United States: law and policy concerning transfer of genomic data to third countries

Human Genetics

Volumn 137, Issue 8, 2018, Pages 647-655

  Majumder, Mary Anderlik ^a  

^a BAYLOR COLLEGE OF MEDICINE   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ARTICLE; HEALTH CARE DELIVERY; HEALTH CARE SYSTEM; HUMAN; INSTITUTIONAL REVIEW; PRIVACY; SCIENTIST; UNITED STATES; COMPUTER SECURITY; GENETIC DATABASE; GENETIC PRIVACY; GENETICS; IDENTIFIABLE INFORMATION; INFORMATION DISSEMINATION; LEGISLATION AND JURISPRUDENCE; STANDARDS;

COMPUTER SECURITY; DATABASES, GENETIC; GENETIC PRIVACY; GENETIC RESEARCH; HUMANS; INFORMATION DISSEMINATION; PERSONALLY IDENTIFIABLE INFORMATION;

EID: 85051253503     PISSN: 03406717     EISSN: 14321203     Source Type: Journal    
DOI: 10.1007/s00439-018-1917-9     Document Type: Review

References (37)

1. 21st Century Cures Act (2016) Public Law No. 114-255
2. Beskow LM et al (2015) Informed consent for biobanking: consensus-based guidelines for adequate comprehension. Genet Med 17:226–232
3. Butterworth T (2018) Europe’s tough new digital privacy law should be a model for US policymakers. Vox. https://www.vox.com/the-big-idea/2018/3/26/17164022/gdpr-europe-privacy-rules-facebook-data-protection-eu-cambridge. Accessed 9 July 2018
4. Cohen IG, Mello MM (2018) HIPAA and protecting health information in the 21st century. JAMA 320:231–232
5. Collins FS, Varmus H (2015) A new initiative on precision medicine. N Engl J Med 372:793–795
6. Confidentiality Certificate No. HG-2009-01 issued to National Center for Biotechnology Information, National Library of Medicine, National Institutes of Health conducting research known as “The database for Genotype and Phenotype (dbGaP)” (2008). https://www.ncbi.nlm.nih.gov/projects/gap/cgi-bin/GetPdf.cgi?document_name=ConfidentialityCertificate.pdf. Accessed 27 May 2018
7. Department of Health and Human Services et al (2017) Final Rule: Federal Policy for the Protection of Human Subjects. 82 Federal Register 7149 (DHHS regulations to be codified at 45 CFR Part 46)
8. Department of Health and Human Services et al (2018a) Federal Policy for the Protection of Human Subjects: delay of the revisions to the Federal Policy for the Protection of Human Subjects. 83 Federal Register 2885
9. Department of Health and Human Services et al (2018b) Federal Policy for the Protection of Human Subjects: six month delay of the general compliance date while allowing the use of three burden-reducing provisions during the delay period. 83 Federal Register 28497
10. Dove ES et al (2015) Genomic cloud computing: legal and ethical points to consider. Eur J Hum Genet 23:1271–1278
11. European Commission (2016) Commission Implementing Decision (EU) 2016/1250 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU US Privacy Shield. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2016.207.01.0001.01.ENG. Accessed 9 July 2018
12. Federal Trade Commission (2009) Final Rule: Health Breach Notification. 74 Federal Register 42961 (codified at 16 CFR Part 318)
13. Global Alliance for Genomics and Health (2015) Consent policy. https://www.ga4gh.org/docs/ga4ghtoolkit/regulatoryandethics/Consent-Policy-Final-27-May-2015.pdf. Accessed 27 May 2018
14. Global Alliance for Genomics and Health (2018) Consent tools. http://www.p3g.org/system/files/biobank_toolkit_documents/GA4GH-Consent%20Tools-FINAL%20%281%29.pdf. Accessed 27 May 2018
15. Health Insurance Portability and Accountability Act (1996) Public Law 104-191
16. Lomas N (2018) EU parliament calls for Privacy Shield to be pulled until US complies. Techcrunch. https://techcrunch.com/2018/07/05/eu-parliament-calls-for-privacy-shield-to-be-pulled-until-us-complies. Accessed 9 July 2018
17. Majumder MA, Cook-Deegan R, McGuire AL (2016) Beyond our borders? Public resistance to global genomic data sharing. PLoS Biol 14(11):e2000206
18. McGee MK (2013) HIPAA Omnibus and offshore vendors: Will US regulators enforce actions against foreign BAs? Healthc Info Secur. https://www.healthcareinfosecurity.com/hipaa-omnibus-offshore-vendors-a-5987. Accessed 27 May 2018
19. Milliard M (2016) Think offshoring PHI is safe? You may not be covered if a business associate breaches data. Healthcare IT, News. http://www.healthcareitnews.com/news/think-offshoring-phi-safe-you-may-not-be-covered-if-business-associate-breaches-data. Accessed 27 May 2018
