The All of Us program is a huge research project set up by the National Institute of Health (NIH) that aims to collect genetic and health data from a representative sample of at least one million Americans.
According to Wired.com, Congress has authorised a $1.455 billion budget for the project. Its aim is to produce a resource for researchers looking at a range of questions about how to understand and improve health.
It’s part of the Precision Medicine Initiative (PMI), which is a large-scale effort to improve health through more individualised care. The PMI uses information about peoples’ genetics, lifestyles, and environment to understand how healthcare can be tailored to each person’s circumstances.
The All of Us program is working towards this aim. People living in the US who volunteer for the program will be asked for information about their lives and will have medical information collected from them, including DNA samples. You can find out more about joining by clicking here.
However, the information people are being asked to share is very personal. Recent headlines have brought attention to issues surrounding personal data, such as the Facebook privacy breach scandal, and recent changes to European data protection laws. In light of this, the developers at All of Us are working to be as transparent as possible about how people’s information will be used and protected.
Eric Dishman is the director of the All of Us research program and a cancer survivor committed to improving healthcare. In this article for Stat News, he discusses data protection in the All of Us program and why he felt comfortable sharing his own data.
Here are seven takeaway points from Dishman’s article and the All of Us website about how the program approaches data security:
1. All the data is anonymous
Everyone included in the database will have his or her data anonymised. Any researcher that tries to identify someone from the data will be in violation of the program’s policy and will lose access to it.
2. Privacy and security are part of the program’s core values
When the program was set up, the developers understood the importance of security in handling personal medical information. The program has been designed with data protection as a priority.
3. The All of Us program is legally held to different privacy standards than most companies
All information collected from participants in the program is subject to a Certificate of Confidentiality designed to protect people’s privacy, as well as the 21st Century Cures Act that extends these protections around genetic data. Furthermore, as Eric Dishman points out in his article, the program differs from other cooperations that are being criticised for their lack of user privacy, “our goals are different, our obligations to our participants are different, our legal protections are different, and our policies around data privacy are different.”
4. Researchers using the genetic data are required to register
Although the database is open to applications from a range of different research groups studying different questions, everyone who accesses the database will need to register, verify their identity, and outline their use of the data. All of this information will be publically listed. In addition, all researchers using the genetic data will undergo ethics training and their database use will be tracked. Anyone that breaks the program’s policies (such as by trying to link data to a specific person) will be banned from using the database.
5. The database cannot be used for law enforcement
After the case of the Golden State Killer, which used old crime scene DNA and a public genealogy database to identify a man who is thought to have evaded the police for decades, the debate around genetic protection is more relevant than ever. However, the All of Us database cannot be used to incriminate people. Personally identifying information isn’t given out, and, even if it were somehow found, it is inadmissible as legal evidence in the US.
6. Your genetic information cannot be used to discriminate against you
The Genetic Information Nondiscrimination Act passed in 2008 makes it illegal for a health insurance company or employer to discriminate against someone using genetic information. The law is slightly different for some members of certain groups, including the military and federal employees, but in these cases, the companies follow a similar policy of non-discrimination.
7. The program plans to keep updating its security
Technology security is a fast-developing area, and new risks are always being identified. To ensure peoples privacy is protected the program plans to continually work on keeping its approach up to date. The website says they intend to “be responsive to changing circumstances and new threats.”
