Dive Brief:
- The Obama administration released its final data policy framework establishing security expectations for organizations that participate in the Precision Medicine Initiative (PMI).
- The 10-page framework, which builds on the National Institute of Standards and Technology’s cybersecurity framework, is intended to be adaptable to the various participating PMI groups and aimed at providing a broad framework for protecting data and transparency.
- The Mayo Clinic announced Thursday it will be receiving $142 million in funding over five years from the National Institutes of Health (NIH) to serve as the national PMI biobank.
Dive Insight:
In February, the White House announced more than 40 major commitments from the private sector, including seven from electronic health record firms, to advance precision medicine and released a draft policy on data security principles.
The risk-based framework, includes eight overarching principles:
- Strive for a “participants first” orientation that engenders trust;
- Ensure that security processes are adaptable and updatable to keep pace with technological advances;
- Seek to preserve data integrity;
- Identify key risk to security, while enabling research to progress;
- Develop clear expectations and transparency around security processes;
- Ensure that security controls protect data, while maintaining access to those who need the data;
- Minimize exposure of participant data; and
- Share experiences and challenges with other PMI organizations.
In releasing its plan, the White House emphasized that there is “no ‘one-size-fits-all’ approach” to managing PMI security. “Our greatest asset in PMI is the data that participants contribute, and we want to make sure participants know that their data is protected,” the administration said in a statement.
The Office of the National Coordinator for Health Information Technology and HHS’ Office of Civil Rights plans to publish precision medicine-specific guidance to the NIST cybersecurity framework by the end of the year.