SlideShare a Scribd company logo

Bio it 2014-published

T
Toby Bloom

Security and Regulatory issues in clinical genomics

Health & Medicine
1 of 26
Download to read offline
© 2013 New York Genome Center 1NYGC PRIVILEGED & CONFIDENTIAL Privacy, Regulatory and Security Requirements in a Collaborative Clinical Genomics Environment TOBY BLOOM, PH.D BIO-IT WORLD APRIL 29, 2014
© 2013 New York Genome Center 2NYGC PRIVILEGED & CONFIDENTIAL NYGC OVERVIEW Independent, non-profit research organization Founded as a collaboration of 12 NYC medical institutions Focused on clinical genomics Expecting to handle PHI, HIPAA regulations, FISMA-moderate security from the beginning. Merging many kinds of data The center’s mission is to save lives by creating an unprecedented collaboration of technology, science and medicine.
© 2013 New York Genome Center 3NYGC PRIVILEGED & CONFIDENTIAL MEMBER INSTITUTIONS
© 2013 New York Genome Center 4NYGC PRIVILEGED & CONFIDENTIAL NEW YORK BIOMEDICAL COMMUNITY Fostering Collaboration Enhancing efficiencies Promoting advances in medicine faster Sharing data is essential!!
© 2013 New York Genome Center 5NYGC PRIVILEGED & CONFIDENTIAL HOW DO SECURITY, PRIVACY & REGULATIONS AFFECT OUR MISSION?
© 2013 New York Genome Center 6NYGC PRIVILEGED & CONFIDENTIAL MY DEFINITIONS Privacy: Ensuring that information that anyone considers personal and would not want known by others is protected Security The means by which we constrain access to data, so that private data is protected from access by unauthorized individuals, and is not changed, removed, or made unavailable by unauthorized individuals. Regulations Laws and governmental or organization rules that govern how data may be accessed and used. ØALL OF THESE IMPACT SHARING OF DATA
© 2013 New York Genome Center 7NYGC PRIVILEGED & CONFIDENTIAL DATA SHARING AND AGGREGATION ARE CRITICAL Complex diseases may need huge numbers of samples to gain statistical power Sequencing more patients when enough sequence exists for a new study is a waste of resources and precious research funding In rare diseases, you may not ever see the same thing twice ……..
© 2013 New York Genome Center 8NYGC PRIVILEGED & CONFIDENTIAL RISKS OF SHARING YOUR GENOMIC DATA SHOULDN’T BE UNDERESTIMATED EITHER GINA does not protect against denial of disability coverage, life insurance, long-term care insurance based on genetic information! For you or your family members!!!! Some people can afford not to worry about those issues But for some, it’s critical! Does sharing only for research projects, not publicly, reduce this risk sufficiently?
© 2013 New York Genome Center 9NYGC PRIVILEGED & CONFIDENTIAL AN EXAMPLE: NYC CLINICAL DATA RESEARCH NETWORK “Both the opportunity and the anxiety are pretty electrifying,” Francis S. Collins, director of the National Institutes of Health, said in an interview.
© 2013 New York Genome Center 10NYGC PRIVILEGED & CONFIDENTIAL NYC CLINICAL DATA RESEARCH NETWORK FUNDED by PCORI Individual Researchers
© 2013 New York Genome Center 11NYGC PRIVILEGED & CONFIDENTIAL NYC-CDRN GOALS Collect de-identified data from all patients from all of the member health systems 2.5-6.5 Million patient records De-duplicated across health systems Expect the first 2.5M records (with incomplete data) by August 1, assuming legal approvals Available for retrospective studies Available for cohort identification Will eventually host prospective studies as well Proposal promised connections to genomic data
© 2013 New York Genome Center 12NYGC PRIVILEGED & CONFIDENTIAL THE DETAILS Expect to have at least 2.4 million patient records by August Currently have 2M “dummy” records Waiting for the legalities…. De-duplicated across health systems! NYGC provides de-identified information only But we receive “limited data sets” under HIPAA Healthix and Bronx RHIO – trusted brokers - have identifying information but no health data What are we permitted to do with this data? What are the privacy, security, regulatory issues?
© 2013 New York Genome Center 13NYGC PRIVILEGED & CONFIDENTIAL PRIVACY: AT WHAT LEVEL CAN WE GUARANTEE THIS? Patients are “fully de-identified” in any data we make available (according to HIPAA standards) Is that really true? One physician tells me that 3 consecutive phosphate readings are fully identifying Providers do not want to be identified, and we will keep NO provider information Plan was to provide proxy ids for health systems Allowing comparisons, but not identification But patient 3-digit zip codes are permitted by HIPAA in NY And that will identify the hospital!!!!
