Data security framework released for Obama’s Precision Medicine Initiative
John Gregory | May 26, 2016 | Health Exec | Policy & Regulations

The final version of the policy principles governing data security efforts within President Barack Obama’s Precision Medicine Initiative (PMI) has been released.

In a blog post, HHS Secretary Sylvia Burwell said the framework, while not a set of firm guidelines, offers organizations looking to participate in PMI some idea of the security expectations involved in the program.

“We recognize that there is no one-size-fits-all approach to managing data security," Burwell wrote. “This is why the Security Framework, which builds on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, is designed to be adaptable and responsive to the needs of multiple participating PMI groups, providing a broad framework for protecting participants’ data.”  

Applying the NIST framework had been applauded by groups such as HIMSS at the draft stage.

The principles organizations are being asked to follow include building a system which inspires confidence in participants, developing risk management plans, minimizing exposure of patient data, and not using security concerns to deny a patient access to their own data.

In more specific terms, the framework outlines five broad categories “to assess cybersecurity and data security functions:”

  • Identify: develop an overall security and risk management plan, including physical security of PMI data storage locations and bringing in an outside party to review security plans
  • Protect: create strict verification procedures for anyone who may have access or contributing to PMI data and use strong encryption for data which could identify an individual
  • Detect: conduct regular audits and share information about threats with other organizations
  • Respond: develop and test plans on how to respond to security incidents
  • Recover: groups will be required to have an “incident breach and recovery plan” on how to restore service, recover data, and improve security after a breach

Burwell said the Office of the National Coordinator for Health IT will be in charge of developing more specific guidelines, due to be released in December. 

""
John Gregory, Senior Writer

John joined TriMed in 2016, focusing on healthcare policy and regulation. After graduating from Columbia College Chicago, he worked at FM News Chicago and Rivet News Radio, and worked on the state government and politics beat for the Illinois Radio Network. Outside of work, you may find him adding to his never-ending graphic novel collection.

Related Content

Private equity bankruptcies in healthcare explode 112% in 5 years
Boston Scientific recalls premixed embolic agent after two deaths
Atrium Health sued for violating patient privacy, sharing data with Facebook and Google
Massive data trove from Change Healthcare hack now for sale on dark web
Change Healthcare faces second ransom as cybercriminals leak stolen data
The growing shortage or general cardiologists and recruiting crisis in rural America

Design by Adaptive Theme
Trimed Popup
Trimed Popup