Tag: data security

Operating room Doctor or Surgeon anatomy on Advanced robotic surgery machine.

Protecting Consumer Privacy in DTC Tissue Testing

Adithi Iyer Leave a comment

By Adithi Iyer

In my last piece, I discussed the hypothetical successor of 23andme — a tissue-based direct-to-consumer testing service I’ve called yourtissueandyou — and the promise and perils that it might bring in consumer health information and privacy. Now, as promised, a closer look at the “who” and “how” of protecting the consumer at the heart of direct-to-consumer precision medicine. While several potential consumer interests are at stake with these services, at top of mind is data privacy — especially when the data is medically relevant and incredibly difficult to truly de-anonymize.

As we’ve established, the data collected by a tissue-based service will be vaster and more varied than we’ve seen before, magnifying existing issues with traditional data privacy. Consumer protections for this type of information are, in a word, complicated. A singular “authority” for data privacy does not exist in the United States, instead being spread among individual state data privacy statutes and regulatory backstops (with overlapping sections of some federal statutes in the background). In the context of health, let alone highly sophisticated cell signaling and microenvironment data, the web gets even more tangled.

Read More

sample tube in female hands with pipette.

Why We Should Care About the Move from Saliva to Living Cells in Precision Medicine

Adithi Iyer Leave a comment

By Adithi Iyer

The cultural, informational, and medical phenomenon that is 23andMe has placed a spotlight on precision medicine, which seeks to personalize medical care to each patient’s unique makeup. Thus far, advances in direct-to-consumer genetic testing have made saliva-sample sequencing services all the rage in this space, but regenerative medicine, which relies on cells and tissues, rather than saliva, now brings us to a new, increasingly complex inflection point.

While collecting and isolating DNA samples from saliva may offer a wealth of information regarding heredity, disease risk, and other outflows of the “instruction manual” for patients, analyzing cells captures the minutiae of patients that goes “beyond the book” and most closely informs pathology. Disease isn’t always “written in the stars” for patients. Epigenetic changes from environmental exposures, cell-to-cell signaling behaviors, and the mutations present in diseased cells all profoundly inform how cells behave in whether and how they code the instructions that DNA offers. These factors are critical to understanding how disease materializes, progresses, and ultimately responds to treatment. This information is highly personal to each patient, and reflects behavioral factors as well as genetics.

Regenerative medical technologies use cell- and tissue-based methods to recapitulate, bioengineer, and reprogram human tissue, making a whole suite of sci-fi-sounding technologies an ever-closer reality. With cell-based and other regenerative therapies entering the market (making up an entire FDA subgroup), it well worth considering how cell-based medicine can advance the world of personalized consumer testing. In other words, could a corporate, direct-to-consumer cell-based testing service be the next 23andMe? And what would that mean for patients?

Read More

Medicine doctor and stethoscope in hand touching icon medical network connection with modern virtual screen interface, medical technology network concept

Governing Health Data for Research, Development, and Innovation: The Missteps of the European Health Data Space Proposal

The Petrie-Flom Center Staff Leave a comment

By Enrique Santamaría

Together with the Data Governance Act (DGA) and the General Data Protection Regulation (GDPR), the proposal for a Regulation on the European Health Data Space (EHDS) will most likely form the new regulatory and governance framework for the use of health data in the European Union. Although well intentioned and thoroughly needed, there are aspects of the EHDS that require further debate, reconsiderations, and amendments. Clarity about what constitutes scientific research is particularly needed.

Read More

Blue biohazard sign in front of columns of binary code.

The International Weaponization of Health Data

Matthew Chun Leave a comment

By Matthew Chun

International collaboration through the sharing of health data is crucial for advancing human health. But it also comes with risks — risks that countries around the world seem increasingly unwilling to take.

On the one hand, the international sharing of health-related data sets has paved the way for important advances such as mapping the human genome, tracking global health outcomes, and fighting the rise of multidrug-resistant superbugs. On the other hand, it can pose serious risks for a nation’s citizens, including re-identification, exploitation of genetic vulnerabilities by foreign parties, and unauthorized data usage. As countries aim to strike a difficult balance between furthering research and protecting national interests, recent trends indicate a shift toward tighter controls that could chill international collaborations.