© 2013 New York Genome Center 14NYGC PRIVILEGED & CONFIDENTIAL REGULATORY Lawyers do not agree on what constitutes re- identification under HIPAA I can identify cohorts for prospective studies from the collected data. Can I give those anonymized ids back to the hospital they came from to ask that the patients be contacted for consent to participate in the study? Or does that constitute knowingly using de- identified data for re-identification purposes – Even though I will never see the patient identity?
© 2013 New York Genome Center 15NYGC PRIVILEGED & CONFIDENTIAL CLINICAL GENOMICS Many more challenges Identifiable information Many types of data Electronic Health Records Genomic Data Personally reported data Device data Image data Current Auto-Immune Disease Project uses most of these and more
© 2013 New York Genome Center 16NYGC PRIVILEGED & CONFIDENTIAL LINKING TO OTHER DATA Prospective studies with additional (possibly identifiable) data collection Linking to genomic data Linking to personal device data, patient-provided data, etc. How do we isolate identifiable information from the de-identified data, to prevent re- identification, and still allow the data to be linked for studies with appropriate consents? A security question!!!!
© 2013 New York Genome Center 17NYGC PRIVILEGED & CONFIDENTIAL HOW DO WE CONNECT THIS TO GENOMIC DATA? Genomic data does not fall under HIPAA – yet But it is considered “identifying information” Does accessing genomic data and the de- identified patient data by matching anonymized ids constitute re-identification of the de-identified data? We may need to keep a new copy (consented) of the same data for each project.
© 2013 New York Genome Center 18NYGC PRIVILEGED & CONFIDENTIAL PCORI: A MIX OF PRIVACY, REGULATIONS AND SECURITY ISSUES Are we using the data in acceptable ways without explicit patient consent? Are we meeting HIPAA regulations around re- identification and use of limited datasets? Do we have adequate security around data transfers and access control from external networks (eg PCORNet)?
© 2013 New York Genome Center 19NYGC PRIVILEGED & CONFIDENTIAL MAINTAINING A GENOMIC DATA WAREHOUSE
© 2013 New York Genome Center 20NYGC PRIVILEGED & CONFIDENTIAL NYGC’S GOAL IS TO ENABLE DATA SHARING! Collecting yet more data Maintaining a catalog of data hosted by collaborators Security for multi-tenancy models also! Secure transmission of data among collaborators Maintaining our own data securely
© 2013 New York Genome Center 21NYGC PRIVILEGED & CONFIDENTIAL DATA SECURITY IS VERY GRANULAR Protecting researchers from themselves Ensure protection of unpublished data IRB approvals and informed consents limit who can use data Researchers don’t always understand the details Project-level access control works initially But data sharing agreements can allow access to only some samples in a project for secondary use Check boxes on informed consents are a big culprit And sample-level security is insufficient because owners of data may allow the same samples to be used in multiple studies But preclude researchers in one study from seeing results of others
© 2013 New York Genome Center 22NYGC PRIVILEGED & CONFIDENTIAL OPTIONS FOR ACCESS CONTROL Force all access through a catalog Doesn’t work for methods requiring file paths Users hate it FUSE file systems User-space virtual file system Too slow Linux access control Doesn’t work with NFS V3 NFS allows only 16 groups per user That limits everyone to 16 project-sample combinations And it doesn’t work with databases!! May well need cell-level access within databases
© 2013 New York Genome Center 23NYGC PRIVILEGED & CONFIDENTIAL SECURITY OF GENOMIC DATA Supporting prospective studies means maintaining identifiable data As does storing genomic data – connected or not Our infrastructure is FISMA-moderate compliant Is this sufficient? BAM files are too big to encrypt at rest and still access in pipelines!! Hardware assisted encryption still takes 3 hours to decrypt a BAM file Encrypted disk may be sufficient – but expensive at least Can’t follow standard HIPAA/HiTECH suggestions
© 2013 New York Genome Center 24NYGC PRIVILEGED & CONFIDENTIAL EDGE SECURITY Edge Security We’re FISMA moderate compliant We’ve passed pharma security audits We’ve passed independent security audits We regularly do penetration testing We monitor logs Is this sufficient? We’ll never be entirely sure
© 2013 New York Genome Center 25NYGC PRIVILEGED & CONFIDENTIAL THE BALANCING ACT! Collaboration Restrictions
© 2013 New York Genome Center 26NYGC PRIVILEGED & CONFIDENTIAL ACKNOWLEDGEMENTS PCORI Rainu Kaushal(Cornell – PCORI PI) George Hripsak(Columbia) Parsa Mirhaji (Montefiore) Alex Low (Cornell) Tom Check (Healthix) Tom Campion (Cornell) Deborah Ascheim(Mt Sinai) Many others Rockefeller Mayu Frank Dana Orange NYGC Cristyn Kells Dorian Leary Uday Evani Nina Lapchyk Shailu Gargeya Chris Black Scott Collins Jen Baldwin Bob Darnell Cornell Tech Deborah Estrin Funded In Part by the Patient-Centered Outcomes Research Institute

