Genomics sequencing is the next big thing in big data. As part of Precision Medicine, sequencing can lead to highly individualized treatment that can save lives. But to fully realize its potential, sequencing from millions of patients must be subjected to rigor of research analytics. And there, as the Bard said, is the rub: Who is the keeper of this type of data? How will it be safeguarded as it whizzes across cyberspace to researchers and clinicians?
In short, many are asking: must one take a privacy leap of faith to advance medical science in this way? Yes, argues Kathy Giusti, Founder of the Multiple Myeloma Foundation. The privacy risk, she argues, is well worth it” “Donate your data” to science, she says. Were it that simple.
At the Wired Business Conference held in New York on May 12, 2015 DJ Patil, Deputy CTO for Data Policy and Chief Data Scientist USA, told the audience that privacy concerns have loomed large in Precision Medicine discussions at the White House. A large database, probably housed at the federal level, is required for genomics analytics, he said, and large databases carry large privacy concerns. Will patients trust the U.S. government with this information? Genomics data can be the basis of discrimination in many things form employment to insurance, which was a concern that led to passage of the Genetic Information Nondiscrimination Act (“GINA”).
The private sector will be involved in the security analysis as well. Researchers at academic medical institutions across the U.S. and elsewhere convey these most sensitive data to each other electronically, and are required to adhere to requirements that may include strong encryption in transit and at rest (in storage) as well.
Big databases and transmissions of big data make very attractive targets to hackers. HIPAA requires periodic security risk assessments of such repositories, and the volume and visibility of genomics data in Precision Medicine heightens the critical nature of these analyses. Now that Precision Medicine is being discussed at the highest levels of government, the Office of Civil Rights of the U.S. Department of Health and Human Services will, no doubt, pay very careful attention to the pertinent data security requirements in audits of academic and private sector genomics research facilities.
The time to prepare data security policies, train the workforce on those protocols, test system vulnerabilities and prepare for possible audits is, if not yesterday, then now, and with urgency.
If you have questions about cybersecurity requirements for genomic and other medical research data, please contact Kenneth N. Rashbaum.