Privacy Act Notice
Introduction
The Medical Research Institute of New Zealand (MRINZ) conducts clinical trials (also known as studies). This involves collecting, processing, analysing and storing information, including personal data (i.e. relating to identifiable living individuals).
The New Zealand Privacy Act (2020) defines responsibilities for organisations that collect and process personal data. This Privacy Notice explains how the MRINZ will comply with the Privacy Act with respect to your privacy and rights.
What sort of information do we collect?
Clinical trials require the collection of health and study-related information from participants. Personal information such as name and contact details may also be collected to allow our research coordinators and investigators to manage the study administration effectively.
Why do we collect your information?
Our business is to investigate the causes of public health problems. The knowledge we gain is used to improve the prevention and treatment of diseases for people both in New Zealand and abroad. Our clinical trials protocols are approved by the Health and Disability Ethics Committees of New Zealand (HDEC). Protocols define how a study will be conducted, including the information required to answer the research question(s). We therefore collect only the information we need for our research.
How do we collect your information?
We collect most of our information directly from you, your health records or study procedures. Before enrolling, you will be asked to read an HDEC-approved Participant Information Sheet and Consent Form (PISCF) that describes the study, including how study information will be collected. Note that study participation is voluntary; no-one will force you to take part, and you may withdraw at any time without giving a reason for your decision. However, we generally need to retain the information we collect to the point of your withdrawal, in order to maintain the study data integrity.
Participants in our Intensive Care Unit (ICU) studies may not be able to give consent prior to study data collection. Special ethically-approved procedures apply in these scenarios.
How will we use your information?
We perform data quality checks to ensure the data we hold are correct and complete, following which our statisticians analyse the pooled study data to find out the study results. Our study findings are often published in the world's leading medical journals, but may form part of a regulatory submission for a new medication.
If we plan to use study data for additional purposes or share the data with other researchers, this will be explained in the PISCF. You may choose whether or not you consent to us using your information in this way. If we share your data with other researchers, data will be anonymised, which means it will not be possible to identify you if your information is shared.
Please note that we will never sell your information to a third party. Also, we will never use or share your information for additional purposes if we have not gained your consent to do so.
Who will see your information?
The study team looking after you will use your name and contact details to contact you during the study. The study database accessed by MRINZ Data Managers and statisticians is de-identified, meaning we distinguish individuals using unique participant ID numbers, so you will never be personally identifiable from any report we publish. The PISCF will define other people who may need to see your information to ensure the study is being conducted correctly. This is a regulatory requirement that applies to all studies.
The Privacy Act gives you the right to ask to see the information we hold about you, and ask us to correct information you think is wrong. We will comply with requests as far as possible, but be aware that the information we collect will be verified against source, so there is only a small chance of data being incorrect.
Security and Privacy
We take your privacy and our information security seriously. MRINZ study databases are held on servers hosted by Amazon Web Services in Australia. Your information will therefore be protected by state-of-the-art security measures. We restrict database access to named, approved users, and the only people able to access your identifiable information will be the study team, study monitors, and, in an emergency, database administrators.
MRINZ data managers, medical monitors and other staff who need to access the study database cannot identify you from your study participant ID. MRINZ staff undergo cyber security and privacy training, and must comply with policies and procedures designed to ensure they understand and comply with their legal obligations to protect your privacy at all times.
How long will we keep your information?
Clinical research is governed by national and international laws and regulations, so retention requirements can vary (mostly around 10-15 years post-study). The study protocol will specify how long your information will be kept. During this time, your information will be archived in conditions with highly restricted access (this applies both to paper and electronic records). At the end of the archival period, your information will be destroyed in line with current local policies for data destruction.
Contact Database
To aid study recruitment, individuals who have enquired about, or been recruited to our MRINZ studies, may be invited to consent to us holding their information in our Contact Database. We store contact details and relevant health information to help us determine suitability for specific studies. The information presented in this Privacy Notice should help you decide if you would like us to hold your details in our Contact Database. An understanding of this Privacy Notice will form a part of the Contact Database consent process before we can collect your information. We will contact you periodically to check you are still happy for us to hold your information in the Contact Database, and will remove your details if you ask us to, or if we become unable to contact you.
Further Information
If you would like further information regarding this Privacy Act Notice, please email the MRINZ Privacy Officer at john.martindale@mrinz.ac.nz