Recommended

Informatics Infrastructure for Clinical Genomics
Informatics Infrastructure for Clinical GenomicsInformatics Infrastructure for Clinical Genomics
Informatics Infrastructure for Clinical Genomics
Toby Bloom
 
[drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance![drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance!
DrupalDay
 
Cultura escrita y escuela rural aportes para leer y escribir en el plurigrado
Cultura escrita y escuela rural aportes para leer y escribir en el plurigradoCultura escrita y escuela rural aportes para leer y escribir en el plurigrado
Cultura escrita y escuela rural aportes para leer y escribir en el plurigrado
Gabriela Irureta
 
Proyecto educativo diseño gráfico
Proyecto educativo diseño gráficoProyecto educativo diseño gráfico
Proyecto educativo diseño gráfico
Elver Chaparro Cardozo
 
President Trump's Border Wall Could Cost as much as $40b
President Trump's Border Wall Could Cost as much as $40bPresident Trump's Border Wall Could Cost as much as $40b
President Trump's Border Wall Could Cost as much as $40b
Homeland Security Research Corp.
 
scheduling algorithm
scheduling algorithmscheduling algorithm
scheduling algorithm
nitish sandhawar
 
Resolving Conflicts and Disputes, 9 March 2017
Resolving Conflicts and Disputes, 9 March 2017Resolving Conflicts and Disputes, 9 March 2017
Resolving Conflicts and Disputes, 9 March 2017
Association for Project Management
 
Documentary questionnaire
Documentary questionnaireDocumentary questionnaire
Documentary questionnaire
A2 Media Column A
 

Recommended

Informatics Infrastructure for Clinical Genomics
Informatics Infrastructure for Clinical GenomicsInformatics Infrastructure for Clinical Genomics
Informatics Infrastructure for Clinical Genomics
Toby Bloom
 
[drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance![drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance!
DrupalDay
 
Cultura escrita y escuela rural aportes para leer y escribir en el plurigrado
Cultura escrita y escuela rural aportes para leer y escribir en el plurigradoCultura escrita y escuela rural aportes para leer y escribir en el plurigrado
Cultura escrita y escuela rural aportes para leer y escribir en el plurigrado
Gabriela Irureta
 
Proyecto educativo diseño gráfico
Proyecto educativo diseño gráficoProyecto educativo diseño gráfico
Proyecto educativo diseño gráfico
Elver Chaparro Cardozo
 
President Trump's Border Wall Could Cost as much as $40b
President Trump's Border Wall Could Cost as much as $40bPresident Trump's Border Wall Could Cost as much as $40b
President Trump's Border Wall Could Cost as much as $40b
Homeland Security Research Corp.
 
scheduling algorithm
scheduling algorithmscheduling algorithm
scheduling algorithm
nitish sandhawar
 
Resolving Conflicts and Disputes, 9 March 2017
Resolving Conflicts and Disputes, 9 March 2017Resolving Conflicts and Disputes, 9 March 2017
Resolving Conflicts and Disputes, 9 March 2017
Association for Project Management
 
Documentary questionnaire
Documentary questionnaireDocumentary questionnaire
Documentary questionnaire
A2 Media Column A
 
Tally
TallyTally
Tally
A2 Media Column A
 
Lmcp 1532.pptx task 5
Lmcp 1532.pptx task 5Lmcp 1532.pptx task 5
Lmcp 1532.pptx task 5
nur alwani
 
Revista Municipal Torremejia 08
Revista Municipal Torremejia 08Revista Municipal Torremejia 08
Revista Municipal Torremejia 08
AyuntamientoTorremejia
 
