Hostname: page-component-76fb5796d-qxdb6 Total loading time: 0 Render date: 2024-04-25T23:07:49.022Z Has data issue: false hasContentIssue false
  • English
  • Français

Cyberbanks and Other Virtual Research Repositories

Published online by Cambridge University Press:  01 January 2021

Mary Anderlik Majumder
Get access Rights & Permissions [Opens in a new window]

Extract

Few things seem more a part of the material world than biological specimens. Yet the processes by which collections of specimens are assembled, translated into information, combined with more information, and distributed are taking research repositories into the virtual realm.

The term “virtual” has a number of meanings, and so a research repository can qualify as virtual in a variety of ways. The term would seem to apply, for example, to (1) constructing a repository by forming a network among institutions; (2) using the Internet or the World Wide Web to solicit specimens and information; (3) integrating web-based technology into the operation of the bank; (4) using the Internet or web-based technology to manage relationships with donors or collection sites and recipients; and (5) digitizing specimens. The all-digital repository would seem the most virtual of all possible repositories, a true cyberbank.

Type
Symposium
Information
Journal of Law, Medicine & Ethics , Volume 33 , Issue 1 , Spring 2005 , pp. 31 - 39
Copyright
Copyright © American Society of Law, Medicine and Ethics 2005

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Digitization has assumed great importance due to the shortage of samples, for reasons that include biopsies and other procedures that are extremely parsimonious.Google Scholar
For discussion of these issues see, e.g., Greenbaum, D. S., “The Database Debate,” Albany Law Journal of Science & Technology 13 (2003): 431515.Google Scholar
The information concerning CHTN is derived from its website at <http://www-chtn.ims.nci.nih.gov/purpose.html> and from Eiseman, E. Bloom, G. Brower, J. Clancy, N., and Olmstead, S.S., Case Studies of Existing Human Tissue Repositories: “Best Practices” for a Biospecimen Resource for the Genomic and Proteomic Era (Santa Monica, CA: RAND, 2003), available at <http://www.rand.org/publications/MG/MG120> (last visited January 6, 2005).Google Scholar
The information concerning the SPIN project is derived from two NCI websites, Shared Pathology Informatics Network, at <http://www.cancerdiagnosis.nci.nih.gov/spin>, and Shared Pathology Informatics Network (SPIN), at <http://spin.nci.nih.gov/>, and from the proposal for Consented High-performance Indexing and Retrieval of Pathology Specimens (CHIRPS), I. Kohane, Principal Investigator (July 2000), available at <http://spin.nci.nih.gov/CHIRPSGrant.pdf> (last visited January 6, 2005).,+and+Shared+Pathology+Informatics+Network+(SPIN),+at+,+and+from+the+proposal+for+Consented+High-performance+Indexing+and+Retrieval+of+Pathology+Specimens+(CHIRPS),+I.+Kohane,+Principal+Investigator+(July+2000),+available+at++(last+visited+January+6,+2005).>Google Scholar
Shared Pathology Informatics Network (SPIN), at <http://www.cancerdiagnosis.nci.nih.gov/spin> (last visited January 6, 2005).+(last+visited+January+6,+2005).>Google Scholar
XML is a flexible text format derived from SGML, the international standard metalanguage for text markup systems. Originally developed for large-scale electronic publishing, it is increasingly the standard for exchange of data on the World Wide Web and can be processed or displayed by programs and browsers on all common operating systems. See Extensible Markup Language (XML), at <http://www.w3.org/XML/> (last visited January 6, 2005).+(last+visited+January+6,+2005).>Google Scholar
Anderlik, M. R., “Commercial Biobanks and Genetic Research,” American Journal of Pharmacogenomics 3 (2003): 203–15.CrossRefGoogle Scholar
