ICES has special designations under Ontario’s Personal Health Information Protection Act and the Coroners Act. These are designations granted by the Information and Privacy Commissioner of Ontario based on reviews of our privacy and security policies, procedures and practices. ICES is one of a handful of organizations with these designations, which are subject to ongoing IPC oversight and renewal every three years.
ICES leads cutting-edge studies that evaluate the health system and the health or safety of the public. The foundation of this important work is the ICES Data Repository, which contains coded information from Ontario’s health system and other sources, such as the Chief Coroner of Ontario and other provincial and federal bodies.
The ICES Data Repository is based primarily on administrative records generated by Ontario’s publicly funded health system from 1986 to present. The repository also includes data from registries, surveys and research, and from government ministries and public agencies outside the health sector. These data are collected mostly by Ontario’s Ministry of Health and Long-Term Care, health care providers, and other ministries, agencies and research organizations.
If you have been a resident of Ontario and eligible for universal health coverage since 1986 some of your information is certain to be contained in the ICES Data Repository. By visiting the Data Dictionary on our web site and knowing your own history of contact with the province’s publicly funded health system, you can gain a good idea of what information ICES has about you.
The vast majority of information that comes to ICES arrives in identifiable form. It is received by a small, select group of individuals who are charged with removing any direct personal identifiers, such as your name and health card number, and replacing these with a confidential code called an ICES Key Number (IKN). The IKN is stable and present in all source data files at ICES, which allows them to be linked at the person level over time.
While ICES has historically avoided individual contact for its studies, we are currently piloting a small number of research projects called “patient contact studies.” Patient contact studies aim to involve individual Ontarians in studies of ways to improve the health care system. Individuals who potentially meet the criteria for these studies based on prior health services received are contacted, potentially by their primary care providers, to confirm their eligibility for the study and to gauge their willingness to participate, after which fully informed consent is obtained. All ICES patient contact studies are reviewed by ICES’ Executive Committee and our Privacy & Legal Office, and are also overseen by an Ontario Research Ethics Boards.
ICES employs a variety of security controls to ensure the confidentiality, integrity and availability of the data entrusted to it. This includes a robust policy framework based on industry best practices that govern the implementation of administrative, physical and technical safeguards and security technology. As a Prescribed Entity, ICES is subject to a comprehensive audit of policies and procedures every three years by the Office of the Information and Privacy Commissioner of Ontario, that reviews all aspects of our privacy and cybersecurity programs.
ICES shares information in two situations only: (1) with researchers who have obtained approval from a research ethics board, and (2) with other organizations designated as prescribed entities or prescribed persons under either PHIPA or the Coroners Act. Sharing data enables the important work done by independent researchers and other organizations, and is explicitly permitted under PHIPA and the Coroners Act.
If you have complaints about ICES’ information handling practices or its compliance with PHIPA and/or the Coroners Act, please contact ICES’ Chief Privacy & Legal Officer, verbally or in writing:
If you are unsatisfied with the response provided by ICES, you may direct your complaint to the Information and Privacy Commissioner of Ontario (IPC):
Office of the Information and Privacy Commissioner of Ontario