Enfermedades más comunes en los gatos
Enfermedades más comunes en los gatosEnfermedades más comunes en los gatos
Enfermedades más comunes en los gatos
Kevin Acevedo Durango
 
Klimastrategi
KlimastrategiKlimastrategi
Klimastrategi
Økologisk Landsforening
 
Why React's Awesome!
Why React's Awesome!Why React's Awesome!
Why React's Awesome!
nomanalikk
 
Phyllis Schlafly Report 1970 June
Phyllis Schlafly Report 1970 JunePhyllis Schlafly Report 1970 June
Phyllis Schlafly Report 1970 June
PhyllisSchlaflyEagles
 
Raciocinio logico quantitativo
Raciocinio logico quantitativoRaciocinio logico quantitativo
Raciocinio logico quantitativo
Jennifer Oliveira
 
неделя дружбы
неделя дружбынеделя дружбы
неделя дружбы
lavrenteva
 
Imposto que gera cultura, rende benefícios
Imposto que gera cultura, rende benefíciosImposto que gera cultura, rende benefícios
Imposto que gera cultura, rende benefícios
Evoé
 
P3 e2 añadirelrestodelasdiapositivas
P3 e2 añadirelrestodelasdiapositivasP3 e2 añadirelrestodelasdiapositivas
P3 e2 añadirelrestodelasdiapositivas
Andres Laseca
 
I chronicles 8 commentaryA
I chronicles 8 commentaryAI chronicles 8 commentaryA
I chronicles 8 commentaryA
GLENN PEASE
 
Designing & prototyping useful apps
Designing & prototyping useful appsDesigning & prototyping useful apps
Designing & prototyping useful apps
Robin De Croon
 
Programaciones 18 03-17
Programaciones 18 03-17Programaciones 18 03-17
Programaciones 18 03-17
Web Futbolaragones
 
Impresionismo en españa
Impresionismo en españaImpresionismo en españa
Impresionismo en españa
Gonzalo Costa
 
Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...
Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...
Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...
Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...
Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...
DNA Compass
 
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
0401 1 Denis Costello - Patient Generated Data
0401 1 Denis Costello - Patient Generated Data0401 1 Denis Costello - Patient Generated Data
0401 1 Denis Costello - Patient Generated Data
Workgroup of European Cancer Patient Advocacy Networks
 
Secure Cloud Based Centralized Health Improvement through homomorphism Encryp...
Secure Cloud Based Centralized Health Improvement through homomorphism Encryp...Secure Cloud Based Centralized Health Improvement through homomorphism Encryp...
Secure Cloud Based Centralized Health Improvement through homomorphism Encryp...
IRJET Journal
 
Data security in genomics: A review of Australian privacy requirements and th...
Data security in genomics: A review of Australian privacy requirements and th...Data security in genomics: A review of Australian privacy requirements and th...
Data security in genomics: A review of Australian privacy requirements and th...
Arran Schlosberg
 
Best Practices for Data Collection and Management in Clinical Trials
Best Practices for Data Collection and Management in Clinical TrialsBest Practices for Data Collection and Management in Clinical Trials
Best Practices for Data Collection and Management in Clinical Trials
ClinosolIndia
 

More Related Content

Viewers also liked

Viewers also liked (15)

Tally
TallyTally
Tally
 
Lmcp 1532.pptx task 5
Lmcp 1532.pptx task 5Lmcp 1532.pptx task 5
Lmcp 1532.pptx task 5
 
Revista Municipal Torremejia 08
Revista Municipal Torremejia 08Revista Municipal Torremejia 08
Revista Municipal Torremejia 08
 
Enfermedades más comunes en los gatos
Enfermedades más comunes en los gatosEnfermedades más comunes en los gatos
Enfermedades más comunes en los gatos
 
Klimastrategi
KlimastrategiKlimastrategi
Klimastrategi
 
Why React's Awesome!
Why React's Awesome!Why React's Awesome!
Why React's Awesome!
 
