Conducting a risk analysis is a basic tenet of security compliance, with the overarching goal of understanding where protected health information (PHI) “lives” in an organization, where it moves, where it resides—and then imposing safeguards. Would China be an acceptable final resting place? And would covered entities (CEs) or business associates (BAs), with their often murky subcontractors, even know if the Chinese government was tapping into it?
This isn’t as far-fetched as it may sound. Recent reporting by Reuters has uncovered alleged ties between what it calls a Chinese gene company and the Chinese military. “A prenatal test taken by millions of pregnant women globally was developed by Chinese gene company BGI Group in collaboration with the Chinese military and is being used by the firm to collect genetic data,” Reuters reported in July.
“What Reuters discovered was that, although you sign a consent form as a patient, the identified genetic data from mothers all around the world was getting sent back to Hong Kong and China,” according to Edward You, a supervisory special agent in the FBI’s Weapons of Mass Destruction Directorate. “And yes, they get their results back, but what it means is that as the data resides in China, the Chinese national government [has] laws in place where they can access that data, based on a determination if there’s a national security need.”
You, who recently completed a two-year detail as the FBI’s liaison officer to HHS, made hisobservations during a podcast with John Riggi, the senior advisor for cybersecurity and risk for the American Hospital Association (AHA).
As Riggi explained at the start of the podcast, AHA has been providing resources to AHA members and the health care industry generally by interviewing individuals such as You to help address threats to cybersecurity and “best practices to help identify and reduce the risk posed by those threats.”
You “worked for six years in graduate research focusing on retrovirology and human gene therapy at the University of Southern California, Keck School of Medicine. He subsequently worked for three years at the biotechnology firm AMGEN Inc. in cancer research,” according to Texas A&M University, where You is a senior fellow for the Scowcroft Institute of International Affairs at the Bush School of Government and Public Service.
According to Texas A&M, You’s “overall goal is to safeguard the scientific community, the life science research enterprise, and the U.S. bioeconomy.”