White House releases precision medicine data security framework

It’s part of a larger effort to use data on patients' genetics, environment and lifestyle to find ways to better treat diseases, like cancer.
Obama speaks on a precision medicine panel with The Atlantic's Dr. James Hamblin (far left), Sonia Vallabh, doctoral student at the Broad Institute of MIT and Harvard (near right); Howard Look, president, CEO and founder of Tidepool; Dr. W. Marston Linehan, chief of the Urologic Oncology Branch, National Cancer Institute. (Whitney Blair Wyckoff/FedScoop)

The Obama administration released the data security framework for its Precision Medicine Initiative — a push to use patients’ genetic, environmental and lifestyle data to find better ways to treat illnesses.

A critical part of the initiative is a plan to establish a million-person research cohort that would allow scientists to examine oodles of data for new insights on a range of conditions, like cancer. The Data Security Policy Principles and Framework establishes a structure for protecting the personal health information of anyone participating in the initiative’s programs.

In a blog post, Secretary of Health and Human Services Sylvia Mathews Burwell and Lisa O. Monaco, assistant to the president for homeland security and counterterrorism, said the framework ensures that universities, companies and agencies involved in the PMI “put the security of participants’ information first.”

“Our greatest asset in PMI is the data that participants contribute, and we want to make sure participants know that their data is protected,” they wrote in a blog post Wednesday.


The president unveiled his plans for the precision medicine program during his 2015 State of the Union address. Earlier this year, the White House unveiled a draft framework for public comment when it kicked off several major projects to support the Precision Medicine Initiative.

[Read: White House launches precision medicine projects]

The 10-page final framework builds on the National Institute of Standards and Technology’s Cybersecurity Framework. It hinges on eight overarching principles, including that organizations ensure data integrity, identify and address risks, and share their experiences.

The framework is meant to be flexible enough that the various groups participating in the PMI can tailor it to suit their needs.

“We recognize that there is no ‘one-size-fits-all’ approach to managing data security,” Burwell and Monaco wrote. They add, “Organizations can use the framework to develop detailed implementation guidelines that address their specific data security needs. With this flexibility, we can make use of rapid evolutions in medicine, research and technology while still protecting participants’ information.”


Contact the reporter on this story via email, or follow her on Twitter @whitneywyckoff. Sign up for all the federal IT news you need in your inbox every morning at 6:00 here:

Latest Podcasts