Phyllis Schlafly Report 1970 June
Phyllis Schlafly Report 1970 JunePhyllis Schlafly Report 1970 June
Phyllis Schlafly Report 1970 June
 
Raciocinio logico quantitativo
Raciocinio logico quantitativoRaciocinio logico quantitativo
Raciocinio logico quantitativo
 
неделя дружбы
неделя дружбынеделя дружбы
неделя дружбы
 
Imposto que gera cultura, rende benefícios
Imposto que gera cultura, rende benefíciosImposto que gera cultura, rende benefícios
Imposto que gera cultura, rende benefícios
 
P3 e2 añadirelrestodelasdiapositivas
P3 e2 añadirelrestodelasdiapositivasP3 e2 añadirelrestodelasdiapositivas
P3 e2 añadirelrestodelasdiapositivas
 
I chronicles 8 commentaryA
I chronicles 8 commentaryAI chronicles 8 commentaryA
I chronicles 8 commentaryA
 
Designing & prototyping useful apps
Designing & prototyping useful appsDesigning & prototyping useful apps
Designing & prototyping useful apps
 
Programaciones 18 03-17
Programaciones 18 03-17Programaciones 18 03-17
Programaciones 18 03-17
 
Impresionismo en españa
Impresionismo en españaImpresionismo en españa
Impresionismo en españa
 

Similar to Bio it 2014-published

Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...
Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...
Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...
Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...
Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...
DNA Compass
 
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Data security in genomics: A review of Australian privacy requirements and th...
Data security in genomics: A review of Australian privacy requirements and th...Data security in genomics: A review of Australian privacy requirements and th...
Data security in genomics: A review of Australian privacy requirements and th...
Arran Schlosberg
 
Best Practices for Data Collection and Management in Clinical Trials
Best Practices for Data Collection and Management in Clinical TrialsBest Practices for Data Collection and Management in Clinical Trials
Best Practices for Data Collection and Management in Clinical Trials
ClinosolIndia
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Ted Myerson
 
McMurry-NHIN-National-Health
McMurry-NHIN-National-HealthMcMurry-NHIN-National-Health
McMurry-NHIN-National-Health
Andrew McMurry
 

Similar to Bio it 2014-published (20)

Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...
Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...
Barbara Bierer (with Mark Barnes and Rebecca Li), "Transparency and Clinical ...
 
Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...
Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...
Possible Solution for Managing the Worlds Personal Genetic Data - DNA Guide, ...
 
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
 
0401 1 Denis Costello - Patient Generated Data
0401 1 Denis Costello - Patient Generated Data0401 1 Denis Costello - Patient Generated Data
0401 1 Denis Costello - Patient Generated Data
 
Secure Cloud Based Centralized Health Improvement through homomorphism Encryp...
Secure Cloud Based Centralized Health Improvement through homomorphism Encryp...Secure Cloud Based Centralized Health Improvement through homomorphism Encryp...
Secure Cloud Based Centralized Health Improvement through homomorphism Encryp...
 
Data security in genomics: A review of Australian privacy requirements and th...
Data security in genomics: A review of Australian privacy requirements and th...Data security in genomics: A review of Australian privacy requirements and th...
Data security in genomics: A review of Australian privacy requirements and th...
 
Best Practices for Data Collection and Management in Clinical Trials
Best Practices for Data Collection and Management in Clinical TrialsBest Practices for Data Collection and Management in Clinical Trials
Best Practices for Data Collection and Management in Clinical Trials
 
Exploiting multimodal biometrics in e privacy scheme for electronic health re...
Exploiting multimodal biometrics in e privacy scheme for electronic health re...Exploiting multimodal biometrics in e privacy scheme for electronic health re...
Exploiting multimodal biometrics in e privacy scheme for electronic health re...
 
Data Governance in two different data archives: When is a federal data reposi...
Data Governance in two different data archives: When is a federal data reposi...Data Governance in two different data archives: When is a federal data reposi...
Data Governance in two different data archives: When is a federal data reposi...
 
Secure Data Sharing and Related Matters – An NIH View
Secure Data Sharing and Related Matters – An NIH ViewSecure Data Sharing and Related Matters – An NIH View
Secure Data Sharing and Related Matters – An NIH View
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
 
Big Data and its Impact on Industry (Example of the Pharmaceutical Industry)
Big Data and its Impact on Industry (Example of the Pharmaceutical Industry)Big Data and its Impact on Industry (Example of the Pharmaceutical Industry)
Big Data and its Impact on Industry (Example of the Pharmaceutical Industry)
 
ai in clinical trails.pptx
ai in clinical trails.pptxai in clinical trails.pptx
ai in clinical trails.pptx
 
aiinclinicaltrails-221008052225-c7ed8a95.pdf
aiinclinicaltrails-221008052225-c7ed8a95.pdfaiinclinicaltrails-221008052225-c7ed8a95.pdf
aiinclinicaltrails-221008052225-c7ed8a95.pdf
 
