Hostname: page-component-745bb68f8f-g4j75 Total loading time: 0 Render date: 2025-01-22T23:57:58.267Z Has data issue: false hasContentIssue false

Privacy and Security within Biobanking: The Role of Information Technology

Published online by Cambridge University Press:  01 January 2021

Abstract

Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source.

Type
Symposium Articles
Copyright
Copyright © American Society of Law, Medicine & Ethics 2016

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Shelton, A. K. et al., “Surrogate Consent for Genomics Research in Intensive Care,” American Journal of Critical Care 18, no. 5 (2009): 418426.CrossRefGoogle Scholar
“23andMe – Research Consent Document,” available at <https://www.23andme.com/about/consent/> (last visited February 19, 2016).+(last+visited+February+19,+2016).>Google Scholar
Sage Bionetworks, Participant-Centered Toolkit, available at <http://sagebase.org/e-consent> (last visited February 19, 2016).+(last+visited+February+19,+2016).>Google Scholar
DataShield.Google Scholar
See 45 C.F.R § 164.514(b).Google Scholar
Bieber, F. R., Brenner, C. H. and Lazer, D., “Finding Criminals through DNA of Their Relatives,” Science 312 (2006): 13151316.Google Scholar
Gymrek, M. et al., “Identifying Personal Genomes by Surname Inference,” Science 339, no. 6117 (2013): 321324.Google Scholar
Johnson, A. and Shmatikov, V., “Privacy-Preserving Data Exploration in Genome-Wide Association Studies,” Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, American College of Medicine, 2013.Google Scholar
Canim, M. et al., Exploiting Modern Hardware for Secure Data Management, The University of Texas at Dallas (2011); M. Kantarcioglu et al., “A Cryptographic Approach to Securely Share and Query Genomic Sequences,” Information Technology in Biomedicine, IEEE Transactions 12, no. 5 (2008): 606-617; K. Lauter, A. López-Alt, and M. Naehrig, “Private Computation on Encrypted Genomic Data,” 14th Privacy Enhancing Technologies Symposium, Workshop on Genome Privacy (2014); M. Blanton and M. Aliasgari, “Secure Outsourcing of DNA Searching via Finite Automata,” Data and Applications Security and Privacy XXIV (Berlin: Springer, 2010): 49–64.Google Scholar
Galvagni, M., Cotrupi, S. and Barbareschi, M., “Biobanks and Information Technology,” Pathologica 100, no. 2 (2008): 128-138; A.K. Shelton et al., “Surrogate Consent for Genomics Research in Intensive Care,” American Journal of Critical Care 18, no. 5 (2009): 418–426.Google Scholar
Zhang, W. et al., “Role Prediction Using Electronic Medical Record System Audits,” AMIA Annual Symposium Proceedings (2011): 858867; W. Zhang et al., “Evolving Role Definition Through Permission Invocation Patterns,” available at <http://dl.acm.org/citation.cfm?id=2462422> (last visited February 19, 2016); The ACM Symposium on Access Control Models and Technologies [SACMAT] (2012); 37–48.+(last+visited+February+19,+2016);+The+ACM+Symposium+on+Access+Control+Models+and+Technologies+[SACMAT]+(2012);+37–48.>Google Scholar
Chen, Y., Nyemba, S. and Malin, B., “Detecting Anomalous Insiders in Collaborative Information Systems,” IEEE Trans. Dependable and Secure Computing 9, no. 3 (2012): 332-344; Y. Chen and B. Malin, “Detection of Anomalous Insiders in Collaborative Environments via Relational Analysis of Access Logs,” Proceedings of ACM Conference on Data and Application Security and Privacy (2011): 63–74; Y. Chen et al., “Specializing Network Analysis to Detect Anomalous Insider Actions,” Security Informatics 1, no. 5 (2012); Y. Chen, S. Nyemba, and B. Malin, “Auditing Medical Record Accesses via Health-care Interaction Networks,” Proceedings of AMIA Symposium (2012): 9102.CrossRefGoogle Scholar
Public Population Project in Genomics and Society, Advanced Tissue Management System (ATiM), available at <http://www.p3g.org/biobank-toolkit/advanced-tissue-management-system-atim> (last visited February 19, 2016).+(last+visited+February+19,+2016).>Google Scholar
SmartBiobank: Data-management System for Biomedical Research, available at <http://www.smartbiobank.com/> (last visited February 19, 2016).+(last+visited+February+19,+2016).>Google Scholar
Artificial Intelligence in Medicine, Inc. Biobanking, available at <http://www.aim.ca/biobanking/> (last visited February 19, 2016).+(last+visited+February+19,+2016).>Google Scholar