Friday, April 25, 2008

Happy DNA Day!!!


Lots of great posts on this DNA Day. First, I would like to tell Misha at GenomeBoy....Doubting Thomas was eventually one of the greatest supporters.... This is in response to my post yesterday. I think he might have called me Sherpa Buzzkill if he wasn't my friend.


I love that guy....seriously. Here's a man who has the paper and is a hell of a writer. Now he throws caution to the wind and signs up for the PGP. You gotta admire the courage. Pre-GINA mind you! But after the clarification of my exaggeration of the PGP informed consent profile, I thought it would be good to clarify the policy of the Delaware Valley Personalized Medicine Project. For full disclosure, I sit on the ICOB where we will meet and determine whether a SNP is medically actionable. The first meeting is in June.


The view from 30,000 feet is

Technical:
1. The databases are designed to keep genetic data and phenotypic data separate from personal account information.


2. Storage of certain personal information such as account information is encrypted.


3. The network perimeters are protected with firewalls.


4. All connections to and from our web portal are encrypted with a VeriSign SSL Certificate with Extended Validation (EV) and server-gated cryptography (SGC). This is the most trusted and secure option for SSL.


5. Internal and external audits of perimeter and software code security are performed.
Employees' use of the databases is monitored and records of all access to personal information are maintained.


Physical:


1. Access to the building housing the Coriell data center requires an electronic keycard badge ID for entry into the facility.


2. Physical access to internal servers is restricted to authorized personnel.

Administrative:


1. Access to personal information is restricted to certain employees for limited, approved purposes based on their specific responsibilities.

2. Annual privacy and security training is required for employees with access to personal information.We meet HIPAA IT requirements


For more information about this wonderful project take a look at their site and at my posts.


I am going to skip the recap for now. I will post the recap tonight.


The Sherpa Says:

Thank you to the readers who pointed me toward the San Jose Mercury News. Very interesting article.... If GINA gets enforced like these laws, then we can expect some very good patient protection. But we still need protections like the DVPMP

No comments: