Data security framework released for Obama’s Precision Medicine Initiative

The final version of the policy principles governing data security efforts within President Barack Obama’s Precision Medicine Initiative (PMI) has been released.

In a blog post, HHS Secretary Sylvia Burwell said the framework, while not a set of firm guidelines, offers organizations looking to participate in PMI some idea of the security expectations involved in the program.

“We recognize that there is no one-size-fits-all approach to managing data security," Burwell wrote. “This is why the Security Framework, which builds on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, is designed to be adaptable and responsive to the needs of multiple participating PMI groups, providing a broad framework for protecting participants’ data.”  

Applying the NIST framework had been applauded by groups such as HIMSS at the draft stage.

The principles organizations are being asked to follow include building a system which inspires confidence in participants, developing risk management plans, minimizing exposure of patient data, and not using security concerns to deny a patient access to their own data.

In more specific terms, the framework outlines five broad categories “to assess cybersecurity and data security functions:”

  • Identify: develop an overall security and risk management plan, including physical security of PMI data storage locations and bringing in an outside party to review security plans
  • Protect: create strict verification procedures for anyone who may have access or contributing to PMI data and use strong encryption for data which could identify an individual
  • Detect: conduct regular audits and share information about threats with other organizations
  • Respond: develop and test plans on how to respond to security incidents
  • Recover: groups will be required to have an “incident breach and recovery plan” on how to restore service, recover data, and improve security after a breach

Burwell said the Office of the National Coordinator for Health IT will be in charge of developing more specific guidelines, due to be released in December. 

""
John Gregory, Senior Writer

John joined TriMed in 2016, focusing on healthcare policy and regulation. After graduating from Columbia College Chicago, he worked at FM News Chicago and Rivet News Radio, and worked on the state government and politics beat for the Illinois Radio Network. Outside of work, you may find him adding to his never-ending graphic novel collection.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.