Q&A: The Internet of Everything in Clinical Trials
Q&A: The Internet of Everything in Clinical TrialsQ&A: The Internet of Everything in Clinical Trials
Q&A: The Internet of Everything in Clinical Trials
 
Day 1: Real-World Data Panel
Day 1: Real-World Data Panel Day 1: Real-World Data Panel
Day 1: Real-World Data Panel
 
Top Backend Frameworks in 2022 | Third Rock Techkno
Top Backend Frameworks in 2022 | Third Rock TechknoTop Backend Frameworks in 2022 | Third Rock Techkno
Top Backend Frameworks in 2022 | Third Rock Techkno
 
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
 
McMurry-NHIN-National-Health
McMurry-NHIN-National-HealthMcMurry-NHIN-National-Health
McMurry-NHIN-National-Health
 
EHLP - July 2015 pg 6-8
EHLP - July 2015 pg 6-8EHLP - July 2015 pg 6-8
EHLP - July 2015 pg 6-8
 

Recently uploaded

Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
parulsinha
 
9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
GENUINE ESCORT AGENCY
 
Call Girls Hosur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Hosur Just Call 9630942363 Top Class Call Girl Service AvailableCall Girls Hosur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Hosur Just Call 9630942363 Top Class Call Girl Service Available
GENUINE ESCORT AGENCY
 
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
GENUINE ESCORT AGENCY
 
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Anamika Rawat
 
Call Girls Hyderabad Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Hyderabad Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 8250077686 Top Class Call Girl Service Available
Dipal Arora
 
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
jennyeacort
 
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
chennailover
 
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
Sheetaleventcompany
 
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service AvailableTrichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
GENUINE ESCORT AGENCY
 
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
Ishani Gupta
 
Top Quality Call Girl Service Kalyanpur 6378878445 Available Call Girls Any Time
Top Quality Call Girl Service Kalyanpur 6378878445 Available Call Girls Any TimeTop Quality Call Girl Service Kalyanpur 6378878445 Available Call Girls Any Time
Top Quality Call Girl Service Kalyanpur 6378878445 Available Call Girls Any Time
Call Girls Delhi
 
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
chandars293
 
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service AvailableCall Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
GENUINE ESCORT AGENCY
 
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service AvailableCall Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
perfect solution
 
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on WhatsappMost Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
Inaaya Sharma
 
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Sheetaleventcompany
 
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
 
9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
 
Call Girls Hosur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Hosur Just Call 9630942363 Top Class Call Girl Service AvailableCall Girls Hosur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Hosur Just Call 9630942363 Top Class Call Girl Service Available
 
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
 
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
 
Call Girls Hyderabad Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Hyderabad Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 8250077686 Top Class Call Girl Service Available
 
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
 
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
 
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
 
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
 
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service AvailableTrichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
 
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
 
Top Quality Call Girl Service Kalyanpur 6378878445 Available Call Girls Any Time
Top Quality Call Girl Service Kalyanpur 6378878445 Available Call Girls Any TimeTop Quality Call Girl Service Kalyanpur 6378878445 Available Call Girls Any Time
Top Quality Call Girl Service Kalyanpur 6378878445 Available Call Girls Any Time
 
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
 
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service AvailableCall Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
 
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service AvailableCall Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
 
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on WhatsappMost Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
 