Anderlik, M. R., “Commercial Biobanks and Genetic Research: Banking Without Checks?” in Knoppers, B. M., ed., Populations and Genetics: Legal and Socio-Ethical Perspectives (The Hague: Kluwer, 2003): Pp. 345376.Google Scholar
Typically, the term “user-based access controls” refers to password protections and other measures to limit access to authorized users. As the term suggests, “role-based access controls” limit the scope of access for authorized users based on role. For example, in a health system database, access to cells that contain psychotherapy notes might be limited to psychiatrists and psychologists.Google Scholar
Eiseman, , supra note 3, at 85–91.Google Scholar
First Genetic Trust, Products & Services, at <http://www.firstgenetic.net/products_academic.html> (last visited January 6, 2005).+(last+visited+January+6,+2005).>Google Scholar
U.S. Patent No. 6,640,211, available through USPTO Patent Full-Text and Image Database, at <http://www.uspto.gov/patft/index.html> (last visited January 6, 2005).+(last+visited+January+6,+2005).>Google Scholar
Press Release, “First Genetic Trust Awarded $2M ATP Grant to Create Secure Genetic Data System,” (May 11, 2004), available through <http://www.firstgenetic.net/news_press.html> (last visited January 6, 2005).+(last+visited+January+6,+2005).>Google Scholar
Adam, D., “Online Tumor Bank Aims to Offer Ready Route to Tissues,” Nature 416 (2002): 464; Teodorovic, I. Therasse, P. Spatz, A. Isabelle, M., and Oosterhuis, W., “Human Tissue Research: EORTC Recommendations on its Practical Consequences,” European Journal of Cancer 39 (2003): 2256–63.CrossRefGoogle Scholar
Oosterhuis, J. W. Coebergh, J. W., and van Veen, E., “Tumour Banks: Well-guarded Treasures in the Interest of Patients,” Nature Reviews Cancer 3 (2003): 7377, at 75.Google Scholar
Clayton, E. W., “Informed Consent and Biobanks,” The Journal of Law, Medicine & Ethics 33, no. 1 (2005): 1521.CrossRefGoogle Scholar
Eiseman, et al. , supra note 3, at 132–34.Google Scholar
Anderlik, M. R. and Rothstein, M. A., “Privacy and Confidentiality of Genetic Information: What Rules for the New Science?” Annual Review of Genomics & Human Genetics 2 (2001): 401–33, at 402.CrossRefGoogle Scholar
Federal Policy for the Protection of Human Subjects, 45 C.F.R. § 46A (basic Department of Health and Human Services policy for protection of human research subjects; a number of other federal agencies have adopted similar regulations).Google Scholar
Standards for Privacy of Individually Identifiable Information: Final Rule, 65 Fed. Reg. 82462 (Dec. 28, 2000) and 67 Fed. Reg. 53182 (Aug. 14, 2002) (codified at 45 C.F.R §§ 160, 164).Google Scholar
45 C.F.R. § 46.102(f).Google Scholar
Office for Human Research Protections (OHRP), Department of Health and Human Services, “Guidance on Research Involving Coded Private Information or Biological Specimens” (August 10, 2004), available at www.hhs.gov/ohrp/humansubjects/guidance/cdebiol.pdf (last visited January 6, 2005).Google Scholar
45 C.F.R. § 46.101(b)(4).Google Scholar
45 C.F.R. §§ 46.111(a)(7), 46.116(a)(5).Google Scholar
Eiseman, et al. , supra note 3, at 124.Google Scholar
45 C.F.R. § 160.103.Google Scholar
45 C.F.R. § 164.514(b)(2).Google Scholar
45 C.F.R. § 164.514(c).Google Scholar
See OHRP, supra note 23, at 7.Google Scholar
45 C.F.R. § 164.514(e). Also, the rule permits disclosure for public health purposes, such as reporting to state disease registries, 45 C.F.R. § 164.512(b), and it is worth noting the existence of a grandfathering provision, § 45 C.F.R. 164.532.Google Scholar
Department of Health and Human Services, “Research Repositories, Databases, and the HIPAA Privacy Rule,” available at <http://privacyruleandresearch.nih.gov/pdf/research_repositories_final.pdf>; Bledsoe, M., “HIPAA Models for Repositories,” International Society for Biological and Environmental Repositories (ISBER) Newsletter, available at <http://www.isber.org/Newsletters/Fall2004.pdf> (last visited January 6, 2005); Aamodt, R., “The Health Information [sic] Portability and Accountability Act of 1996 Privacy Rule,” International Society for Biological and Environmental Repositories (ISBER) Newsletter, Summer 2003, available at <http://www.isber.org/newweb/Newsletters/Summer2003.pdf>(last visited January 6, 2005).Google Scholar
