This page is for the precision medicine community to use as the basis for their own data security needs. Data security is a constantly evolving field and new threats are identified every day. Over time, these principles and this framework will need to be updated to be responsive to changing circumstances and new threats. Nothing in this page is intended to preclude the public posting of appropriate non-identifiable, non-individual level information, such as aggregate research data, research findings, and information about ongoing research studies. Many of the principles below already may be required of certain PMI organizations by other applicable laws. PMI organizations will comply with all applicable laws and regulations governing privacy, security, and the protection of PMI data at every stage of data collection, storage, analysis, maintenance, use, disclosure, exchange, and dissemination.
This page was developed through a collaborative interagency process with input from the Office of Science and Technology Policy; National Security Council; U.S. Digital Service; National Institute for Standards and Technology; Federal Trade Commission; Department of Veterans Affairs; Department of Defense; and Department of Health and Human Services, including its Office for Civil Rights, Office of the National Coordinator for Health IT, National Institutes of Health, Food and Drug Administration, and Centers for Medicare and Medicaid Services. These principles and this framework were informed by a series of roundtables with security experts from private industry and academia, and a review of existing data security resources.
All Federal Departments and Agencies that participate in PMI commit to implement and enforce the principles and framework outlined in this page where applicable to their activities.
Security requires a continuous set of evolving processes and controls to address both internal and external threats, and assure the confidentiality,1 integrity,2 and availability3 of data generated and contributed during precision medicine activities. Organizations conducting precision medicine-type research should recognize that ensuring data security will be an ongoing process, and should strive to use current best practices. Given that security best practices are highly dependent on context, each organization will need to conduct its own comprehensive risk assessment to identify specific security requirements and establish processes to continuously review and make improvements.
Participant-contributed data is the foundational asset of PMI, and participants deserve assurance that it is being protected and used responsibly. In order to establish trust and encourage widespread participation and donation of health data, PMI organizations should adopt consistent policies and practices, provide clarity about objectives and expectations, and be transparent about systems and data use.
A few unique considerations of precision medicine that guided the development of this page include:
- The types of data used for PMI activities could include, but are not limited to, clinical and insurance claims data, survey and demographic data, genomic and other biospecimen-derived data, and mobile, implantable, or other equipment or device data, all of which may be stored electronically or on paper. This data is referred to throughout this page as PMI data. PMI data is highly sensitive for participants and requires a high level of security and privacy protection.
- This page is intended to be used by PMI organizations, such as institutions, service providers, or other entities that collect, use, analyze, or share PMI data.
- The primary users of PMI data include individual participants, researchers, developers, citizen scientists,4 and health care providers.
- PMI organizations have the freedom to take advantage of system architectures that meet their needs, including security needs, such as cloud or enclave approaches.
This page addresses security measures for PMI data, which includes the data and metadata associated with biospecimens collected as part of PMI activities. There are other requirements related to physical security that PMI organizations should consider that are beyond the scope of this page.
De-identification is the removal of identifying information (such as name, date of birth, address, social security number) from a dataset so that information is not directly or indirectly linked with specific individuals. De-identification is a significant technical control that PMI organizations should employ where appropriate, that can help protect the privacy of a participant. However, no de-identification process guarantees that individuals can never be re-identified. Therefore, PMI organizations should not rely on de-identification alone as a security control or as a privacy protecting technique.
1. A loss of confidentiality is the unauthorized use or disclosure of information.
2. A loss of integrity is the unauthorized modification or destruction of information.
3. A loss of availability is the disruption of authorized access to or use of information or an information system.
4. In citizen science, the public participates voluntarily in the scientific process, addressing real-world problems in ways that may include formulating research questions, conducting scientific experiments, collecting and analyzing data, interpreting results, making new discoveries, developing technologies and applications, and solving complex problems.