View all text of Part A [§ 241 - § 242v-3]
§ 242v–1. Securing identifiable, sensitive information and addressing other national security risks related to research
(a) In generalThe Secretary of Health and Human Services, in consultation with the Director of National Intelligence, the Secretary of State, the Secretary of Defense, and other national security experts, as appropriate, shall ensure that biomedical research conducted or supported by the National Institutes of Health and other relevant agencies and offices within the Department of Health and Human Services is conducted or supported in a manner that appropriately considers national security risks, including national security implications related to research involving the sequencing of human genomic information, and collection, analysis, or storage of identifiable, sensitive information, as defined in section 241(d)(4) of this title, and the potential misuse of such data. Not later than 2 years after December 29, 2022, the Secretary shall ensure that the National Institutes of Health and other relevant agencies and offices within the Department of Health and Human Services, in consultation with the heads of agencies and national security experts, including the Office of the National Security within the Department of Health and Human Services—
(1) develop a comprehensive framework and policies for assessing and managing such national security risks that includes, or review and update, as appropriate, the current (as of the date of review) such framework and policies to include—
(A) criteria for how and when to conduct risk assessments for projects that may have national security implications;
(B) security controls and training for researchers or entities, including peer reviewers, that manage or have access to such data that may present national security risks; and
(C) methods to incorporate risk mitigation in the process for funding such projects that may have national security implications and monitor associated research activities following issuance of an award, including changes in the terms and conditions related to the use of such funds, as appropriate;
(2) not later than 1 year after the framework and policies are developed or reviewed and updated, as applicable, under paragraph (1), develop and implement controls to ensure that—
(A) researchers or entities involved in projects reviewed under the framework and relevant policies, including such projects that manage or have access to sensitive, identifiable information, have complied with the requirements of paragraph (1) and ongoing requirements with such paragraph;
(B) consideration of funding for projects that may have national security implications takes into account the extent to which the country in which the proposed research will be conducted or supported poses a risk to the integrity of the United States biomedical research enterprise; and
(C) data access committees reviewing data access requests for projects that may have national security risks, as appropriate, include members with expertise in current and emerging national security threats, in order to make appropriate decisions, including related to access to such identifiable, sensitive information; and
(3) not later than 2 years after the framework and relevant policies are developed or reviewed and updated, as applicable, under paragraph (1), update data access and sharing policies related to human genomic data, as applicable, based on current and emerging national security threats.
(b) Congressional briefing
(Pub. L. 117–328, div. FF, title II, § 2322, Dec. 29, 2022, 136 Stat. 5765.)