Go to content
  • Home
  • About ICES
  • Data Lifecycle

How is my data used for analytics and research projects at ICES?

Data Lifecycle

When we talk about your data we’re referring to pieces of information about you and others from different sources that can be grouped together and used for analytics and research.

Much of the data we have are about your interactions with Ontario’s health system. This includes things like a hospital visit or having a prescription filled.

The diagram below demonstrates the lifecycle of your data at ICES. Throughout the different stages of the lifecycle, we take great care to ensure your data is kept confidential and secure.

This diagram was developed in collaboration with the ICES Public Advisory Council.

Phase 1: Collecting your data

Your health data starts somewhere:

  • ICES is a health analytics and research institute. We work with other organizations like hospitals, laboratories and Ontario’s Ministry of Health to collect your data. Your data lets us conduct analytics and research, which helps us better understand our health system.
  • Your data may come to us from a patient record at a hospital, a survey or from somewhere else. Any time we collect your data from another person or organization, we sign agreements with those data providers. These agreements ensure we all understand how to legally and properly use and protect your data.

Phase 2: Storing your data

The safety and security of your data is our priority:

  • Once an agreement is in place, your data is sent to ICES using highly secured methods.

Phase 3: Encoding your data

Removing the information that could easily identify you:

  • When your data first arrives at ICES, it is usually fully identifiable. This means it includes information like your full name and your OHIP number. The few ICES staff who have access to your data at this point remove these types of information that could easily identify you and replace that information with a code. This same code exists across all of your data from different sources. We call this result Coded Data.
  • Coding means we can use the less identifiable parts of your data, like your age, postal code and health characteristics, for analytics and research while also ensuring we’re protecting your identity.

Phase 4: Linking your data

Looking at the bigger picture:

  • Because the same code is used for all of your data from different sources, we can link different pieces of information about you. This means we can better understand your journey through the health system because we have the full picture of your health care use. On a larger scale, this also means that new information and insights about the health system are discoverable, and we can use that information to better understand the health system.
  • For example, linking together your Coded Data can tell us the reason for a trip to an emergency department, whether you were hospitalized and what prescriptions you were given when discharged. It also lets us evaluate the efficiency of those services.

Phase 5: Accessing and using your data

Ready for access:

  • Now that your data has been encoded and is linkable, it is available for analytics and research.
  • When we receive a request to use your data for a project, we conduct a privacy review to be sure that rules are being followed to ensure the confidentiality and security of your data.
  • Once the privacy review is complete, the project team is given access to your data in a secure online environment. Only approved project team members can access your data and the data must stay in the secure environment while the project is in progress.
  • Projects that use your data aren’t looking at your information specifically. They are looking for patterns among groups of people with similar health characteristics.

Phase 6: Sharing your data

Putting your data to use:

  • Once your data are analyzed and ready to be shared, scientists in the project team must make sure that results are presented together in large groups of numbers. This prevents the chance of a single person, like you, being identified when results are shared publicly.

Phase 7: Reviewing the process

Checking in regularly:

  • At ICES, we regularly review these data lifecycle processes to make sure that your data are being collected, used and shared in a way that ensures the confidentiality and security of your data.

Data Lifecycle: Detailed Overview

ICES assesses whether it is able to collect data from an external source (e.g., a hospital, a researcher, etc.) We identify data providers whose information helps us to conduct analytics and research about Ontario’s health system.

ICES’ Privacy Services team conducts privacy assessments, including reviews of relevant privacy legislation, contracts, and internal policies and procedures, to confirm whether our collection of data is legally permissible.

We sign agreements with data providers before receiving their data.

Our Legal Services team negotiates, drafts and reviews legal agreements, which set out the rules for how we can use (and sometimes disclose) the data.

Data are sent to ICES using secure methods.

Data transfers are sent to ICES encrypted while in transit using industry best practices

Example:

  • Bob Dylan
    18 Folk Street
    Toronto, Ontario
    M4G 2K5
    May 24, 1941
    HC #: 1893 657 980
    Health and clinical attributes

Data collected by ICES are stored in a secure environment. Access to the data at this stage is limited to a small group of ICES staff who need access to desensitize the data in preparation for use in analytic and research projects.

