- Human Biospecimens
- For Researchers
- For Biospecimen Contributors
- For Patients
August 23, 2018
We don’t handle DNA profiles, and protected health information is stripped from specimen records up front
Although DNA analysis of large populations holds enormous promise for the future of medicine, privacy concerns are growing.
Headlines in recent weeks have recounted both the sharing of DNA data collected by 23andMe with a pharma company and the opening of a genealogy database to law enforcement. (Although the latter instance precipitated the arrest of an alleged serial killer, the data sharing itself raised slippery-slope worries).
Meanwhile, we’re reminded that a team from Harvard has demonstrated an uncanny ability to re-identify de-identified genomic data when one has an individual’s gender, date of birth and zip code in hand.
We don’t handle DNA profiles
At iSpecimen, we go to great lengths to ensure a patient specimen donor’s privacy is protected and to prevent DNA profiles from being connected to identities. In addition to building privacy protections into our software, we bind all researchers to never try to re-identify patients, ever.
On the technology side, we do not handle or store DNA profiles. We do communicate electronically with specimen suppliers to populate the iSpecimen Marketplace’s online catalog of available biospecimens. Our software, however, automatically strips all Protected Health Information (PHI) before it leaves the networks of our specimen partners, eliminating potential PHI leakage that can accompany manual de-identification processes.
iSpecimen data center contains no PHI
In accordance with HIPAA, PHI is stripped from specimen data by our iSpecimen Guardian® software, which we install behind the firewall of our specimen supplier partners. The encrypted, de-identified data sets are transmitted to iSpecimen for comparison against a database of specimen requests from our research partners. PHI is not transmitted to us at this time, or any other. In fact, PHI never leaves the custody of any specimen supplier.
We put our own feet to the fire
Our technology undergoes regular, rigorous privacy and security audits to ensure it continues to protect the identity of patient donors and is impervious to prospective hackers. All iSpecimen code goes through multiple levels of security testing by reputable firms to identify potential vulnerabilities in the code. In order to provide additional layers of protection, the following testing is routinely performed:
HIPAA Gap Analysis– Wolf & Company, an independent auditing firm with expertise in information technology security, audits iSpecimen technology and policies to ensure that they comply with all HIPAA regulations.
Binary Code Evaluation– Veracode, a leading provider of application risk management tools, assesses iSpecimen’s binary code.
Application Security Evaluation– Wolf & Company periodically performs manual penetration testing and audits iSpecimen Guardian software and iSpecimen Curator software to identify potential security vulnerabilities.
Privacy drives progress
Like most powerful technologies, genomic sequencing can be used for public benefit, orit can be misused. We do everything in our power to protect patient privacy so that the power of genomics, big data, and predictive analytics can safely unleash a new generation of precision medicine. It’s too important to jeopardize.
If you are a specimen supplier, we would be happy to walk you through our process. We believe it can be an example for this industry.