Read More

Hand holding smartphone with colorful app icons concept.

Who Owns the Data Collected by Direct-to-Consumer Health Apps?

Sara Gerke Leave a comment

By Sara Gerke and Chloe Reichel

Who owns the data that are collected via direct-to-consumer (DTC) health apps? Who should own that data?

We asked our respondents to answer these questions in the third installment of our In Focus Series on Direct-to-Consumer Health Apps. Learn about the respondents and their views on data privacy concerns in the first installment of this series, and read their thoughts on consumer access to DTC health app data in the second installment.

Read More

Illustration of multicolored profiles. An overlay of strings of ones and zeroes is visible

Should Users Have Access to Data Collected by Direct-to-Consumer Health Apps?

Sara Gerke Leave a comment

By Sara Gerke and Chloe Reichel

Should consumers have access to the data (including the raw data) that are collected via direct-to-consumer (DTC) health apps? What real-world challenges might access to this data introduce, and how might they be addressed?

In this second installment of our In Focus Series on Direct-to-Consumer Health Apps, that’s what we asked our respondents. Learn about the respondents and their views on data privacy concerns in the first installment of this series. Read on for their thoughts on whether and how consumers should gain access to the data that direct-to-consumer health apps collect.

Read More

hands hold phone with app heart and activity on screen over table in office

Perspectives on Data Privacy for Direct-to-Consumer Health Apps

Sara Gerke Leave a comment

By Sara Gerke and Chloe Reichel

Direct-to-consumer (DTC) health apps, such as apps that manage our diet, fitness, and sleep, are becoming ubiquitous in our digital world.

These apps provide a window into some of the key issues in the world of digital health — including data privacy, data access, data ownership, bias, and the regulation of health technology.

To better understand these issues, and ways forward, we contacted key stakeholders representing a range of perspectives in the field of digital health for their brief answers to five questions about DTC health apps.

Read More

Illustration of a man and a woman standing in front of a DNA helix

A Proposal for Localized Review to Safeguard Genetic Database Privacy

Robert Field Leave a comment

By Robert I. Field, Anthony W. Orlando, and Arnold J. Rosoff

Large genetic databases pose well-known privacy risks. Unauthorized disclosure of an individual’s data can lead to discrimination, public embarrassment, and unwanted revelation of family secrets. Data leaks are of increasing concern as technology for reidentifying anonymous genomes continues to advance.

Yet, with the exception of California and Virginia, state legislative attempts to protect data privacy, most recently in Florida, Oklahoma, and Wisconsin, have failed to garner widespread support. Political resistance is particularly stiff with respect to a private right of action. Therefore, we propose a federal regulatory approach, which we describe below.

Read More

Apple watch and fit bit.

Beyond HIPAA: A Proposed Self-Policing Framework for Digital Health Products

Vrushab Gowda Leave a comment

By Vrushab Gowda

As digital health products proliferate, app developers, hardware manufacturers, and other entities that fall outside Health Insurance Portability and Accountability Act (HIPAA) regulation are collecting vast amounts of biometric information. This burgeoning market has spurred patient privacy and data stewardship concerns.

To this end, two policy nonprofits – the Center for Democracy and Technology (CDT) and the eHealth Initiative (eHI) – earlier this month jointly published a document detailing self-regulatory guidelines for industry. The following piece traces the development of the “Proposed Consumer Privacy Framework for Health Data,” provides an overview of its provisions, and offers critical analysis.

Read More

Code on computer.

How to Secure Our Digital Health Infrastructure Against Cyber Attacks

Vrushab Gowda Leave a comment

By Vrushab Gowda

Our health information infrastructure is highly susceptible to cyber attacks. At the time of writing, the Department of Health and Human Services (HHS) is actively investigating over 700 major breaches over the past 24 months alone.

It is incumbent upon our institutions to proactively guard against these threats, with our federal government leading the charge.

Read More