Introduction

“Guard”?

You’ve read the title and probably thought to yourself, “This sounds serious…” 

If you have read the previous articles related to bioinformatics in AWS, you know we are dealing with biological data. If you haven’t, you can check them out here as well. Due to the innovation of current technologies (AWS being one of them), there is also a rising need to ensure that these technologies comply with laws relating to privacy of genomic data.

AWS for genomics provides scalable, secure, and cost-effective tools:

• Data transfer and storage – can transfer large volumes of genomic data to the cloud
• Secondary analysis – access workflow automation and secondary analysis solutions
• Data aggregation and governance – utilize AWS’ data access controls and permissions for maintaining data integrity
• Tertiary analysis and ML – turn genomic data into biological insight with machine learning and high-performance computing resources
• Clinical genomics – can make accurate diagnoses and effective treatment decisions

Genomic data is highly sensitive since it consists of an individual’s biological data. Its privacy must always be respected. In an article from the National Human Genome Research Institute, federal laws such as the Common Rule (aims to protect human subjects in research) and the Health Insurance Portability and Accountability Act (HIPPA) are used to ensure efforts to promote scientific progress and protect patient privacy. However, it is stated that due to the unique nature of a DNA sequence, it can still be traced back to its owner.

How can you make sure that your bioinformatics workflow is compliant with necessary security implementations? Working on biological data with AWS helps with this!

AWS Data Security and Compliance for Genomics

Let’s talk about how AWS ensures that they follow the necessary compliance when you are using their services for genomic workflows. 

AWS makes sure that you don’t have to compromise security compliance for speed and scalability.

• Data sovereignty – AWS’ infrastructure supports many data centers worldwide, so genomic companies can store their data within their country if needed (especially when it is done to comply to local laws).
• Compliance – With AWS, organizations can stay compliant with industry regulations minus the extra work since. This is because AWS supports 98 different security standards and compliance certifications.

• Data ownership – AWS doesn’t access or use the data you store in their platform. You are the only one who owns and controls your data.
• Data provenance and governance – With AWS, you can automatically receive alerts and track in detail who accesses and changes data.

AWS Shared Responsibility Model

If you’ve long known about AWS, it means you are familiar with this concept too. This shared responsibility model ensures that both sides know the extent of responsibilities they must uphold, reducing security risks and improving cloud security.

Source: AWS Shared Responsibility Model (AWS, 2022), retrieved from this pdf

• Customer – “IN” the cloud
  • Remember,  as the customers of AWS, we are responsible when it comes to managing our data, applications, and access controls within AWS.
• AWS – “OF” the cloud
  • On the other hand, AWS is responsible for maintaining its infrastructure (data centers, hardware, etc.) to make sure all the services we use run smoothly.

The AWS shared responsibility model allows genomic organizations to comply with industry regulations and compliances. This includes (but not limited to):

• HIPAA – The Health Insurance Portability and Accountability Act aims to protect the confidentiality of patients’ sensitive health information. AWS has 180+ HIPAA-eligible services on their platform for storing, analyzing, and sharing genomic data.
• GDPR – General Data Protection Regulation is (European Union) EU’s data privacy and security law. It mandates obligations on organizations that target or collect data related to people in the EU. AWS still maintains privacy and protects personal data for EU citizens with their end-to-end data encryption and access controls.
• CLIA and CAP – The Clinical Laboratory Improvement Amendments and the College of American Pathologists both aim to ensure quality lab testing. AWS has reproducible workflows and automated reporting for handling lab analyses, sample processing, diagnostic testing, and more.
• Global Alliance for Genomics and Health – Also known as GA4GH, was formed in 2013, that unites international communities for advancing human health through genomic data. This non-profit alliance includes 500+ organizations in healthcare, patient advocacy, research, ethics, government, life science, and information technology as its members. AWS follows open standards from this alliance while enabling responsible genomic data sharing with cloud services. 

This only proves that AWS takes data security and compliance seriously! They work on ensuring that their services adhere to these requirements.

Who are the companies that currently work with AWS?

You might be asking, “If AWS is really trustworthy for these kinds of works, what companies ACTUALLY use their services then?” Fret not, the following are only some of the organizations that utilize AWS’ services!

• Illumina – They focus on improving the human health of all. On their official website, they identify as “a global genomics and human health leader innovating the future of precision health”. It is also written their that their products help pioneer advances in the following (but not limited to) fields: 
  • Oncology
  • Genetic and infectious diseases
  • Reproductive

• Genomics England – They power the future of healthcare by aiming to
  • Transform healthcare (working with NHS to deliver genomic testing)
  • Accelerate research (provide health data and advanced technology for researchers)
  • Protect citizens and lead the ethics debate (data security and transparency)
  • You can access their official website here.

• DNAnexus – As written on their official website, DNAnexus is known as the most trusted platform for bioinformatics and precision health data management. 

• Ancestry – AncestryDNA helps people understand their genealogy with their precise geographic details and historical insights. 

These genomics organizations are the testaments to how secure AWS is, on top of the fact that it is helpful for their workflows.

Conclusion

With this, AWS offers a cloud environment for managing sensitive data. It is secure compliant along with flexible, which is important for fields like genomics. Its global infrastructure, firm security standards, and encryption that users manage guarantee that organizations are able to protect their information while adhering to global rules. Furthermore, the Shared Responsibility Model we talked about allows organizations to manage their own data security, while AWS is in charge of the infrastructure.

Now that you know how AWS has your back when working on your genomic workflows, you can explore all of their genomics solutions in their website and learn! You can now focus on innovation and research without worrying about possible data breaches or compliance issues.

Remember, AWS provides the tools to keep biological data safe and private, but the responsibility lies with you (whether you’re an individual or an organization) to make sure that your data in their platform is managed properly.

References

AWS for Genomics

https://pages.awscloud.com/rs/112-TZM-766/images/HCLS_LSC_GNO_OTHER_genomics-security-overview.pdf

Common Rule

https://research.unc.edu/compliance/training-communications/tutorials/common-rule-1/#:~:text=In%201991%2C%2016%20federal%20agencies,research%20through%20three%20basic%20requirements.

AWS Genomics Solutions & Security

https://aws.amazon.com/health/genomics/solutions/

AWS Security and Compliance Center

https://aws.amazon.com/compliance/

AWS HIPAA Compliance Whitepaper
https://d1.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf

CLIA and CAP

https://blog.mainestandards.com/clia-vs-cap

AWS Security Best Practices

https://docs.aws.amazon.com/whitepapers/latest/aws-security-best-practices/aws-security-best-practices.pdf

Genomics organizations

https://aws.amazon.com/solutions/case-studies/genomics-england/

https://aws.amazon.com/solutions/case-studies/dnanexus/

https://aws.amazon.com/solutions/case-studies/ancestry-case-study/

https://aws.amazon.com/solutions/case-studies/illumina-case-study/