Precision Medicine: 'Big Data' Security, Privacy ConcernsAttorney Kirk Nahra Discusses the Key Challenges in Massive Initiative
The Precision Medicine Initiative announced earlier this year by the Obama administration is the ultimate healthcare big data project and faces many security and privacy challenges, says attorney Kirk Nahra.
In his State of the Union address last January, President Obama announced the project that seeks to personalize and improve disease treatment and prevention by taking into account an individual's health and genetic information, as well as environmental and lifestyle factors.
The National Institutes of Health says the effort aims to enroll 1 million volunteers to share their health data and provide a biospecimen for genetic testing. Researchers will use the massive database to help expand the knowledge of approaches for precision medicine - also known as personalized medicine.
"We have research projects all the time, all over the place - but this is bigger and more organized and has the particular goal of trying to use healthcare big data to see if we can drill down and try to personalize treatments and behaviors that are really driven by individual components," Nahra says in an interview with Information Security Media Group.
Big Data Concerns
"Security is an issue [in this project] because you have such an enormous volume of data, including very sensitive data about lots of people," he says. "So the security issues aren't any different than you'd see in any big healthcare setting, [but] the privacy components are a little different and something that the government is trying to be very clear and explicit about when they are enrolling people into this program."
The key privacy challenges facing the Precision Medicine Initiative involve the question of "what can be done with the data being collected," Nahra says. "For instance, if you have this kind of data about a person's genetic information and the likelihood of them getting [certain] diseases, you have privacy concerns if that data - instead of being used to identify a potential cure for you - was used by your insurance company, or your employer or someone else to make judgments about you going forward. In this project, the government is trying to be very clear that that's not what they have in mind. They want to set up very clear rules about what's going to happen to this data, but that's the kind of thing you worry about for privacy."
The data collection project also raises security concerns because of recent hacker attacks in the healthcare arena, Nahra says. "When you see all the cyberattacks going on across big computer databases - well, this is going to be a big computer database. The government is going to try building top-class security protections, but when you read the headlines ... you see that even very strong security standards often don't protect against people who really want to get into your systems."
In the interview, Nahra also discusses:
- Ways the Precision Medicine Initiative differs from other big data efforts in the healthcare sector;
- Privacy and security considerations for healthcare providers and researchers participating in the project;
- Recommendations recently issued by the Department of Health and Human Services' Office of the National Coordinator for Health IT concerning the privacy and security of big data in healthcare.
As a partner at the law firm Wiley Rein LLP, Nahra specializes in privacy and information security issues, as well as other healthcare, insurance fraud and compliance issues. He's a long-time member of the board of directors of the International Association of Privacy Professionals and was co-chair of the Confidentiality, Privacy and Security Workgroup, a former panel of government and private-sector privacy and security experts advising the American Health Information Community.