White House releases final Precision Medicine Initiative data security framework
The White House unveiled the final data security framework for its Precision Medicine Initiative on Wednesday.
The framework, which was outlined by Health and Human Services Secretary Sylvia Burwell and Assistant to the President for Homeland Security and Counterterrorism Lisa O. Monaco, provides risk management guidelines to achieve PMI principles and applies to all participating institutions.
According to the authors there are eight guidelines in the framework: a 'participant first' system; identify key risks; provide clear expectations; share experiences; recognize rapidly-evolving security needs; best security practices; act responsibly; and preserve data integrity.
"We recognize that there is no 'one-size-fits-all' approach to managing data security," the authors wrote. The broad framework, instead, is meant to be "adaptable and responsive to the needs of multiple participating PMI groups."
The 10-page, final version of the framework expands on the National Institute of Standards and Technology Cybersecurity Framework and is meant to be "tailored to meet organization-specific requirements."
According to the authors, there are five steps involved in achieving PMI principles; identify an overall security plan; protect data through access control and education; detection of auditing events and anomaly reporting; incident response; and incident and breach recovery plan.
While "nothing in this document is intended to preclude the public posting of appropriate non-identifiable, non-individual level information, such as aggregate research data, research findings, and information about ongoing research studies," according to the authors, it's designed to assist each organization as it conducts its own comprehensive risk assessment.
"Our greatest asset in PMI is the data that participants contribute," Burwell and Monaco wrote in a blog post announcing the final framework. "And we want to make sure participants know that their data is protected."
The Office of the National Coordinator for Health Information Technology and the Office for Civil Rights will partner with NIST and other federal organizations and stakeholders to release a precision medicine-specific guide for the the NIST Cybersecurity Framework by the end of this year.