The Security Scrutinizer with Howard Anderson

Genomics Research: Privacy Issues

Security Measures, De-Identification Are Key

Personalized medicine research, which relies on genetic information paired with electronic health records, could pave the way for many treatment breakthroughs. For example, diabetics could get the precise therapy they need, based on their genetics, to avoid amputations.

But because of the sensitive nature of the information involved, pioneers in this field must take extra privacy and security precautions.

The Department of Veterans Affairs has unveiled a national effort to recruit veterans to participate in an ambitious genomics research project. A website for the Million Veteran Program outlines multiple security measures for the effort. For example, DNA samples and records will be labeled with bar codes, and researchers won't have access to veteran's demographic information (See: VA Launches Genomic Research).

It will be interesting to watch whether the VA succeeds in achieving its lofty goal of signing up 1 million participants, reassuring them that their privacy will be adequately protected.

A number of other personalized medicine projects are under way across the country. For example, physicians at Ohio State University Medical Center are accessing reports within electronic health records about how certain patients' genetic makeup could influence the effectiveness of treatments. In addition, information on the patients is being added to a database that will support research.

Both aspects of the project raise privacy issues that need to be addressed, says Scott Megill, CIO at the Coriell Institute for Medical Research, which is collaborating with OSU, and many others, on personalized medicine research projects. For example, information in the database is de-identified so it can't be tied back to a patient (See: Personalized Medicine and Privacy).

The HITECH Act mandated a federal study on the issue of de-identification of data for research purposes and whether existing HIPAA regulations on the subject need to be modified (see: De-Identified Data: The Security Risks). Given that personalized medicine research is picking up steam, let's hope this overdue report comes out soon.

Other Privacy, Security Initiatives

In another ongoing effort to protect patient information, the Privacy and Security Tiger Team, which advises federal regulators, plans to tackle a number of additional issues, including determining whether more guidelines are needed on the issues of accommodating corrections to electronic health records and ensuring data integrity (see: Tiger Team Creates New 'To Do' List).

At its May 4 meeting, the team also formed a subgroup that will address guidelines governing certificate authorities that issue digital certificates to authenticate those involved in health information exchange.

Meanwhile, in another consumer protection initiative, the National Strategy for Trusted Identities in Cyberspace aims to create a trusted, online ecosystem that would let users obtain a single credential as a one-time digital password - in the form of software on a mobile device, a smart card or token, for instance - to transact business safely over the Internet. Jeremy Grant, the official the federal government tapped to help kick-start the project, said in an interview this week that effort ultimately "should be led by the private sector" (see: Limited Government: Path to NSTIC).



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.