The White House is soliciting public comments on its Proposed Privacy and Trust Principles (the Proposed Principles) for the Precision Medicine Initiative (PMI). PMI is a federal initiative to support research, technology and policies that enable the development of individualized treatments, and is backed by a $215 million investment under President Obama’s 2016 Budget.
The 2014 White House Big Data Report identified healthcare delivery as one of the areas of greatest potential in harnessing big data, as well as an area involving especially sensitive personal information. The Proposed Principles set forth core values and strategies to minimize the risks inherent in large-scale data collection, analysis and sharing. The issuance of this proposal reflects a view by the White House that the success of PMI will depend heavily on the ability of PMI to prioritize and protect the privacy and security of individually identifiable health information. This is a unique opportunity for stakeholders to weigh in on federal policy that has the dual objectives of advancing scientific research and ensuring the privacy and security of personal information. Comments are due on August 7, 2015.
The Proposed Privacy and Trust Principles
As part of its commitment to protect the privacy of the PMI research cohort, the White House convened an interagency working group to develop the data privacy principles for PMI. These Proposed Principles provide guidance on governance, transparency, reciprocity, respect for participant preferences, data sharing, access and use, data quality and integrity and security, as described further below.
Governance: The PMI cohort should be planned and conducted in partnership with the main stakeholders. The central governance system should be dynamic and transparent so that there is continuous assessment of policies and practices to ensure scientific, technological and ethics-related developments remain current. The Principles recognize that the potential for research conducted using PMI cohort data to lead to stigmatization or other social harms should be identified and evaluated through meaningful and ongoing engagement with relevant communities.
Transparency: To ensure participants remain adequately informed, information should be provided at the point of initial engagement and periodically thereafter. Such information should be communicated to participants clearly and conspicuously, and information concerning PMI cohort data use, protection and access should be publicly available. Participants should receive prompt notification in the event of a breach of their personal information. All data users would be expected to publish or post publicly their summary research findings, regardless of the outcomes, as a condition of data use.
Reciprocity: The PMI cohort should facilitate participants’ access to the medical information they contribute to PMI, and innovative and responsible ways of sharing research data with participants should be explored, such as sharing aggregate research data and findings.
Respect for Participant Preferences: Efforts should be made to engage and recruit individuals and communities with varied preferences and risk tolerances concerning data collection, sharing and use. Participants should be able to withdraw their consent for future research use and data sharing at any time and for any reason, but would not be able to withdraw consent for use in aggregate data sets or used in past or ongoing studies.
Data Sharing, Access and Use: Multiple tiers of data access based on data type, data use and user qualifications should be employed to ensure that privacy is safeguarded and public trust is maintained. Policies and mechanisms should be implemented to ensure the privacy and security of the data, such as data-sharing agreements and a prohibition on unauthorized re-identification or re-contacting of participants.
Data Quality and Integrity: The PMI governance structure should include mechanisms to ensure that the quality and integrity of PMI cohort data is maintained and is accurate, relevant, complete and appropriately up-to-date at all stages of access (collection, maintenance, use and dissemination).
Security: A robust data security framework should be developed, and should be integrated into the architecture of the PMI cohort from the start. The security framework should identify state-of-the-art administrative, technical and physical safeguards to ensure the confidentiality and integrity of all PMI cohort specimens and data.