8. Enhanced Data Sovereignty Standards
Navigation
This domain of the framework adopts the CIHI (Canadian Institute for Health Information) minimum standard for collecting race-based and Indigenous identity data in health care. As that guidance document explains, while there are many benefits to collecting this variety of data, there are risks and barriers to assess and mitigate. To identify and address inequities in digital mental health care, prioritizing the safe and appropriate collection and use of this data will be essential (p. 5).[1] Appendixes A and B provide glossaries of the key concepts and relevant terminology used in this section.
[1] Canadian Institute for Health Information. (2022). Guidance on the use of standards for race-based and Indigenous identity data collection and health reporting in Canada. https://www.cihi.ca/en/race-based-and-indigenous-identity-data
Criteria |
Criteria Origin |
|
| 8a — Q1 | Has the company specifically tasked a representative with considerations on data sovereignty? | MHCC |
| 8a — Q2 | If not, does it consider data sovereignty when collecting ethnicity/race data? | MHCC |
| Criteria | Criteria Origin |
8b — Q1 | Do you engage, listen, and act on the statements of ethnic minority communities and their members (including the most marginalized) regarding processing racial/ethnic data? | MHCC |
8b — Q2 | Can it show evidence of ongoing consultations with ethnic minorities throughout the development of the app? Guidance: Do they continue to listen (according to a schedule) after the initial planning stages? | MHCC |
8b — Q3 | Can the developer show evidence of techniques being used when collecting data (e.g., phone, face-to-face, group discussions)? | MHCC |
8b — Q4 | When collecting race-based data, do individuals give the company informed consent to use their data? | MHCC |
8b — Q5 | Can it show evidence of an explicit agreement not to share, sell, or otherwise use an individual’s race-based data for a new purpose? | MHCC |
8b — Q6 | Does it carefully process individual data while being vigilant not to harm minority communities? | MHCC |
8b — Q7 | Does it take accessibility into account? Guidance: Does the company consider various languages, formats, and individuals with disabilities when handling and sharing data? | MHCC |
8b — Q8 | Does it prioritize minority communities and their responses? | MHCC |
8b — Q9 | Has it set targets for addressing health inequities? | MHCC |
8b — Q10 | Does it have targets for progress monitoring? | MHCC |
8b — Q11 | Does the developer hold some accountability toward minority communities? | MHCC |
8b — Q12 | Can it show evidence of work being done to understand what communities look like in different areas? | MHCC |
8b — Q13 | Can individuals access their collective data and determine who else can access it (without any barriers)? | MHCC |
8b — Q14 | Is there evidence that capacity and infrastructure needs are being accounted for? Guidance: For example: facilitating training or teaching community members how to communicate using data, analyzing data, and connecting with required technology. | MHCC |
8b — Q15 | Does it allow external researchers or organizations access for the purpose of collecting new and current data? | MHCC |
8b — Q16 | Can it show evidence that all individuals’ rights and data — including identifiable, de-identified, and anonymized data — are protected? | MHCC |
8b — Q17i | Have data collectors explained why they are asking for race-based data? | MHCC |
8b — Q17ii | Have data collectors explained what the race-based data will be used for? | MHCC |
8b — Q18 | Have data collectors explained how race-based data will be stored? | MHCC |
8b — Q19 | Have data collectors explained who will have access to race-based data? | MHCC |
8b — Q20 | Is the individual’s right to informed consent and refusal protected from harm or damage with appropriate safety measures? | MHCC |
8b — Q21 | Has the developer clearly told individuals that providing data is not required to receive care and that refusal will not impact their quality of care? | MHCC |
8b — Q22 | Does the developer use additional protective measures when there is a high risk that an individual will be identified? | MHCC |
8b — Q23 | Can it show evidence of specific protection that focuses on preventing all data from being misused? | MHCC |
| Criteria | Criteria Origin |
8c — Q1 | Does the company collect and store data the same way for every community (including minority ethnic groups) — that is, as it would for an individual whose rights or data use is protected? | MHCC |
8c — Q2 | Do you identify First Nations in your data? | MHCC |
8c — Q3 | How are First Nations identified in its data collection? | MHCC |
8c — Q4 | Does the developer provide details on who owns the data? | MHCC |
8c — Q5 | Does it make data available under licence, so that its ownership and terms of use are clear? | MHCC |
8c — Q6 | How does the company establish ownership? | MHCC |
8c — Q7 | Does it document how consent is managed? Guidance: That is, how individuals consent to data usage and storage, and giving them the right to withdraw their consent. | MHCC |
8c — Q8 | Are First Nations given control over their people, communities, and representative bodies? | MHCC |
8c — Q9 | Do First Nations have control over how data is collected, used, and disclosed? | MHCC |
8c — Q10 | Are there any agreements in place regarding control over data? | MHCC |
8c — Q11 | What is the company’s decision-making process for the use of data? | MHCC |
8c — Q12 | Does it document data flow, outlining how it is transferred and used? | MHCC |
8c — Q13 | If yes, does the data flow documentation include what is done after it has been used for all intended purposes? | MHCC |
8c — Q14 | Does it provide First Nations with access to information and data about themselves and their communities, regardless of where they are held? | MHCC |
8c — Q15 | Does the company clearly state who has access to what data? | MHCC |
8c — Q16 | Is training/education provided to all those who have access to data? | MHCC |
8c — Q17 | What data access security/privacy policies and procedures are in place? | MHCC |
8c — Q18 | Does it clearly state that data will be held by a First Nation or a First Nation-controlled entity? | MHCC |
8c — Q19 | For any data not held by a First Nation or a First Nation-controlled entity, what is the explanation? | MHCC |