White House posts data security framework for Precision Medicine

White House
(By AgnosticPreachersKid (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons)

The White House has released a data security framework to help organizations participating in the Precision Medicine Initiative (PMI) protect information on individuals. Officials have opted against taking a prescriptive approach and have instead tried to create a framework that organizations can adapt to their specific needs and responsibilities.

In drafting the text, the White House has leaned heavily on the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, a document that was put together in 2014 to help the U.S. protect key resources from cyberattack. Like the NIST text, the PMI security framework is split into 5 sections: identify, protect, detect, respond and recover. The White House wants contributors to the PMI to continuously perform activities outlined in each of these sections.

Sponsored by GenScript

Accelerate Biologics, Gene and Cell Therapy Product Development partnering with GenScript ProBio

GenScript ProBio is the bio-pharmaceutical CDMO segment of the world’s leading biotech company GenScript, proactively providing end-to-end service from drug discovery to commercialization with professional solutions and efficient processes to accelerate drug development for customers.

Participants in the PMI are expected to have an overall risk-based security plan and a governance body that ensures it is followed and up to date. The White House is requesting that organizations seek the support of third parties with this task, specifically by bringing people in to review the vulnerability of the system, assess the extent to which users are sticking to the plan and propose improvements. PMI participants will also be exposed to further outside scrutiny, as the White House expects them to post a high-level overview of their security plans publicly.

“The security framework emphasizes transparency with participants, the public and with other precision medicine organizations so that groups can learn from each other’s experiences and challenges,” government officials wrote in an introduction to the framework.

Other aspects of the framework cover the access-control measures organizations can take to protect data, the continuous processes that are needed to detect unusual activities and how to respond to and recover from security incidents.

Given the sensitivity of the data expected to be gathered under PMI, it is important that the initiative gets security and privacy right. Health data initiatives in other parts of the world, notably care.data in the United Kingdom, have been hamstrung by their failure to reassure the public that their data will be kept securely and used appropriately.

- read the statement
- and the framework (PDF)

Suggested Articles

National COVID-19 test shortages have emphasized testing’s critical role in containing and mitigating the pandemic, but inconvenient truths remain.

Zimmer Biomet has signed a deal to buy A&E Medical, maker of open chest surgery tools, for $250 million in cash.

Roche has received authorization from the FDA for a more accurate COVID-19 blood test capable of measuring the levels of specific antibodies.