Although the National Institutes of Health is implementing strong privacy measures as it begins its effort to enroll 1 million volunteers to contribute data to its "All of Us" precision medicine research project, there are still risks involved, says privacy attorney Kirk Nahra.
Patients are being invited to share their electronic health records and other sensitive data, such as genomic information, for use in research. The goal of the effort is to help advance medical discoveries and more personalized treatments (see Precision Medicine: 'Big Data' Security, Privacy Concerns).
"What they've tried to do with this system is build a better mouse trap," he says. "Certainly, everybody that's involved in security and security policy recognizes that while there's no perfect standard for security, and no way to reduce realistic risk to zero, what we can do is reduce that risk to pretty small levels."
The privacy practices being implemented, Nahra says, "are very strict standards designed to provide very strong protections. Does that mean there are no risks? Of course not."
In the interview (see audio link below photo), Nahra also discusses:
- Potential privacy considerations concerning genomic data;
- Why the security of the NIH project will be potentially more robust than that of many legacy government systems, such as those at the Office of Personnel Management, that have been breached;
- Advice for patients and healthcare entities considering participation.
As a partner at the law firm Wiley Rein LLP, Nahra specializes in privacy and information security issues, as well as other healthcare, insurance fraud and compliance issues. He's a member of the board of directors of the International Association of Privacy Professionals and was co-chair of the Confidentiality, Privacy and Security Workgroup, a former panel of government and private-sector privacy and security experts advising the American Health Information Community.