Data security framework released for Obama’s Precision Medicine Initiative

John Gregory | | Health Exec | Policy & Regulations

The final version of the policy principles governing data security efforts within President Barack Obama’s Precision Medicine Initiative (PMI) has been released.

In a blog post, HHS Secretary Sylvia Burwell said the framework, while not a set of firm guidelines, offers organizations looking to participate in PMI some idea of the security expectations involved in the program.

“We recognize that there is no one-size-fits-all approach to managing data security," Burwell wrote. “This is why the Security Framework, which builds on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, is designed to be adaptable and responsive to the needs of multiple participating PMI groups, providing a broad framework for protecting participants’ data.”  

Applying the NIST framework had been applauded by groups such as HIMSS at the draft stage.

The principles organizations are being asked to follow include building a system which inspires confidence in participants, developing risk management plans, minimizing exposure of patient data, and not using security concerns to deny a patient access to their own data.

In more specific terms, the framework outlines five broad categories “to assess cybersecurity and data security functions:”

  • Identify: develop an overall security and risk management plan, including physical security of PMI data storage locations and bringing in an outside party to review security plans
  • Protect: create strict verification procedures for anyone who may have access or contributing to PMI data and use strong encryption for data which could identify an individual
  • Detect: conduct regular audits and share information about threats with other organizations
  • Respond: develop and test plans on how to respond to security incidents
  • Recover: groups will be required to have an “incident breach and recovery plan” on how to restore service, recover data, and improve security after a breach

Burwell said the Office of the National Coordinator for Health IT will be in charge of developing more specific guidelines, due to be released in December. 

""
John Gregory, Senior Writer

John joined TriMed in 2016, focusing on healthcare policy and regulation. After graduating from Columbia College Chicago, he worked at FM News Chicago and Rivet News Radio, and worked on the state government and politics beat for the Illinois Radio Network. Outside of work, you may find him adding to his never-ending graphic novel collection.

Related Content

Texas AG sues hospital for $10K after off-duty police barred from carrying guns
Cardiologists reflect on developing primary PCI in face of criticism and pushback
PBMs sue FTC for alleged Fifth Amendment violation
FDA issues Class I alert on Philips ventilators after 4 injuries
Trump selects Emmy-winning TV personality Dr. Oz to head CMS
FDA issues Class I recall of infusion pump batteries due to risk of burns

Around the web

Cardiovascular Business
Payment cuts and beyond: Key takeaways for cardiologists from the 2025 Medicare Physician Fee Schedule

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

AI in Healthcare
A modest proposal to rally AI regulators around a simple game plan

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

Cardiovascular Business
FDA commissioner urges clinicians to join fight against medical misinformation

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Design by Adaptive Theme
Trimed Popup
Trimed Popup