Since participant data will form the bedrock of the Precision Medicine Initiative (PMI), those who gather, store and use that information will have to give more than lip service to protecting it and using it responsibly.
The White House last week released a data security framework to ensure patient privacy is integral to the collection and use of personal health and genetic data that will be the building blocks for personalized cures and diagnostics.
The framework and principles it’s based on come more than a year after President Barack Obama unveiled the PMI, which called for the development of a national research cohort of at least 1 million volunteers who would contribute their health information to be used in curated databases open to researchers. (See BioWorld Today, Feb. 2, 2015.)
A key principle underlying the newly released framework is that data security systems must be constructed with a “participant first” orientation when identifying and addressing risks. Thus, security practices and controls are meant to protect the integrity of the data and patient privacy – not as a reason to deny participants access to their own data or as justification for limiting appropriate research uses of the information.
Because security, medicine and technology are all evolving rapidly, organizations involved in collecting and using the data should consider security a core element of their culture and services, and ensure that their security processes and controls are adaptable and updatable, according to the framework, which is modeled on the National Institute of Standards and Technology (NIST) cybersecurity framework.
In designing data security systems, organizations participating in the PMI cohort should:
• preserve data integrity so the data are dependable;
• develop evaluation and management plans to address key risks, while enabling science and research to advance;
• provide participants and other relevant parties with clear expectations and transparent security processes;
• minimize exposure of participant data and keep participants and researchers aware of breaches.
The framework stressed the collaborative nature of the cohort and security efforts, urging organizations to share their experiences and challenges so they can learn from each other instead of repeating mistakes.
Work in progress
When Obama announced the initiative in January 2015, he promised that patient data would be protected. “We’re going to make sure that protecting patient privacy is built into our efforts from day one,” he said.
However, the data security measures remain a work in progress. The next step is for PMI organizations to use the framework’s recommendations for identifying risks, protecting data, detecting threats and responding to breaches to develop and implement detailed guidelines tailored to their specific data security needs.
To help with that effort, the Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights are partnering with NIST, other government agencies and various stakeholders on the development of a precision medicine-specific guide to the NIST cybersecurity framework by December.
Although the data security guidelines are still in development, the NIH and other research groups have been forging ahead on the PMI cohort. The NIH reported Thursday that it is awarding $142 million over five years to the Mayo Clinic to establish the world’s largest research-cohort biobank for the PMI program.
The funds will support the collection, storage and research distribution of biospecimens. Lab analyses of the biospecimens will include chemical and genetic tests, the results of which will be combined with cohort data from volunteers’ lifestyle and health questionnaires, medication history, electronic health records, physical exams, and environmental exposures and real-time physiology tracked through mobile health technologies. The data will enable researchers to study individual differences in health and disease, the NIH said.
In exchange, the Mayo Clinic will store, analyze and make available to researchers more than 35 million biospecimens and associated data. Biobank staff will follow detailed policies to safeguard the collection against contamination and protect participant confidentiality, according to the NIH.
This is not the NIH’s first PMI-related award. It granted a contract to Vanderbilt University in February to launch the first phase of the cohort. Working in collaboration with Verily, formerly Google Life Sciences, Vanderbilt planned to have 79,000 volunteers in the pilot project by the end of this year. (See BioWorld Today, Feb. 26, 2016.)
More awards are in the offing. In preparation for the main launch of the cohort later this year, the NIH expects to provide additional funding in a few months for a coordinating center, participant technologies center and health care provider organization enrollment centers.