World Privacy Forum questions adequacy of PMI privacy principles

The World Privacy Forum says privacy principles set forth for the Precision Medicine Initiative "lack detail and fail to address underlying legal requirements and protections." 

In a research paper published this week, the organization notes that the HIPAA Privacy Rule will not apply to the research, and that the principles "appear to be voluntary and lack important legal and administrative details."

The current privacy principles in place for the initiative were created by the White House with help from experts working both inside and outside the government. They include categories such as transparency to participants and the public; respect for participant preferences; and appropriate data sharing, access and use.

In the paper, WPF outlines its privacy concerns for the PMI and identifies issues that should be addressed. Some recommendations the authors make include:

  • The structure and organization of the initiative must be detailed so privacy protections can be assessed, and participants must know who will maintain their data.
  • Uses and disclosures of the data for security and law enforcement purposes should be clarified.
  • There is "immediate need" for a Privacy Impact Assessment, which then should be open for public comment.
  • Privacy rules should be described as covering health records, administrative records and monitoring from health devices and mHealth tools.

"Creating a national database of health and genetic information for medical research is a laudable goal," the authors conclude. "However, creating a large new health information databased without clear privacy laws and rules that protect individuals' medical data and gives them enforceable rights and the potential for negative consequences for individual donors."

However, Jocelyn Samuels, director of the Health and Human Services Department's Office for the Civil Rights, said during Health Datapalooza last week that her agency has been heavily involved in the program, especially regarding privacy.

OCR, she said, has been working with the National Institutes of Health, the U.S. Food and Drug Administration and the Office of the National Coordinator for Health IT "to ensure that the privacy and security principles that govern the Precision Medicine Initiative will be adequate to ensure protection of the information that is contributed."

She added that the security principles will be finalized "shortly."

To learn more:
- download the paper