- The Precision Medicine Initiative (PMI) is a federal research program that hopes to improve how disease is treated, but there are still healthcare data privacy and security concerns. However, ONC explained in a recent blog post that keeping data secure through PMI remains a top priority.
ONC partnered with the National Institutes of Health (NIH) to launch three separate but related activities to advance PMI. One of those activities is Sync for Science (S4S) API Privacy and Security, which assesses whether S4S API pilots implement appropriate privacy and security principles.
“In this new era, securing the electronic platforms that support sharing data with PMI is paramount,” Chief Scientist Teresa Zayas Caban and ONC Health Scientist Administrator Kevin Chaney wrote. “Data is a foundational underpinning of PMI, and participants should have confidence that data about them are securely shared according to their preferences.”
S4S API Privacy and Security will also “verify and validate necessary safeguards, and provide privacy and security tips to facilitate participants’ sharing of EHR-based clinical data with the All of Us Research Program via the S4S API.”
Approximately one year ago, a PMI security framework was released to ensure that all healthcare organizations understand the security expectations that accompany PMI. The Security Framework was also designed after the National Institute of Standards and Technology (NIST) Cybersecurity Framework, to help it remain adaptable and a broad framework for keeping patient data secure.
The ONC blog post also discussed the S4S sites, where participants can “use an application to securely access and share EHR-based clinical data with the All of Us Research Program,” Caban and Chaney stated.
“Harvard Medical School and four leading EHR companies are developing, testing, and implementing application programming interface (API) endpoints within patient portals at selected care provider sites,” the duo explained. “Eventually, as the program expands beyond the pilot sites, more participants will be able to share EHR-based clinical data via S4S with the All of Us Research Program and, eventually, other research studies.”
Finally, the Sync for Genes pilot was also launched. This will focus on strengthening genomic data sharing, according to ONC.
Five pilot groups were launched in January 2017, and their feedback will “ensure the development of open source validation scripts and implementation guidance documents to support needs in the field of genomics for others to utilize.”
The groups and their respective focuses are the following:
- Counsyl with Intermountain Healthcare (Family Health History Genetics);
- Food and Drug Administration (Sequencing Quality and Regulatory Genomics);
- Foundation Medicine with Vanderbilt University Medical Center (Somatic/Tumor Testing);
- Illumina (NGS Sequencing Solutions);
- National Marrow Donor Program/Be The Match (Tissue Matching)
PMI is part of an overall collaboration between ONC, NIH, OCR, the Department of Defense, and the Department of Veterans Affairs.
“PMI will advance the nation’s ability to accelerate scientific discovery and improve clinical care through an innovative approach that takes into account individual differences in people’s genes, environments, and lifestyles,” Caban and Chaney said. “Put simply, PMI will enable us to better predict which treatments will be most effective for which patients – and health information technology (health IT) is foundational to achieving its promise.”
While PMI holds potential benefits for the healthcare industry, data privacy and security concerns have been raised before.
The Johns Hopkins Hospital and Health System Senior Counsel Jennifer Kulynych, JD, PhD explained in a recent opinion piece in the Oxford University Press that precision medicine guidelines need to be updated to account for new health data privacy threats.
“Research and medical privacy regulations, as currently interpreted, allow review boards to waive patient consent, and even allow researchers to call DNA sequences ‘de-identified,’ data, a category without oversight or privacy protection,” Kulynych wrote. “Newly-announced changes to federal research regulations simply broaden the scope of these practices.”
Patients need to be kept informed on how their data is being used, she stressed. Data re-identification is just one potential privacy risk, and individuals need to understand that possible outcome.
“If patients remain unaware and regulators are reluctant to question the status quo, they’ll be few incentives for improvement,” Kulynych stated. “Unless we raise the bar on research data security, however, patients, though they may benefit from better care, will assume unreasonable and unnecessary privacy risks as their data is shared in the pursuit of precision medicine.”