Genomics Research: Privacy Issues
Security Measures, De-Identification Are KeyPersonalized medicine research, which relies on genetic information paired with electronic health records, could pave the way for many treatment breakthroughs. For example, diabetics could get the precise therapy they need, based on their genetics, to avoid amputations.
But because of the sensitive nature of the information involved, pioneers in this field must take extra privacy and security precautions.
The Department of Veterans Affairs has unveiled a national effort to recruit veterans to participate in an ambitious genomics research project. A website for the Million Veteran Program outlines multiple security measures for the effort. For example, DNA samples and records will be labeled with bar codes, and researchers won't have access to veteran's demographic information (See: VA Launches Genomic Research).
It will be interesting to watch whether the VA succeeds in achieving its lofty goal of signing up 1 million participants, reassuring them that their privacy will be adequately protected.
A number of other personalized medicine projects are under way across the country. For example, physicians at Ohio State University Medical Center are accessing reports within electronic health records about how certain patients' genetic makeup could influence the effectiveness of treatments. In addition, information on the patients is being added to a database that will support research.
Both aspects of the project raise privacy issues that need to be addressed, says Scott Megill, CIO at the Coriell Institute for Medical Research, which is collaborating with OSU, and many others, on personalized medicine research projects. For example, information in the database is de-identified so it can't be tied back to a patient (See: Personalized Medicine and Privacy).
The HITECH Act mandated a federal study on the issue of de-identification of data for research purposes and whether existing HIPAA regulations on the subject need to be modified (see: De-Identified Data: The Security Risks). Given that personalized medicine research is picking up steam, let's hope this overdue report comes out soon.
Other Privacy, Security Initiatives
In another ongoing effort to protect patient information, the Privacy and Security Tiger Team, which advises federal regulators, plans to tackle a number of additional issues, including determining whether more guidelines are needed on the issues of accommodating corrections to electronic health records and ensuring data integrity (see: Tiger Team Creates New 'To Do' List).At its May 4 meeting, the team also formed a subgroup that will address guidelines governing certificate authorities that issue digital certificates to authenticate those involved in health information exchange.
Meanwhile, in another consumer protection initiative, the National Strategy for Trusted Identities in Cyberspace aims to create a trusted, online ecosystem that would let users obtain a single credential as a one-time digital password - in the form of software on a mobile device, a smart card or token, for instance - to transact business safely over the Internet. Jeremy Grant, the official the federal government tapped to help kick-start the project, said in an interview this week that effort ultimately "should be led by the private sector" (see: Limited Government: Path to NSTIC).