Analyst working on an ICES project is given “Level 1” access and is permitted to see individuals’ full dates of birth and/or postal codes because that level of data is necessary for the Analyst to perform their duties. Another ICES staff member working on the same project may be given “Level 2” access, which means access is provided only to patients’ year of birth and/or the first three digits of their postal code.
Access to Coded data by ICES project teams is administered on a per-project basis.
Requests for access to Coded data for the purposes of a project are reviewed by senior scientists and ICES’ Privacy & Legal Office.
A designated project member creates linked, analytic-ready datasets tailored to answer their specific health analytic or research question(s).
- Male
Toronto, Ontario
M4G
1941
IKN (Encoded OHIP #)
Health and clinical attributes
Data are accessed within ICES’ secure data and analytics platform via secure login.
Members of a project team are provided access as per our role-based access policies and procedures. Access requires a user account and login credentials.
- Male
Toronto, Ontario
M4G
1941
IKN (Encoded OHIP #)
Health and clinical attributes
Data minimization principles are applied for health system analytics and research.
Members of a project team conduct analytics/research on the minimum amount of data needed for the purposes identified for the project.
Analytic findings are assessed to ensure they are “risk cleared,” i.e., it is not reasonably foreseeable the data could be used to identify an individual.
Once risk cleared, the analytic findings are no longer considered to be identifiable personal health information.
Findings can be released to stakeholders and the public, and can be disseminated in journals, books, and reports.
ICES provides only aggregate results in reports and other publications.
Assessments are conducted regularly to ensure that ICES complies with its legal and compliance obligations.
Our Privacy, Legal, Cybersecurity, Compliance and Risk teams have a duty to ensure that ICES is only collecting, using, and disclosing data as permitted.
At ICES, we regularly review these data lifecycle processes to make sure that your data are being collected, used and shared in a way that ensures the confidentiality and security of your data.