InDiGenous: A National Genomic Identity Infrastructure for Personalized and Population Health
A Medical Informatics System Design Proposal
It is a system design proposal developed as a final project for the Medical Informatics course (School of Public Health, University of Haifa, 2025). It describes a conceptual architecture for a national genomic ID system — designed as an exercise in applied health informatics system thinking, not as a description of an implemented or funded system.
I. Background and business requirement
Background
The integration of individual genomic data (GD) into routine clinical practice has the potential to significantly enhance personalized healthcare — allowing physicians to tailor diagnostics and treatment to each patient’s genetic profile. In current medical systems, however, GD is typically kept separate from general electronic health records (EHRs), limiting its practical utility at the point of care. This separation hinders personalized medicine, slows genomic research, and restricts the application of GD in public health (PH).
Beyond disease risk prediction, GD determines the effectiveness and safety of many treatments — from oncological targeted therapy to pharmacogenomic drug dosing. Its integration with other medical data could substantially improve outcomes in conditions where genetics plays a central role: hereditary cancers, cardiovascular diseases, metabolic and neurological disorders, and others.
Current challenges
Three core barriers obstruct effective GD utilization in healthcare:
Data fragmentation: Genomic information is stored in specialized laboratory databases (DBs) disconnected from EHRs, preventing clinicians from accessing it during routine consultations.
Privacy concerns: GD is uniquely sensitive — it carries implications not only for an individual but for her/his biological relatives across generations. The risks of unauthorized access, misuse, or discriminatory application create justified reluctance among patients and providers to share it without robust legal and technical safeguards.
Underutilization in PH: Population-wide GD, essential for genetic epidemiology and the design of targeted preventive interventions, remains largely inaccessible to PH researchers due to the absence of aggregation and anonymization infrastructure.
Business requirement
InDiGenous (Individual Digital Genomic System) is a proposed secure digital repository for individual genomic profiles (personalized genomic IDs), accessible by the patient, healthcare providers, and other authorized parties under strictly governed consent conditions.
Its core objectives are:
Patient autonomy: Full patient control over GD — who accesses it, for what purpose, and under what conditions.
Personalized healthcare: Clinician access to GD within existing EHR workflows, enabling precision diagnostics and treatment.
PH research: Aggregated, anonymized GD for population-level genetic epidemiology and health policy.
InDiGenous’ potential impact
InDiGenous bridges the clinical and PH spheres of genomic medicine. Its anticipated impact spans three levels:
Clinical: More precise treatment, reduced adverse drug reactions, improved outcomes in genetically driven conditions.
Population: Insights into genetic risk patterns across communities, informing targeted preventive strategies.
Trust and security: A consent-driven, legally compliant framework that encourages patients to share GD without fear of misuse.
II. Goals of the proposed medical information system
InDiGenous addresses critical gaps in healthcare by providing a centralized, secure platform for individual GD management. Its primary goals are as follows:
Empowerment of patient autonomy: To enable individuals to fully control their GD, including granting and managing access based on informed consent. Patients set access permissions for healthcare providers, researchers, and family members — with granular control over who may view, modify, or utilize specific data elements. This patient-centric architecture is the foundation of the system’s trustworthiness and the prerequisite for broad adoption.
Facilitation of personalized healthcare: To integrate GD into clinical practice, giving providers access to patient-specific genomic profiles at the point of care. GD enable more precise treatment recommendations — reducing adverse drug reactions, guiding targeted therapy selection, and informing dosing for patients whose genetic profiles affect drug metabolism. For conditions with strong genetic determinants (oncological, cardiovascular, neurological), this integration supports a shift from reactive to proactive, individualized care.
Support of PH and population-level research: To provide anonymized, aggregated GD supporting research in genomics, genetic epidemiology, and population genetics. Population-level GD allows identification of genetic risk factors prevalent in specific communities, enabling targeted preventive interventions. In the Israeli context — with its distinct population groups (Ashkenazi Jewish, Druze, Bedouin, and others) and elevated carrier frequencies of specific recessive disorders — this capability is of particular epidemiological relevance. The system supports studies linking genetic variants to disease outcomes at the population level, with direct implications for pharmacogenomics, preventive medicine, and health policy.
