The advent of the human genome sequence has focused research on understanding underlying genetic links to complex diseases such as cancer, asthma and heart disease. In the past few years, individual countries, such as Iceland, Estonia, Singapore and the United Kingdom, have created national databases of their citizens' DNA for comparative research. Most recently, an international consortium including Nigeria, Japan, China and the United States launched a $100 million project called the International HapMap to map the human genome according to haplotypes, blocks of DNA that contain genetic variation. Such population genetic databases present challenging ethical, social and legal issues, yet regulation of genetic information has developed sporadically, from region to region, without a consistent international standard. Without a clear understanding of the consequences of genetic research in terms of individual and community-wide discrimination and stigmatization, genetic databases raise concerns about the protection of genetic information. This Note provides a survey of the evolving landscape of population genetic databases as a legislative and public policy tool for national and international regulators. It compares different approaches to regulating the collection and use of population genetic databases in order to understand what areas of consensus are formulating a foundation for an international standard. As the first population genetics project that will span multiple countries for the collection of DNA, the International HapMap has the potential to become an influential standard for the protection of population genetic information. This Note highlights issues among the national databases and the HapMap project that raise ethical, social and legal concerns for the future and recommends further protections for both individual donors and community interests.
The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy.
To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information.
We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet.
We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information.
The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.
Cites: Med Inform Internet Med. 2000 Oct-Dec;25(4):265-7311198188