Skip to Main Content

The National Institutes of Health recently launched the All of Us Research Program to create one of the largest, richest public resources for biomedical research in human history. Its mission is to accelerate medical breakthroughs that personalize prevention, treatment, and care for all Americans. As the director of this unprecedented program — and as a cancer survivor, patient advocate, and participant in more than a dozen research studies — I want to share how we are safeguarding participant confidentiality and personal data.

Long before this program began, the NIH conducted focus groups, sent out surveys, and set up listening sessions with people about their hopes, ideas, and concerns about collecting detailed and sensitive health information from a million or more people over their lifetimes. We made certain to meet with demographically diverse and vulnerable communities. These communities have good reason to be suspicious of research because of past breaches of trust perpetrated by government programs — from the Tuskegee syphilis study to the Havasupai genetic study. With their help and input from top privacy, security, and ethics experts, we created clear privacy and security principles for All of Us and included these as part of our core values.


In other words, privacy and security have been in the program’s bones from the beginning and are continuously baked into it with help from our network of more than 70 community partners. Building trust with communities, especially around privacy and security, is paramount to the success of All of Us. After all, participants are agreeing to share sensitive, personal health information from electronic health records; information about many aspects of their lives, including where they’ve lived to help understand environmental exposures; and blood and urine samples for genomic data to understand genetic risks.

Building trust is challenging and takes time because of the technical, scientific, and legal jargon — and high emotions — often surrounding discussions of privacy and security. I still struggle to understand these issues, and I come from the IT industry where I worked on them. Building trust is made even more challenging by the sensational sound bites and hot headlines about the failings of Facebook, the Equifax breach, and the security flaws in microprocessors.

Since recent headline-grabbing stories about law enforcement’s use of genetic information such as the capture of the Golden State Killer, many people have asked us whether the DNA they might provide to All of Us could be used in unexpected ways by law enforcement. The answer is: “No!”


The All of Us Research Program is fundamentally different from the companies highlighted in those news reports. Our goals are different, our obligations to our participants are different, our legal protections are different, and our policies around data privacy are different.

Like most federally funded research that collects sensitive data, the participant data in All of Us are afforded special legal protections. All partners that receive NIH funds for this program are protected by — and mandated to follow — a Certificate of Confidentiality to protect the privacy of research participants. Congress recently enhanced these protections in the 21st Century Cures Act to help fight legal demands to give out information that identifies a participant, even to law enforcement. In addition, Congress passed the Genetic Information Nondiscrimination Act a decade ago, which prohibits discrimination in health insurance and employment based on genetic information.

On top of these, our key privacy protections include removing obvious identifiers from data, encrypting all data, and storing it within secure commercial cloud platforms. No vendor, consortium partner, or researcher can copy or sell this data. We require all use of it to be within the controlled, secure research portal that NIH funds. We use best-in-class security technologies and continuously test and monitor our systems, even with innovative approaches like using friendly “white hat” hackers to attack our systems and help improve any weaknesses they find. While no organization can guarantee that a security breach will never occur, we are doing everything we can to prevent breaches and to communicate quickly and transparently should one ever happen.

Researchers seeking access to All of Us data will be required to register and verify their identity. Each researcher’s name, affiliation, and research purpose will be listed publicly, which is not only our policy, but also the law, mandated by the 21st Century Cures Act. They will need to take ethics training and sign a responsible data use agreement, including a promise to not try to identify participants. We will track all researchers’ activities to monitor for violations of our policies. We take these agreements seriously; anyone who violates this standard will lose access to the data immediately.

We live in uneasy times when it comes to our personal data. I have been personally affected by breaches of my banking and credit card information, so I understand how confusing, frustrating, and even damaging these violations of trust can be.

I also know from the cancer patients for whom I advocate and from All of Us participants that many people are especially eager to find out what’s going on in their genes. That’s why so many of us have chosen to get our DNA analyzed by private companies. I personally have used some of the publicly available tools that were used in the Golden State case. Like many people, I skimmed too quickly, if at all, through these companies’ terms of service and privacy policies. We should slow down — be more careful and cautious.

Many of us working on the All of Us Research Program have signed up as participants, including me. I trust our systems with my health data, knowing full well that no system is invulnerable. But to me, that small risk is vastly outweighed by the huge potential benefits from All of Us. Perhaps we will learn to prevent chronic pain, find better ways to treat or even prevent diabetes, slow or stop dementia, or find “first time” cures for new cancer patients instead of the 23 years of well-intentioned, trial-and-error treatment that I went through.

If you’re thinking about joining All of Us, we want you to slow down and understand what you are signing up for. Read what we have to say about data privacy and security, watch our consent videos explaining exactly what will happen to your data and what it means to be a part of All of Us. Please call, email, or initiate a chat if you have questions. Then, if you’re comfortable with it, join us. We’d love to have you.

Eric Dishman is the director of the National Institutes of Health’s All of Us Research Program.

Comments are closed.