Data security and trust: To create a secure digital environment assuring GD privacy and integrity. InDiGenous implements encryption, multi-factor authentication, and detailed access logging for all GD interactions. Compliance with international data protection frameworks — including the European General Data Protection Regulation (GDPR) and the American Health Insurance Portability and Accountability Act (HIPAA) — as well as Israeli national privacy legislation, is built into the system architecture rather than treated as an afterthought.
Fostering collaboration between clinical and research communities: To facilitate structured, governed data sharing between healthcare providers, researchers, and institutional users. InDiGenous is designed to integrate with EHRs, national ID infrastructure, and research DBs — enabling clinicians and researchers to work from a unified, authoritative GD source. Anonymized datasets are available for clinical trials, epidemiological studies, and PH investigations under defined access conditions.
III. Current state analysis
Existing gaps in GD utilization
Despite the established clinical value of GD, its integration within EHR systems remains limited. GD are typically stored in isolated laboratory DBs lacking interoperability with other medical information systems. This fragmentation prevents clinicians from accessing GD in real time during consultations — precisely when it is most needed.
The absence of standardized data-sharing protocols compounds the problem. Without uniform exchange standards — such as HL7 FHIR (Fast Healthcare Interoperability Resources) or GA4GH (Global Alliance for Genomics and Health) frameworks — institutions cannot reliably communicate genomic findings across systems, leading to redundant testing, delays, and inconsistent care.
Privacy concerns and ethical barriers
GD is inherently different from other medical data. It is heritable (implicating biological relatives who have not consented to its collection) and permanent (unlike a password or an account number, a genome cannot be changed if compromised). These properties place GD in a distinct risk category that existing general-purpose privacy frameworks were not designed to address.
Current GD repositories rarely meet the standards required for this sensitivity: encryption at rest and in transit, consent-driven access controls, audit trails, and regulatory compliance. The result is justified patient reluctance to share GD, which in turn constrains both clinical use and research availability.
Underutilization of GD in PH research
Population-level GD is essential for identifying community-specific genetic risk factors, designing targeted screening programs, and advancing genetic epidemiology. Yet PH research systems generally lack access to it. The barrier is structural: no mechanism exists to aggregate and anonymize GD at scale while preserving individual privacy and maintaining research utility.
This gap is particularly consequential in Israel, where distinct population groups carry elevated frequencies of specific genetic variants — information that is epidemiologically actionable but currently inaccessible in aggregated form.
Current information systems and their limitations
Existing partial solutions each address one dimension of the problem while leaving the others unresolved:
Standalone genomic DBs (e.g., ClinVar, gnomAD): Specialized repositories for variant data, but without linkage to individual EHRs or clinical outcomes. Useful for research reference but not for point-of-care decision support.
EHR systems with limited GD modules: Some modern EHRs incorporate basic pharmacogenomic alerts or discrete variant fields, but comprehensive genomic integration — covering the full range of genomic results — remains rare. Consent and access management for GD are typically absent.
National biometric registries: Israeli biometric DB (operational since 2013) demonstrates that national-scale sensitive biometric data collection is technically and legally feasible. However, it is not linked to health data and has no genomic component.
PH surveillance systems: Focused on epidemiological and demographic data; GD is not included. The Israel Precision Medicine Partnership (IPMP), launched in 2019 with a mandate to sequence 100,000 Israeli genomes, represents the most direct precursor to InDiGenous — but it remains a research initiative without a clinical integration or patient-access layer.
The gap InDiGenous addresses is therefore not the absence of GD generation — that capacity exists — but the absence of a governed, integrated, patient-controlled infrastructure for its storage, access, and use across clinical, research, and extended application domains.
IV. Description of the project
Overview
InDiGenous is a centralized, secure digital repository for individual genomic profiles — a personalized genomic ID system anchored to the national health/security infrastructure. Its architecture is built around three principles:
patient sovereignty over GD
governed interoperability with existing clinical and research systems
extensibility to non-clinical application domains
The system is not a genomic sequencing platform. It does not generate GD — it receives, stores, governs access to, and distributes GD produced by accredited clinical and research laboratories. Its role is infrastructural: to be the authoritative, persistent, patient-linked repository that GD currently lack.
