Slashdot Mirror
The Struggle to Build a Massive 'Biobank' of Patient Data (nytimes.com)
An anonymous reader shares a report: This spring, the National Institutes of Health will start recruiting participants for one of the most ambitious medical projects ever envisioned. The goal is to find one million people in the United States, from all walks of life and all racial and ethnic groups, who are willing to have their genomes sequenced, and to provide their medical records and regular blood samples. They may choose to wear devices that continuously monitor physical activity, perhaps even devices not yet developed that will track heart rate and blood pressure. They will fill out surveys about what they eat and how much. If all goes well, experts say, the result will be a trove of health information like nothing the world has seen. The project, called the All of Us Research Program, should provide new insights into who gets sick and why, and how to prevent and treat chronic diseases.
The All of Us program joins a wave of similar efforts to construct gigantic "biobanks" by, among others, the Department of Veterans Affairs, a British collaboration and private companies like Geisinger Health Systems and Kaiser Permanente. But All of Us is the only one that attempts to capture a huge sample that is representative of the United States population. "It will be transformative," said Dr. Francis Collins, director of the National Institutes of Health. It will also be expensive. In 2017 alone, the budget for All of Us was $230 million, of which $40 million came from the 21st Century Cures Act. Congress has authorized an astounding $1.455 billion over 10 years for the project.
While supporters say the results will be well worth the money and effort, others have begun to question whether All of Us is just too ambitious, too loaded with cumbersome bureaucracy -- and too duplicative of smaller programs that are moving much more quickly. In the three years since the All of Us program was announced, not a single person's DNA has been sequenced. Instead, project leaders have signed up more than 17,000 volunteers as "beta testers" in a pilot phase of the program. They supplied blood and urine samples, had measurements taken, and filled out surveys.
The All of Us program joins a wave of similar efforts to construct gigantic "biobanks" by, among others, the Department of Veterans Affairs, a British collaboration and private companies like Geisinger Health Systems and Kaiser Permanente. But All of Us is the only one that attempts to capture a huge sample that is representative of the United States population. "It will be transformative," said Dr. Francis Collins, director of the National Institutes of Health. It will also be expensive. In 2017 alone, the budget for All of Us was $230 million, of which $40 million came from the 21st Century Cures Act. Congress has authorized an astounding $1.455 billion over 10 years for the project.
While supporters say the results will be well worth the money and effort, others have begun to question whether All of Us is just too ambitious, too loaded with cumbersome bureaucracy -- and too duplicative of smaller programs that are moving much more quickly. In the three years since the All of Us program was announced, not a single person's DNA has been sequenced. Instead, project leaders have signed up more than 17,000 volunteers as "beta testers" in a pilot phase of the program. They supplied blood and urine samples, had measurements taken, and filled out surveys.
Eating too much. Eating garbage food (mainly: too much sugar, too much carbohydrate overall, too much 'bad' fats, not enough 'good' fats, not enough whole vegetables and fruits). Not enough (quality) sleep. Not enough exercise (for most people, it seems: no exercise whatsoever). Smoking (including, more recently, vaping). In other words: poor lifestyle choices, and all the things we've all been told for decade upon decade, falling on apparently deaf ears, because nobody wants to actually change anything, and there's always excuses why not.</uncomfortable_truth>
I can see this going the same way as all of my other "personal information," in the information age. Namely, all of the data about me will belong to entities that are not me. And from that ownership of my data, they will generate huge streams of income in perpetuity. I propose that this is a fucked up and ridiculous way to continue, especially with detailed medical data on an unprecedented level.
Without a change in this policy I would be lucky to receive nothing from this arrangement. This is highly unlikely though. If it goes like the other arrangements we have seen so far, my information will be covertly used in an attempt to manipulate and control me and others like me. My information will not be available to me. The effects of my information, how it is used, and to what purposes, is also kept from me.
In this case, my data could help cure cancer, prevent genetic diseases, extend life, eradicate obesity. The companies who used this data would become wealthy beyond current imagining. In return for providing the data used to create a new era in the practice of medicine, donors of their data would get to pay for the cures their data created. This is the fucked up part.
You want my data to fundamentally transform the medical field for all time? Cool. Put in writing that I and my descendants will receive full control over how my information is used. I don't want it sold to another country to create mind control drugs or new nerve agents. Second, any advancements that my data helps create are available to me and my descendants free of charge. Lastly, I want royalties payable to me and my descendants, in perpetuity, for any and every use of my data, and for any new treatments that come from my data.
Oh, you wanted all of this information for free, without strings attached? Go fuck yourself.
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
PHI gets hacked every day. Someone leaves their patient DB in a public S3 bucket, a database runs as SYSDBA because the developer has to make deliverables, and consequences for a breach will not filter to him/her, backups are done without any regard for encryption key management, AD doesn't have lockouts, nor someone giving a shit enough to actually read logs, especially if someone is trying to brute-force the DA/EA account (which is likely not even renamed.)
Do we want more stuff which eventually will become public domain? With the pathetic way a lot of companies protect PHI/PII, the best thing is that the data never exists in the first place, or is destroyed as soon as possible.