Eiseman, et al. , supra note 3, at 131.Google Scholar
Sweeney, L., “Weaving Technology and Policy Together to Maintain Confidentiality,” Journal of Law, Medicine & Ethics 25, no. 2 & 3 (1997): 98110.CrossRefGoogle Scholar
Lin, Z. Hewett, M., and Altman, R. B., “Using Binning to Maintain Confidentiality of Medical Data,” Proceedings of the American Medical Informatics Association Annual Symposium (2002): 454–58.Google Scholar
Mitchell, M., “Medical Privacy Law Stirs Controversy,” Knight-Ridder Newspapers, March 3, 2003.Google Scholar
Setness, P. A., “When Privacy and the Public Good Collide: Does the Collection of Health Data for Research Harm Individual Patients?” Postgraduate Medicine On-line 113, no. 5 (May 2003), at <http://www.postgradmed.com/issues/2003/05_03/editorial_may.htm> (last visited January 6, 2005).Google Scholar
Katyal, N. K., “Digital Architecture as Crime Control,” Yale Law Journal 112 (2003): 2261–89.CrossRefGoogle Scholar
Davis, J. B., “Cybercrime Fighters,” ABA Journal 89 (Aug. 2003): 3742.Google Scholar
Department of Health and Human Services, Security Standards: Final Rule, 68 Fed. Reg. 8334 (Feb. 20, 2003) (codified at 45 C.F.R. § 160, 162, and 164).Google Scholar
This does not mean that the security of information in other formats escapes regulatory attention. The privacy rule includes some security provisions, which would apply to all protected health information. An example would be employee training on information handling under the heading of confidentiality.Google Scholar
See 68 Fed. Reg. 8337, 45 C.F.R. § 164.302.Google Scholar
68 Fed. Reg. 8341.Google Scholar
Grove, T., “Summary Analysis: The Final HIPAA Security Rule, Phoenix Health System's HIPAAdvisory,” (February 2003), available at <http://www.hipaadvisory.com/regs/finalsecurity/summaryanalysis.htm> (last visited January 6, 2005). (last visited January 6, 2005).' href=https://scholar.google.com/scholar?q=Grove,+T.,+“Summary+Analysis:+The+Final+HIPAA+Security+Rule,+Phoenix+Health+System's+HIPAAdvisory,”+(February+2003),+available+at++(last+visited+January+6,+2005).>Google Scholar
Lewis, M., “Digital Signatures: Meeting the Traditional Requirements Electronically,” Asper Review of International Business & Trade Law 2 (2002): 6384, at 70.Google Scholar
Id.Google Scholar
HIIDIT Health Information Identification De-Identification Toolkit, at <http://www.chip.org/projects/hiidit/> Gast visited January 6, 2005).+Gast+visited+January+6,+2005).>Google Scholar
Kort, E. J. Campbell, B., and Resau, J. H., “A Human Tissue and Data Resource: An Overview of Opportunities, Challenges, and Development of a Provider/Researcher Partnership Model,” Computer Methods and Programs in Biomedicine 70 (2003): 137–50.CrossRefGoogle Scholar
CHIRPS proposal, supra note 4, at 23–24.Google Scholar
Anderlik, M. R., supra note 8.Google Scholar
For example, the U.S. Computer Fraud and Abuse Act criminalizes certain activities that undermine the confidentiality, integrity, and availability of data. See Geist, M., “Cyberlaw 2.0,” Boston College Law Review 44 (2003): 323–58.Google Scholar
Harmon, A., “Digital Vandalism Spurs a Call for Oversight,” New York Times, Sept. 1, 2003, A1.Google Scholar
For example, the liability framework does nothing to place restrictions on use by those who receive information in breach of a duty of confidentiality. See, e.g., Janger, E. J., “Privacy, Property, Information Costs, and the Anticommons,” Hastings Law Journal 54 (2003): 899929.Google Scholar
Boyle, J. Shamans, , Software and Spleens: Law and the Construction of the Information Society (Cambridge: Harvard University Press, 1996): at 177.Google Scholar