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
 
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
 
8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
 

Bio it 2014-published

  • 1. © 2013 New York Genome Center 1NYGC PRIVILEGED & CONFIDENTIAL Privacy, Regulatory and Security Requirements in a Collaborative Clinical Genomics Environment TOBY BLOOM, PH.D BIO-IT WORLD APRIL 29, 2014
  • 2. © 2013 New York Genome Center 2NYGC PRIVILEGED & CONFIDENTIAL NYGC OVERVIEW Independent, non-profit research organization Founded as a collaboration of 12 NYC medical institutions Focused on clinical genomics Expecting to handle PHI, HIPAA regulations, FISMA-moderate security from the beginning. Merging many kinds of data The center’s mission is to save lives by creating an unprecedented collaboration of technology, science and medicine.
  • 3. © 2013 New York Genome Center 3NYGC PRIVILEGED & CONFIDENTIAL MEMBER INSTITUTIONS
  • 4. © 2013 New York Genome Center 4NYGC PRIVILEGED & CONFIDENTIAL NEW YORK BIOMEDICAL COMMUNITY Fostering Collaboration Enhancing efficiencies Promoting advances in medicine faster Sharing data is essential!!
  • 5. © 2013 New York Genome Center 5NYGC PRIVILEGED & CONFIDENTIAL HOW DO SECURITY, PRIVACY & REGULATIONS AFFECT OUR MISSION?
  • 6. © 2013 New York Genome Center 6NYGC PRIVILEGED & CONFIDENTIAL MY DEFINITIONS Privacy: Ensuring that information that anyone considers personal and would not want known by others is protected Security The means by which we constrain access to data, so that private data is protected from access by unauthorized individuals, and is not changed, removed, or made unavailable by unauthorized individuals. Regulations Laws and governmental or organization rules that govern how data may be accessed and used. ØALL OF THESE IMPACT SHARING OF DATA
  • 7. © 2013 New York Genome Center 7NYGC PRIVILEGED & CONFIDENTIAL DATA SHARING AND AGGREGATION ARE CRITICAL Complex diseases may need huge numbers of samples to gain statistical power Sequencing more patients when enough sequence exists for a new study is a waste of resources and precious research funding In rare diseases, you may not ever see the same thing twice ……..
  • 8. © 2013 New York Genome Center 8NYGC PRIVILEGED & CONFIDENTIAL RISKS OF SHARING YOUR GENOMIC DATA SHOULDN’T BE UNDERESTIMATED EITHER GINA does not protect against denial of disability coverage, life insurance, long-term care insurance based on genetic information! For you or your family members!!!! Some people can afford not to worry about those issues But for some, it’s critical! Does sharing only for research projects, not publicly, reduce this risk sufficiently?
  • 9. © 2013 New York Genome Center 9NYGC PRIVILEGED & CONFIDENTIAL AN EXAMPLE: NYC CLINICAL DATA RESEARCH NETWORK “Both the opportunity and the anxiety are pretty electrifying,” Francis S. Collins, director of the National Institutes of Health, said in an interview.
  • 10. © 2013 New York Genome Center 10NYGC PRIVILEGED & CONFIDENTIAL NYC CLINICAL DATA RESEARCH NETWORK FUNDED by PCORI Individual Researchers
  • 11. © 2013 New York Genome Center 11NYGC PRIVILEGED & CONFIDENTIAL NYC-CDRN GOALS Collect de-identified data from all patients from all of the member health systems 2.5-6.5 Million patient records De-duplicated across health systems Expect the first 2.5M records (with incomplete data) by August 1, assuming legal approvals Available for retrospective studies Available for cohort identification Will eventually host prospective studies as well Proposal promised connections to genomic data
  • 12. © 2013 New York Genome Center 12NYGC PRIVILEGED & CONFIDENTIAL THE DETAILS Expect to have at least 2.4 million patient records by August Currently have 2M “dummy” records Waiting for the legalities…. De-duplicated across health systems! NYGC provides de-identified information only But we receive “limited data sets” under HIPAA Healthix and Bronx RHIO – trusted brokers - have identifying information but no health data What are we permitted to do with this data? What are the privacy, security, regulatory issues?
  • 13. © 2013 New York Genome Center 13NYGC PRIVILEGED & CONFIDENTIAL PRIVACY: AT WHAT LEVEL CAN WE GUARANTEE THIS? Patients are “fully de-identified” in any data we make available (according to HIPAA standards) Is that really true? One physician tells me that 3 consecutive phosphate readings are fully identifying Providers do not want to be identified, and we will keep NO provider information Plan was to provide proxy ids for health systems Allowing comparisons, but not identification But patient 3-digit zip codes are permitted by HIPAA in NY And that will identify the hospital!!!!
