Author: Matt Newman
Senior Vice President & General Manager, Pharma & Diagnostics
DNAnexus
If you’re reading our blog, then you’re probably also working with human genomic data that’s made publicly available through the National Institutes of Health. That means you need to know about the recently announced update to NIH’s policy on genomic data sharing, which goes into effect in January 2025.
The update includes new security standards and expectations for resources such as dbGaP and other controlled-access data repositories from NIH. For scientists working at pharmaceutical and biotechnology companies, the previously accepted approach of designating a few key people to handle responsibility for IT and compliance will no longer be sufficient. With the new policy, NIH has upped the game for protecting human genomic data.
Here at DNAnexus, we applaud this policy update. We’ve already seen cases where hackers breached genomic data resources, and studies show how easy it is to identify individuals based on supposedly anonymized genetic data in publicly available resources. (Interested in a deeper dive into data privacy risks? Here’s a handy review article.)
Collectively, this demonstrates the critical need to implement stronger protections for human genomic data — and it’s wonderful to see NIH stepping in to ensure better security for the data they make available to scientists.
With that said, we also recognize that more security requirements can mean more headaches for researchers who need to mine public databases for target discovery, target validation, comparisons of clinical trial data to control data, and more. The new policy from NIH may seem like a burden to scientists who are used to current protocols for data access. After all, security compliance is usually not the main focus for researchers who work with this data on a regular basis.
Here’s a quick rundown of the new ongoing requirements from NIH:
If all of these security requirements make your head spin, there’s an alternative: using a cloud-based platform-as-a-service model with all of the security protocols built in. While the NIH policy update is new, the DNAnexus team has been focused on privacy and security for genomic data since we first built our platform 15 years ago. Our Precision Health Data Cloud meets the toughest security criteria out there, complying with FEDRAMP moderate data controls and a host of other measures.
Within this highly protected environment, we have extensive capabilities that allow scientists to conduct large-scale genomic analysis in the manner that’s ideal for them. Choose from our library of more than 200 tools and existing pipelines, or import your own tools and build custom analysis pipelines. Love to code? We’ve got you covered. Data can be imported easily from publicly available repositories, including those from NIH. Cloud-based computing makes access and data permissions a cinch, supporting collaborations within your organization or across the globe.
In short, there’s no need to panic about the NIH policy update. The DNAnexus platform meets all of the new security requirements and provides a simple but sophisticated environment that will let you continue your research with human genomic data. Let us handle security compliance so you can focus on what’s most important: your science.
Check out our security white paper for some points to consider that apply to both cloud-based and local systems.