20. National Human Genome Research Institute (2018) Informed consent for genomics research. https://www.genome.gov/27565449/the-informed-consent-resource. Accessed 27 May 2018
21. National Institutes of Health (2014) Notice: Genomic Data Sharing Policy. 79 Federal Register 51345-51354
22. National Institutes of Health (2018) dbGaPAuthorized Access Portal. https://dbgap.ncbi.nlm.nih.gov/aa/wga.cgi?page=login. Accessed 9 July 2018
23. Office for Civil Rights (by delegation of authority from the Center for Medicare and Medicaid Services), Department of Health and Human Services (2003) Insurance reform: security standards (Security Rule). 68 Federal Register 8334 (as modified, codified at 45 CFR Parts 160, 164)
24. Office for Civil Rights, Department of Health and Human Services (2002) Standards for privacy of individually identifiable health information (Privacy Rule). 67 Federal Register 53181(as modified, codified at 45 CFR Parts 160, 164)
25. Office for Civil Rights, Department of Health and Human Services (2009) Breach notification for unsecured protected health information (Breach Notification Rule). 74 Federal Register 42740 (as modified, codified at 45 CFR Part 160, 164)
26. Office for Civil Rights, Department of Health and Human Services (2012) Guidance regarding methods for de-identification of Protected Health Information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html. Accessed 27 May 2018
27. Office for Civil Rights, Department of Health and Human Services (2013) Modifications to the HIPAA privacy, security, enforcement, and breach notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act. 78 Federal Register 5565 (codified at 45 CFR Part 160, 164)
28. Office for Civil Rights, Department of Health and Human Services (2017) Research. https://www.DHHS.gov/hipaa/for-professionals/special-topics/research/index.html. Accessed 27 May 2018
29. Office for Civil Rights, Department of Health and Human Services (2018) Breach portal. https://ocrportal.DHHS.gov/ocr/breach/breach_report.jsf. Accessed 27 May 2018
30. Office of Science Policy, National Institutes of Health (2018) Standard data use limitations. https://osp.od.nih.gov/wp-content/uploads/standard_data_use_limitations.pdf. Accessed 27 May 2018
31. Office of the National Coordinator for Health Information Technology, Department of Health and Human Services (2015) Guide to privacy and security of electronic health information. Version 2.0. https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf. Accessed 27 May 2018
32. PatientsLikeMe (2017) News Release: PatientsLikeMe Partners with iCarbonX and Secures $100 + Million Investment. http://news.patientslikeme.com/press-release/patientslikeme-partners-icarbonx-and-secures-100-million-investment. Accessed 27 May 2018
33. Prentice ED, Chair, Secretary’s Advisory Committee on Human Research Protections (2004) Letter to Hon. Tommy G. Thompson Re: HIPAA-Health Insurance Portability and Accountability Act. https://www.DHHS.gov/ohrp/sachrp-committee/recommendations/2004-september-27-letter/index.html. Accessed 27 May 2018
34. Rich JL, Former Director Bureau of Consumer Protection, Federal Trade Commission (2016) Prepared Statement of the Federal Trade Commission On Opportunities and Challenges in Advancing Health Information Technology. Before the Subcommittee on Information Technology and the Subcommittee on Health, Benefits, and Administrative Rules of the Oversight and Government Reform Committee, United States House of Representatives. https://www.ftc.gov/public-statements/2016/03/prepared-statement-federal-trade-commission-opportunities-challenges. Accessed 27 May 2018
35. Stead WW, Chair, National Committee on Vital and Health Statistics (2017) Letter to Hon. Thomas E. Price Re Recommendations on de-identification of Protected Health Information under HIPAA. https://www.ncvhs.DHHS.gov/wp-content/uploads/2013/12/2017-Ltr-Privacy-DeIdentification-Feb-23-Final-w-sig.pdf. Accessed 27 May 2018
36. Swanson A, Bradsher B (2018) US may limit access for Chinese researchers. New York Times, A1. https://www.nytimes.com/2018/04/30/us/politics/trump-china-researchers-espionage.html
37. The Electronic Medical Records and Genome (eMERGE) Network Consent and Community Consultation Workgroup Informed Consent Task Force (2009) Model consent language https://www.genome.gov/pages/policyethics/informedconsent/emergemodellanguage2009-12-15.pdf. Accessed 27 May 2018