FBI: More Awareness, Due Diligence Needed To Fight China in New ‘Space Race’ for Data

Health Care Compliance Association (HCCA)
Contact

Health Care Compliance Association (HCCA)

Report on Patient Privacy 21, no. 10 (October, 2021)

Conducting a risk analysis is a basic tenet of security compliance, with the overarching goal of understanding where protected health information (PHI) “lives” in an organization, where it moves, where it resides—and then imposing safeguards. Would China be an acceptable final resting place? And would covered entities (CEs) or business associates (BAs), with their often murky subcontractors, even know if the Chinese government was tapping into it?

This isn’t as far-fetched as it may sound. Recent reporting by Reuters has uncovered alleged ties between what it calls a Chinese gene company and the Chinese military. “A prenatal test taken by millions of pregnant women globally was developed by Chinese gene company BGI Group in collaboration with the Chinese military and is being used by the firm to collect genetic data,” Reuters reported in July.[1]

“What Reuters discovered was that, although you sign a consent form as a patient, the identified genetic data from mothers all around the world was getting sent back to Hong Kong and China,” according to Edward You, a supervisory special agent in the FBI’s Weapons of Mass Destruction Directorate. “And yes, they get their results back, but what it means is that as the data resides in China, the Chinese national government [has] laws in place where they can access that data, based on a determination if there’s a national security need.”

You, who recently completed a two-year detail as the FBI’s liaison officer to HHS, made hisobservations during a podcast with John Riggi, the senior advisor for cybersecurity and risk for the American Hospital Association (AHA).[2]

As Riggi explained at the start of the podcast, AHA has been providing resources to AHA members and the health care industry generally by interviewing individuals such as You to help address threats to cybersecurity and “best practices to help identify and reduce the risk posed by those threats.”

You “worked for six years in graduate research focusing on retrovirology and human gene therapy at the University of Southern California, Keck School of Medicine. He subsequently worked for three years at the biotechnology firm AMGEN Inc. in cancer research,” according to Texas A&M University, where You is a senior fellow for the Scowcroft Institute of International Affairs at the Bush School of Government and Public Service.[3]

According to Texas A&M, You’s “overall goal is to safeguard the scientific community, the life science research enterprise, and the U.S. bioeconomy.”

Before beginning the discussion, Riggi asked You to define what it meant by the bioeconomy. You said this term is acknowledging “advances that we’re seeing in biotech” are heavily dependent upon data.

“Data is going to become the new critical resource, or the new oil, that is really going to fuel the ability to leverage biotech,” said You. He added that data, “beyond the traditional cybersecurity issue, is really going to be the focal point of priority, not only for the U.S. but for around the world.”

Riggi asked You to define “the greatest threats to the bioeconomy” and where they originate.

You responded that America is at risk of biological threats, such as “dangerous bacteria, viruses and toxins.” He added that the United States is the only country that has been the victim of “bioterrorism,” referring to “anthrax mailings on the heels of the 9/11 attacks.”

Noting the ongoing pandemic, You said that the “dangerous pathogens or emerging and re-emerging infectious disease [are] still a big threat.”

But, he added compliance officials and others “really need to start thinking about what does security look like for our data. And I’m not talking about privacy. I’m not talking about ransomware.”

There may not be a true appreciation “for the value of the data,” You said, nor an appropriate assessment. Officials may not be “understanding the consequences of what happens when we lose that data, or it gets co-opted or accessed by others or either state or nonstate actors.”

As far as the source of threats to data, it is China. You named the Chinese Communist party, saying it “has put in strategies in place to gain access to the data.”

In response to Reuters’ reports, BGI has maintained that it is operating appropriately and complying with various laws.

In a statement following the Reuters coverage, BGI officials said the firm “is committed to improving health outcomes worldwide. That is and always has been the company’s mission. Assertions that BGI is motivated by anything other than the advancement of health outcomes are both deeply disappointing and factually incorrect. … Wherever BGI undertakes research, the company strictly comply with local laws, guidelines, and protocols, while adhering to internationally recognized ethical standards.”[4]

[View source.]

Written by:

Health Care Compliance Association (HCCA)
Contact
more
less

Health Care Compliance Association (HCCA) on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide