The 21st Century Cures Act was passed with support from both sides of the aisle (imagine that!) and signed into law by then-President Obama late last year. This ambitious legislation drives action in areas as diverse as drug and device regulation and response to the opioid epidemic. It also tackles the issue of how to make data more broadly available for research use and clinical purposes. In our recently published GIM article, “Sharing data under the 21st Century Cures Act,” we examine the Act’s potential to facilitate data-sharing, in line with a recent position statement of the American College of Medical Genetics and Genomics. We highlight a number of provisions of the Act that either explicitly advance data-sharing or promote policy developments that have the potential to advance it. For example, Section 2014 of the Act authorizes the Director of National Institutes of Health to require award recipients to share data, and Section 4006 requires the Secretary of Health and Human Services to promote policies ensuring that patients have access to their electronic health information and are supported in sharing this information with others.
Just as relevant, the Act takes steps to reduce some major barriers to data sharing. An important feature of the Act, which has not been extensively publicized, is its incorporation of provisions from legislation originally proposed by Senators Elizabeth Warren and Mike Enzi to protect the identifiable, sensitive information of research subjects. Senator Warren, in particular, has been a vocal advocate of data sharing. Arguably, one of the biggest barriers to sharing is public concern about privacy. The relevant provisions address this concern chiefly via Certificates of Confidentiality. Among other things, the Act makes issuance of Certificates automatic for federally-funded research in which identifiable, sensitive information is collected and prohibits disclosure of identifiable, sensitive information by covered researchers, with only a few exceptions such as disclosure for purposes of other research. These protections became effective June 11, 2017. While NIH has signaled its awareness of the Act, it has not yet updated its Certificates of Confidentiality webpage. Continue reading