The White House has released its final Data Security Policy Principles and Framework for the Precision Medicine Initiative.
The document sets expectations for organizations participating in the initiative, and government agencies have committed to integrating it into all PMI activities, according to a White House blog post.
"Given that security best practices are highly dependent on context, each organization will need to conduct is own comprehensive risk assessment to identify specific security requirements and establish processes to continuously review and make improvements," the document states.
The principles include creating a system that builds trust through a "participant first" approach; identifying key risks and developing plans to mitigate them; and seeking to maintain data integrity so researchers and others can trust it.
The security framework is based on the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure. It focuses on five simultaneous and continuous functions:
- Identify, which includes implementing a comprehensive risk-based security plan
- Protect, which covers factors such as identity and access management, encryption and lifecycle management
- Detect, which includes continuous surveillance and alerting mechanisms
- Respond, requires having a clear response plan and regularly testing it
- Recover, means having a clear plan for emergency response, backup operations, and post-incident recovery of data
The security document builds on the PMI Privacy and Trust Principles released last November. Earlier this month, the World Privacy Forum questioned whether those principles will be adequate.
To learn more:
- here's the framework (.pdf)
- read the blog post