Currently Viewing:
In Focus Blog
Currently Reading
White House Outlines Data Security Principles for Precision Medicine
May 26, 2016 – Mary Caffrey
Oklahoma Joins List of Red States Eyeing Medicaid Expansion
May 17, 2016 – Mary Caffrey
CMS Expands Alternate Payment Model for Primary Care Doctors
April 11, 2016 – Mary Caffrey
Angelina Jolie's Breast Surgeon to Discuss Hereditary Cancer on Lifetime
March 21, 2016 – Mary Caffrey
Feds Award $94M in Grants to Fight Opioid, Heroin Abuse
March 11, 2016 – Mary Caffrey
How to Get Healthy Food Into Corner Stores, Rural Markets
February 24, 2016 – Mary Caffrey
Rule Says Hospitals, Providers Must Give Patients Access to Records
January 20, 2016 – Mary Caffrey
2015 Dietary Guidelines Call for Less Added Sugar, But Advice on Meat Takes a Detour
January 07, 2016 – Mary Caffrey
When It Comes to Learning Genetic Risks, Patients Have No Regrets
December 11, 2015 – Mary K. Caffrey

White House Outlines Data Security Principles for Precision Medicine

Mary Caffrey
Data sharing in precision medicine has not been without controversy. Some genetic testing companies say security on public databases is less than stellar, giving them a reason to decline sharing their information warehouses.
President Obama’s Precision Medicine Initiative (PMI) cannot work if patients do not feel comfortable sharing healthcare data. On Wednesday, the White House released a security framework—a set of principles to govern data sharing, which will be followed by more specific set of guidelines before the president leaves office.

HHS Secretary Sylvia Mathews Burwell announced the principles in a blog post, stating, “Our greatest asset in PMI is the data that participants contribute, and we want to make sure participants know that their data is protected.”

Burwell said the security framework is based on the Cybersecurity Framework of the National Institute of Standards and Technology (NIST). According to the blog post, the Office of the National Coordinator for Health Information Technology, led by Karen DeSalvo, MD, MPH, MSc, will be charged with convening NIST, related federal agencies and key stakeholders to flesh out the framework with specific guidelines for protecting data in precision medicine by December 2016.

Data sharing in precision medicine has not been without controversy. While many academic researchers chastise those in industry who decline to share data—even accusing them of “hoarding” patient information—some genetic testing companies say security on public databases is flawed, and patients who decide to share their genetic and other healthcare data should understand the risks. Just last week, a disagreement arose between the ACLU and Myriad Genetics, a 25-year-old molecular diagnostics company that declines to share data due to patient privacy and intellectual property concerns.

The White House document calls for data sharing in PMI to recognize the unique issues with patient data, and that sharing ultimately depends on trust that information is being used responsibly. While most patient data used by researchers is de-identified, the document warns, “no de-identification process guarantees that individuals can never be re-identified. Therefore, PMI organizations should not rely on de-identification alone as a security control or as a privacy protecting technique.”

The security framework outlines 5 distinct functions that go on simultaneously, which are needed to assess security performance. They are:

Identify. This step calls for the development of an overall security plan, risk-management strategies for protecting PMI data, developing an independent third-party review process, and a breach notification process.

Protect. This step calls for creating strict protocols for who has access to data, steps for verifying their identity, encryption processes, data maintenance standards, and patient and user education steps.

Detect. In this step, PMI groups conduct ongoing audits to find any breaches, create user logs, and develop networks to share information threats.

Respond. Here, PMI groups develop strategies to contain data if a breach happens, and well as incident response protocols. These include notification steps and naming an “accountable point of contact.”

Recover. All PMI groups must have an “incident breach and recovery plan,” with strong communication steps and a review process.

Copyright AJMC 2006-2019 Clinical Care Targeted Communications Group, LLC. All Rights Reserved.
Welcome the the new and improved, the premier managed market network. Tell us about yourself so that we can serve you better.
Sign Up