Maintaining Health Data Privacy in Precision Medicine Push

Elizabeth Snell | Health IT Security | March 31, 2017

Covered entities must ensure that they prioritize health data privacy as they continue utilizing precision medicine options.

As cybersecurity threats continue to evolve and put PHI at risk, precision medicine guidelines need to be updated to account for new health data privacy threats, according to a recent opinion piece published in the Oxford University Press. The Johns Hopkins Hospital and Health System Senior Counsel Jennifer Kulynych, JD, PhD explained that data re-identification methods are not foolproof, and it can be difficult to determine exactly how individuals’ genomes are being used.

“This realization is colliding with research norms that permit the relatively free exchange of patients’ medical information,” Kulynych wrote. “Research and medical privacy regulations, as currently interpreted, allow review boards to waive patient consent, and even allow researchers to call DNA sequences ‘de-identified,’ data, a category without oversight or privacy protection. Newly-announced changes to federal research regulations simply broaden the scope of these practices.”

Kulynych noted that while HIPAA regulations accounted for an individual’s fingerprint to be protected under re-identification requirements, the genome was not. Now, databases containing genomes and medical histories are increasing in popularity. “Unlike a medical record number or credit card number, genome sequences, unique and permanent, can’t be replaced when compromised, and sequence data are a wellspring of  information about health risks, ancestry, and sometimes, unexpected parenthood,” Kulynych said...