HIMSS and the Association of Medical Directors of Information Systems have penned a letter to the Office of Science and Technology Policy outlining thoughts on the Precision Medicine Initiative and data security.
HIMSS and AMDIS expressed support for the addition of the National Institute of Standards and Technology Cybersecurity Framework to the PMI Principles and Framework, but offered additional recommendations and concerns.
Here are eight thoughts from the letter.
1. The letter recommends the PMI Principles and Framework to expand to include not only research-based uses, but clinical applications as well.
2. The two organizations also recommended the Framework include an expanded glossary with definitions for terms such as "genomic data," "security elements," "identifying information" and "de-identification."
3. HIMSS and AMDIS also suggested the PMI Principles and Framework more fully focus on PMI data confidentiality, integrity and availability.
4. The two organizations also requested additional information the physical security of PMI data.
5. In the letter, HIMSS and AMDIS also recommended the PMI Principles and Framework clarify which state and federal laws apply to the creation, transmission and maintenance of PMI data.
6. The two organizations also suggested those using PMI data participate in mock exercises to prepare for various threats, such as phishing scams.
7. HIMSS and AMDIS requested guidance on what constitutes limiting PMI data exposure.
8. HIMSS and AMDIS also advocated for organizations to share their experience and challenges with working with PMI data, but the two groups want guidance on what exactly can be shared.