§242v–1 — Title 42 The Public Health and Welfare | U.S. Code

Summary

The Secretary of Health and Human Services must work with the Director of National Intelligence, the Secretaries of State and Defense, and other national security experts to make sure NIH and other HHS research programs think about national security risks. That includes research that sequences human genomes or collects, analyzes, or stores identifiable, sensitive information and the risk that this data could be misused. By December 29, 2024, the Secretary must make sure NIH and relevant HHS offices, with agency heads and national security experts (including HHS’s Office of National Security), create or update a clear framework and policies to assess and manage those risks. The framework must say when to do risk assessments, set security controls and training for researchers and peer reviewers, and explain how to add risk reduction into funding decisions and monitor research after awards. Within 1 year after the framework is finished, the agencies must put in controls to ensure compliance, consider the risk from the country where work will happen when funding research, and make sure data access committees include national security experts. Within 2 years after the framework is finished, they must update rules for sharing human genomic data. By December 29, 2023, the Secretary must brief these congressional committees: the Senate Committees on Health, Education, Labor, and Pensions and Select Committee on Intelligence, and the House Committees on Energy and Commerce and the Permanent Select Committee on Intelligence.

Title 42, §242v–1

The Public Health and Welfare — Source: USLM XML via OLRC

(a)The Secretary of Health and Human Services, in consultation with the Director of National Intelligence, the Secretary of State, the Secretary of Defense, and other national security experts, as appropriate, shall ensure that biomedical research conducted or supported by the National Institutes of Health and other relevant agencies and offices within the Department of Health and Human Services is conducted or supported in a manner that appropriately considers national security risks, including national security implications related to research involving the sequencing of human genomic information, and collection, analysis, or storage of identifiable, sensitive information, as defined in section 241(d)(4) of this title, and the potential misuse of such data. Not later than 2 years after December 29, 2022, the Secretary shall ensure that the National Institutes of Health and other relevant agencies and offices within the Department of Health and Human Services, in consultation with the heads of agencies and national security experts, including the Office of the National Security within the Department of Health and Human Services—

(1)develop a comprehensive framework and policies for assessing and managing such national security risks that includes, or review and update, as appropriate, the current (as of the date of review) such framework and policies to include—

(A)criteria for how and when to conduct risk assessments for projects that may have national security implications;

(B)security controls and training for researchers or entities, including peer reviewers, that manage or have access to such data that may present national security risks; and

(C)methods to incorporate risk mitigation in the process for funding such projects that may have national security implications and monitor associated research activities following issuance of an award, including changes in the terms and conditions related to the use of such funds, as appropriate;

(2)not later than 1 year after the framework and policies are developed or reviewed and updated, as applicable, under paragraph (1), develop and implement controls to ensure that—

(A)researchers or entities involved in projects reviewed under the framework and relevant policies, including such projects that manage or have access to sensitive, identifiable information, have complied with the requirements of paragraph (1) and ongoing requirements with such paragraph;

(B)consideration of funding for projects that may have national security implications takes into account the extent to which the country in which the proposed research will be conducted or supported poses a risk to the integrity of the United States biomedical research enterprise; and

(C)data access committees reviewing data access requests for projects that may have national security risks, as appropriate, include members with expertise in current and emerging national security threats, in order to make appropriate decisions, including related to access to such identifiable, sensitive information; and

(3)not later than 2 years after the framework and relevant policies are developed or reviewed and updated, as applicable, under paragraph (1), update data access and sharing policies related to human genomic data, as applicable, based on current and emerging national security threats.

(b)Not later than 1 year after December 29, 2022, the Secretary shall provide a briefing to the Committee on Health, Education, Labor, and Pensions and the Select Committee on Intelligence of the Senate and the Committee on Energy and Commerce and the Permanent Select Committee on Intelligence of the House of Representatives on the activities required under subsection (a).

Notes & Related Subsidiaries

Editorial Notes

Codification Section was enacted as part of the Prepare for and Respond to Existing Viruses, Emerging New Threats, and Pandemics Act, also known as the PREVENT Pandemics Act, and also as part of the Health Extenders, Improving Access to Medicare, Medicaid, and CHIP, and Strengthening Public Health Act of 2022, and not as part of the Public Health Service Act which comprises this chapter.

§242v–1 Securing identifiable, sensitive information and addressing other national security risks related to research

Summary

Title 42, §242v–1

Notes & Related Subsidiaries

Editorial Notes

Citations & Metadata