You are using an outdated browser. We suggest you update your browser for a better experience. Click here for update.
Close this notification.
Skip to main content Skip to search

Request Data for Research

CCO accepts data requests for record-level data for research purposes from researchers, health system providers and government organizations. Once a data request form is submitted, our staff will work with applicants to determine the feasibility, timelines and cost of the requested data.

Data Request Process

We encourage applicants to contact the Data Disclosure Team as early in the research approval process as possible. By contacting the team early, applicants will get a better understanding of data availability and its limitations, expected timelines and estimated costs associated with the data request. 

Note: Even with this initial review by the Data Disclosure Team, the application package is not considered complete without all of the required documentation.

How the Process Works

A typical research data request requires input from a number of teams across CCO: 

Once the completed application package is submitted, a feasibility assessment is conducted to ensure CCO has the ability to complete the request.

  1. The Data Disclosure Team then works with the research team who submitted the application to draft the dataset creation plan and estimate the cost of the request.The request is reviewed by the Data Disclosure Working Group, comprised of research, privacy and data subject matter experts. 
  2. The working group recommends the request for approval by the Data Disclosure Subcommittee. Once approved, the research team signs the Research Data Disclosure Agreement. Once the agreement is signed, CCO analysts can begin the work. This may include creating a cohort for a study, extracting the data required, linking multiple datasets and quality assurance steps. 

Dialogue with the research team may be required. Upon completion of the data extraction and quality checks, as well as payment by the applicant, the data is disclosed in a secure manner.

How Long the Process Takes

The time from intake to data disclosure will depend on several factors, including the completeness of the application package and the complexity of the request. A fulfillment time estimate will be provided as part of the dataset creation plan.

Requestors should plan for approximately 2 months from the submission of the application package to the approval of the request by the Data Disclosure Subcommittee. This length of time can be reduced if the Research Data Request Form is as complete as possible.

The complexity of a request is determined by:

  • number of data sources required
  • type of data required (some datasets are more complex than others)
  • size of study cohort
  • whether the cohort is generated by the Cancer Care Ontario analyst
  • type of quality assurance steps required

For simple data requests, where the data is derived from a single dataset (e.g., the Ontario Cancer Registry only),  the estimated fulfillment time is 60 business days from the signature of the Research Data Disclosure Agreement and payment of the administrative fee. For a complex request (where data is derived from multiple data sources and a cohort is generated by the CCO analyst), a fulfillment time estimate will be provided as part of the dataset creation plan.

Application Deadlines

A package submission deadline is set for each month of the year.

January 2019 12/12/2018
February 2019 01/23/2019
March 2019 02/20/2019
April 2019 03/20/2019
May 2019 04/17/2019
June 2019 05/22/2019
July 2019 06/19/2019
August 2019 07/24/2019
September 2019 08/21/2019
October 2019 09/18/2019
November 2019 10/23/2019
December 2019 11/20/2019

Please note, your application will only be reviewed at the next working group meeting if:

  • the Application Package is complete
  • the Application Package is submitted prior to the deadline
  • the Working Group has not reached the monthly capacity

A review by the Data Disclosure Working Group does not guarantee approval by the Data Disclosure Subcommittee.

Required Documents

To complete the application package, the following documents are required:

  • A research plan.
  • Approval letter from a Research Ethics Board (REB). The REB must meet the requirements of s.44(2) of the Personal Health Information Protection Act, 2004 (PHIPA) and s.16 of Ontario Regulation 329/04 (see Data Request FAQs for more information on PHIPA and REB).
  • A copy of the REB application form, including relevant requests for amendments.
  • Evidence of funding approval to cover costs associated with the data request.
  • Name of the sponsoring organization and/or grant details.
  • Components of the dataset creation plan, if applicable.

Cost Details

An administrative fee of $2100, as well as an hourly analytical fee of $75 per hour, will be applied to all research data requests. If the request for data involves disclosure of pathology reports, an additional hourly analytical fee of $37.50 per hour will be applied for pathology report extraction.

  • The administrative fee accounts for the time and effort required for request intake, feasibility assessment as well as bringing research data requests before the Data Disclosure Subcomittee. The administrative fee is invoiced once approval has been granted. Payment is required before data extraction can begin.
  • The analytical fee accounts for execution of the Dataset Creation Plan, which may include identifying study cohort(s), data extraction, linking multiple datasets and multiple quality assurance steps.
  • The pathology report fee accounts for the work required to extract reports from CCO’s pathology databases.

A second invoice for the analytical hours, including the pathology report extraction hours, will be sent with the final data disclosure. Data will not be disclosed until the administrative fee is paid. Where a complex data request involves a multi-staged dataset creation plan, disclosure and invoicing may be broken out into stages. A staged schedule will be agreed upon by the Principal Investigator and CCO in advance.

Estimating the Cost of Data Requests

Where requested, the Data Disclosure Team will support researchers in their grant submission by providing a cost estimate of the data request in advance of submission of the application package. The accuracy of the estimate will depend on the level of detail the requester provides about the data they will be requesting. The estimate will be based on the complexity of the data request (e.g., size of the cohort, number of databases to be linked, number of data elements etc.). 

A cost estimate by the Data Disclosure Team typically takes 2-4 weeks, depending on complexity of the request. Please note, provision of a cost estimate does not guarantee approval by the Data Disclosure Subcommittee.

Data Handling Guidelines

Preferred Method of Data Transfer

For the purposes of data disclosures, CCO’s method of choice is managed file transfer (MFT). MFT is used to provide secure external data transfers through a network. Users can send or receive files using a client application or via a web interface. During the intake phase of a data request, the Data Disclosure Team will provide applicants with a form to set up an MFT account. Once the account is set up, applicants will receive further instructions on how to access the data files.

Retaining Data Guidelines

Records of personal health information (PHI) disclosed by CCO for research purposes must not be retained for a period longer than the time set out in the approved research plan. Researchers must destroy all data provided by CCO within 60 days of the date indicated on the Research Data Request Form.

Destruction of Data Rules

Data disclosed by CCO for research purposes must not be retained for a period longer than the time set out in the approved research protocol. Researchers must destroy all data provided by CCO within 60 days of the date indicated on the Research Data Request Form.

CCO data must be destroyed within 60 days of the date indicated in the application package. The researcher should supply CCO with a Certificate of Destruction setting out the date, time and location of the secure destruction, the method of secure destruction employed, as well as details of the items destroyed. The Certificate of Destruction will bear the signature of the persons who securely destroyed the information. A Certificate of Destruction from a third party service provider will be acceptable if it contains all of this information required. A copy of a Certificate of Data Destruction can be obtained by contacting


Email the Data Disclosure Team with questions about the data request process.