Big Data Security Analytics , Electronic Healthcare Records , Governance & Risk Management

'All of Us' Research Project: The Privacy Risks

Attorney Kirk Nahra Discusses Rollout of Massive Precision Medicine Effort
'All of Us' Research Project: The Privacy Risks
Privacy attorney Kirk Nahra of law firm Wiley Rein

Although the National Institutes of Health is implementing strong privacy measures as it begins its effort to enroll 1 million volunteers to contribute data to its "All of Us" precision medicine research project, there are still risks involved, says privacy attorney Kirk Nahra.

Patients are being invited to share their electronic health records and other sensitive data, such as genomic information, for use in research. The goal of the effort is to help advance medical discoveries and more personalized treatments (see Precision Medicine: 'Big Data' Security, Privacy Concerns).

The NIH's data protection efforts for the project include a framework for security principles and a framework for privacy/trust principles.

"What they've tried to do with this system is build a better mouse trap," he says. "Certainly, everybody that's involved in security and security policy recognizes that while there's no perfect standard for security, and no way to reduce realistic risk to zero, what we can do is reduce that risk to pretty small levels."

The privacy practices being implemented, Nahra says, "are very strict standards designed to provide very strong protections. Does that mean there are no risks? Of course not."

In the interview (see audio link below photo), Nahra also discusses:

  • Potential privacy considerations concerning genomic data;
  • Why the security of the NIH project will be potentially more robust than that of many legacy government systems, such as those at the Office of Personnel Management, that have been breached;
  • Advice for patients and healthcare entities considering participation.

As a partner at the law firm Wiley Rein LLP, Nahra specializes in privacy and information security issues, as well as other healthcare, insurance fraud and compliance issues. He's a member of the board of directors of the International Association of Privacy Professionals and was co-chair of the Confidentiality, Privacy and Security Workgroup, a former panel of government and private-sector privacy and security experts advising the American Health Information Community.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.