  • 14. © 2013 New York Genome Center 14NYGC PRIVILEGED & CONFIDENTIAL REGULATORY Lawyers do not agree on what constitutes re- identification under HIPAA I can identify cohorts for prospective studies from the collected data. Can I give those anonymized ids back to the hospital they came from to ask that the patients be contacted for consent to participate in the study? Or does that constitute knowingly using de- identified data for re-identification purposes – Even though I will never see the patient identity?
  • 15. © 2013 New York Genome Center 15NYGC PRIVILEGED & CONFIDENTIAL CLINICAL GENOMICS Many more challenges Identifiable information Many types of data Electronic Health Records Genomic Data Personally reported data Device data Image data Current Auto-Immune Disease Project uses most of these and more
  • 16. © 2013 New York Genome Center 16NYGC PRIVILEGED & CONFIDENTIAL LINKING TO OTHER DATA Prospective studies with additional (possibly identifiable) data collection Linking to genomic data Linking to personal device data, patient-provided data, etc. How do we isolate identifiable information from the de-identified data, to prevent re- identification, and still allow the data to be linked for studies with appropriate consents? A security question!!!!
  • 17. © 2013 New York Genome Center 17NYGC PRIVILEGED & CONFIDENTIAL HOW DO WE CONNECT THIS TO GENOMIC DATA? Genomic data does not fall under HIPAA – yet But it is considered “identifying information” Does accessing genomic data and the de- identified patient data by matching anonymized ids constitute re-identification of the de-identified data? We may need to keep a new copy (consented) of the same data for each project.
  • 18. © 2013 New York Genome Center 18NYGC PRIVILEGED & CONFIDENTIAL PCORI: A MIX OF PRIVACY, REGULATIONS AND SECURITY ISSUES Are we using the data in acceptable ways without explicit patient consent? Are we meeting HIPAA regulations around re- identification and use of limited datasets? Do we have adequate security around data transfers and access control from external networks (eg PCORNet)?
  • 19. © 2013 New York Genome Center 19NYGC PRIVILEGED & CONFIDENTIAL MAINTAINING A GENOMIC DATA WAREHOUSE
  • 20. © 2013 New York Genome Center 20NYGC PRIVILEGED & CONFIDENTIAL NYGC’S GOAL IS TO ENABLE DATA SHARING! Collecting yet more data Maintaining a catalog of data hosted by collaborators Security for multi-tenancy models also! Secure transmission of data among collaborators Maintaining our own data securely
  • 21. © 2013 New York Genome Center 21NYGC PRIVILEGED & CONFIDENTIAL DATA SECURITY IS VERY GRANULAR Protecting researchers from themselves Ensure protection of unpublished data IRB approvals and informed consents limit who can use data Researchers don’t always understand the details Project-level access control works initially But data sharing agreements can allow access to only some samples in a project for secondary use Check boxes on informed consents are a big culprit And sample-level security is insufficient because owners of data may allow the same samples to be used in multiple studies But preclude researchers in one study from seeing results of others
  • 22. © 2013 New York Genome Center 22NYGC PRIVILEGED & CONFIDENTIAL OPTIONS FOR ACCESS CONTROL Force all access through a catalog Doesn’t work for methods requiring file paths Users hate it FUSE file systems User-space virtual file system Too slow Linux access control Doesn’t work with NFS V3 NFS allows only 16 groups per user That limits everyone to 16 project-sample combinations And it doesn’t work with databases!! May well need cell-level access within databases
  • 23. © 2013 New York Genome Center 23NYGC PRIVILEGED & CONFIDENTIAL SECURITY OF GENOMIC DATA Supporting prospective studies means maintaining identifiable data As does storing genomic data – connected or not Our infrastructure is FISMA-moderate compliant Is this sufficient? BAM files are too big to encrypt at rest and still access in pipelines!! Hardware assisted encryption still takes 3 hours to decrypt a BAM file Encrypted disk may be sufficient – but expensive at least Can’t follow standard HIPAA/HiTECH suggestions
  • 24. © 2013 New York Genome Center 24NYGC PRIVILEGED & CONFIDENTIAL EDGE SECURITY Edge Security We’re FISMA moderate compliant We’ve passed pharma security audits We’ve passed independent security audits We regularly do penetration testing We monitor logs Is this sufficient? We’ll never be entirely sure
  • 25. © 2013 New York Genome Center 25NYGC PRIVILEGED & CONFIDENTIAL THE BALANCING ACT! Collaboration Restrictions
  • 26. © 2013 New York Genome Center 26NYGC PRIVILEGED & CONFIDENTIAL ACKNOWLEDGEMENTS PCORI Rainu Kaushal(Cornell – PCORI PI) George Hripsak(Columbia) Parsa Mirhaji (Montefiore) Alex Low (Cornell) Tom Check (Healthix) Tom Campion (Cornell) Deborah Ascheim(Mt Sinai) Many others Rockefeller Mayu Frank Dana Orange NYGC Cristyn Kells Dorian Leary Uday Evani Nina Lapchyk Shailu Gargeya Chris Black Scott Collins Jen Baldwin Bob Darnell Cornell Tech Deborah Estrin Funded In Part by the Patient-Centered Outcomes Research Institute