The White House has released a framework that aims to ensure security of health care data as part of President Barack Obama’s Precision Medicine Initiative that seeks to help clinicians customize treatments based on the patients’ needs.
A White House blog post published Wednesday says the Data Security Policy Principles and Framework is based on the National Institute of Standards and Technology’s Cybersecurity Framework and intends to provide precision medicine agencies and organizations a risk management approach to data security.
Sylvia Burwell, secretary of the Department of Health and Human Services, co-wrote the post with Lisa Monaco, assistant to the president for homeland security and counterterrorism.
The document outlines eight principles that precision medicine organizations can implement to protect patients’ data under PMI.
These include the development of management and evaluation plans that seek to address data security risks, use of security controls to safeguard data and creation of a system that can be trusted by program participants.
The framework also recommends several measures that PMI institutions can adopt in order to protect data from cyber threats and other vulnerabilities.
These measures call for organizations to develop a risk-based security plan, subject such plans to independent third-party assessments, protect data through implementation of access controls, data encryption and training, as well as detect data security risks through audit logs and threat information sharing.
