What is “Privacy”?
Privacy is the intrinsic right of people to have their personal information (of whatever kind) kept private and undisclosed. It is also refers to individuals being able to exercise the right to be left alone. These rights are protected by law.
At SSRI, we are ever mindful of ethics and the rights to privacy throughout all our operations. We aim to set high standards for ourselves and be an example to other organisations.
What is “personal information”?
Personal information can be either significant e.g. your medical history or insignificant e.g. your telephone number. For the purposes of this Policy, personal information is that relating to an individual which SSRI may obtain from the individual for the purposes of undertaking a relationship or business with that individual and this includes research.
Personal information may include details of your:
Anyone who deals with SSRI including those who participate in research or donate funds, have the right at all times to request their personal details not be released to any other person or organisation except as required by law.
Why we collect personal information
It may be necessary for SSRI to collect personal information for a range of reasons related to either the research, business or other activities of SSRI.
How is personal information used by SSRI?
SSRI uses (always with permission) personal information in one or more of the following ways:
As part of its operation, SSRI may collect a host of information. It is essential, however, that any and all information collected is necessary for what SSRI does and that once SSRI obtains information its records are kept safe, updated when found to be inaccurate, and destroyed when no longer needed. Finally, if SSRI is passing on any collected information to another organisation or person, it must ensure that party is entitled to receive the information and has let the person whose information it is know that it is being released.
All research conducted by SSRI involving human participants must comply with the National Statement on Ethical Conduct in Human Research 2007 and the Australian Code for the Responsible Conduct of Research 2007. Where research involves the collection or use of individually identifiable or re-identifiable data it must have the approval of a Human Research Ethics Committee.
SSRI must gain informed voluntary consent of all research participants for each project before any information is collected. The data collected and its use must always be in accordance with the terms of consent as well as the specific ethics approval granted for the study.
Storage and security of personal information
SSRI will use all reasonable measures to ensure that personal information is stored in a secure environment and, when no longer needed, destroyed or permanently rendered anonymous. Information collected is generally stored in two ways at SSRI. The first is in electronic (aka “digital”) form – collected either by email or entered into software such as spreadsheets or Socrates (the orthopaedic outcomes software we use). Any and all electronic information is to be kept on password-protected computers. The other way in which data is collected and stored is in hard copy (paper) form. Such data is generally transferred to electronic data and secured as mentioned and the paper shredded. If, however, the paper data is required to be kept (such as a requirement of an ethics review committee) it will then be stored in locked filing cabinets. All data, no matter which format it is stored at SSRI, is de-identified wherever possible. This means that any identifying information such as name or date of birth is removed or otherwise rendered useless as a means of identification.
The usual exception to the above is where data collection (e.g. the results of a pathology or imaging test) require follow up by the surgeon as part of normal medical care. In this case, the identifying data is required in order to ensure proper follow up is undertaken. Once this follow up is completed, the data is then de-identified.
At SSRI, data for studies is generally kept for 5 years onsite, then archived offsite for a further 10 years. This is in accordance with the guidelines for data management provided by the Australian Code for the Responsible Conduct of Research 2007.
The Manager of SSRI acts as the Institute’s Privacy Officer for the purposes of managing personal information kept within all the various areas and systems at SSRI. Personalinformation is to be stored and safeguarded with all reasonable care. SSRI is to only occupy premises that are protected by security alarms when unoccupied. Methods of storing and safeguarding information are to be regularly reviewed with view to continuous improvement.
Accessing and changing personal Information
SSRI attempts to ensure that all personal information collected and stored in its database is accurate. Individuals may at any time request access to personal information that SSRI has collected for either the purpose of updating (correcting) such information or obtaining a more in depth explanation about how it will be used.