Only the roles at ICES with a demonstrated ‘need to know’ are permitted to access data in its fully identifiable form.

Personal identifiers are removed to “code” the data.

Using a confidential algorithm, every Ontarian is assigned a unique, 10-digit number based on their original OHIP number, called an ICES Key Number (IKN). The IKN allows individuals’ records to become linkable across different data and over time without the use of direct identifiers.

If data received by ICES does not include OHIP numbers from which IKNs are derived, we utilize other record linkage techniques, such as Fuzzy Matching, to match by individuals’ first and last names, dates of birth, and sex with ICES’ register database, after which their OHIP numbers can be added to the data

Removed:

  1. First Name and Last Name
  2. Street Name and Number, Apt. Number
  3. Hospital Chart number

Encoded:

  1. OHIP Number
  2. Physician Number
  3. Study Number

Example:

  • Male
    Toronto, Ontario
    M4G 2K5
    May 24, 1941
    IKN (Encoded OHIP #)
    Health and clinical attributes

Data are now considered Coded.

Indirect identifiers, such as birth dates and postal codes, are retained in the Coded data for analytics and research that may include age and location as factors in individual and/or population-level health.

  • Male
    Toronto, Ontario
    M4G
    1941
    IKN (Encoded OHIP #)
    Health and clinical attributes

Record linking is performed (if needed) with the Coded data.

Record linking involves the linking of two or more datasets that involve the same individuals, using a persistent, anonymized identifier (the IKN). Record linking can result in the creation of new types of information about these individuals while maintaining their anonymity.

Coded data are now available to be used securely at ICES.

The original data with direct identifiers are securely destroyed. We retain backup copies of the original data until permanently overwritten. They are not allowed to be restored once data on our production servers have been destroyed, in accordance with contractual agreements with our data providers and our retention policies.

Multiple copies of the data are created with different levels of access available to different roles. Access depends on the role and needs of individuals working with the data.

For example, an Analyst working on an ICES project is given “Level 1” access and is permitted to see individuals’ full dates of birth and/or postal codes because that level of data is necessary for the Analyst to perform their duties. Another ICES staff member working on the same project may be given “Level 2” access, which means access is provided only to patients’ year of birth and/or the first three digits of their postal code.

Access to Coded data by ICES project teams is administered on a per-project basis.

Requests for access to Coded data for the purposes of a project are reviewed by senior scientists and ICES’ Privacy & Legal Office.

A designated project member creates linked, analytic-ready datasets tailored to answer their specific health analytic or research question(s).

  • Male
    Toronto, Ontario
    M4G
    1941
    IKN (Encoded OHIP #)
    Health and clinical attributes

Data are accessed within ICES’ secure data and analytics platform via secure login.

Members of a project team are provided access as per our role-based access policies and procedures. Access requires a user account and login credentials.

  • Male
    Toronto, Ontario
    M4G
    1941
    IKN (Encoded OHIP #)
    Health and clinical attributes

Data minimization principles are applied for health system analytics and research.

Members of a project team conduct analytics/research on the minimum amount of data needed for the purposes identified for the project.

Analytic findings are assessed to ensure they are “risk cleared,” i.e., it is not reasonably foreseeable the data could be used to identify an individual.

Once risk cleared, the analytic findings are no longer considered to be identifiable personal health information.

Findings can be released to stakeholders and the public, and can be disseminated in journals, books, and reports.

ICES provides only aggregate results in reports and other publications.

Assessments are conducted regularly to ensure that ICES complies with its legal and compliance obligations.

Our Privacy, Legal, Cybersecurity, Compliance and Risk teams have a duty to ensure that ICES is only collecting, using, and disclosing data as permitted.

At ICES, we regularly review these data lifecycle processes to make sure that your data are being collected, used and shared in a way that ensures the confidentiality and security of your data.