Core functionality
- Centralized storage and secure access:
InDiGenous consolidates genomic profiles alongside relevant clinical metadata in a structured, queryable DB. Supported data types include raw sequence data, interpreted variant reports, pharmacogenomic profiles, carrier status, hereditary disease risk assessments, and longitudinal updates as new variants are characterized.
Access is patient-controlled. Through the InDiGenous graphic user interface (GUI) an individual (“patient”) grants or restricts access to specific data elements for specific recipients — clinicians, researchers, family members, or institutional users — with permissions revocable at any time. Every access event is logged in a tamper-evident audit trail visible to the patient.
Security architecture includes AES-256 encryption at rest and in transit, multi-factor authentication for all user tiers, role-based access control (RBAC), and periodic third-party security audits.
- Cross-platform availability:
- InDiGenous is accessible via web, mobile, and desktop GUIs — designed for both technically proficient users and those with limited digital literacy. The patient-facing interface prioritizes clarity: consent decisions are presented in plain language, access logs are human-readable, and genomic findings are accompanied by lay summaries where clinically appropriate.
Integration and data flow
The Figure 1 illustrates the core information flow within InDiGenous: how GD enter the system, how they are stored and governed, and how they reach authorized end users across clinical, research, and extended application domains.
- EHR integration:
InDiGenous communicates with existing EHR systems via HL7 FHIR APIs, enabling clinicians to retrieve relevant GD directly within their clinical workflow — without logging into a separate system. A pharmacogenomic alert layer flags drug-gene interactions at the point of prescribing, consistent with CPIC (Clinical Pharmacogenomics Implementation Consortium) guidelines.
- National health system linkage:
Patient identity within InDiGenous is anchored to the Israeli national ID number, enabling linkage with HMO records (Clalit, Maccabi, Meuhedet, Leumit), the Ministry of Interior, and — under defined legal conditions — national security infrastructure. This linkage eliminates the identity verification burden that currently impedes cross-institutional data sharing.
- PH research integration:
A dedicated research module provides PH researchers with access to anonymized aggregated GD under a data access agreement framework modeled on GA4GH standards. Individual-level data is never exposed; researchers interact with de-identified datasets or summary statistics generated server-side.
GUI and access control
The Figure 2 shows the tiered access architecture of InDiGenous, from the patient at the center to institutional users at the periphery.
- Patient-centric design:
The patient GUI presents GD access decisions in plain language. Consent is granular: e.g., a patient may authorize her/his treating oncologist to view tumor-relevant somatic variants while withholding pharmacogenomic data from the same clinician, or grant a researcher access to anonymized carrier status while blocking all clinical access. Notifications are issued for every access event.
- Clinical provider GUI:
Clinicians access a condition-relevant GD dashboard integrated within the EHR. Pharmacogenomic flags, hereditary risk alerts, and variant summaries are displayed contextually — presented at the moment of clinical relevance rather than requiring active retrieval.
- Research and institutional access:
Researchers receive access to anonymized datasets exportable in standard formats (VCF, FHIR Genomics, CSV). Institutional users in forensic or security domains access the system under a separate legal authorization pathway, with independent audit logging and mandatory judicial or ministerial oversight.
Comparison with existing systems
| Feature | Standalone genomic DBs | EHR genomic modules | InDiGenous |
|---|---|---|---|
| Patient access and control | None | Limited | Full |
| EHR integration | None | Partial | Complete (FHIR) |
| Cross-institutional portability | None | Rare | By design |
| PH research access | Reference only | None | Governed aggregate |
| Extended use domains | None | None | Forensic, security, reproductive |
| National ID linkage | None | None | Core feature |
| Consent architecture | None | Basic | Granular, audited |
V. Stakeholders and users
The success of InDiGenous depends on engaging a clearly defined set of stakeholders, each with distinct roles, access levels, and interests. The Table 1 summarizes the stakeholder ecosystem before each group is described in detail.
| Stakeholder group | Primary role | Primary benefit |
|---|---|---|
| Patients | GD owners and consent controllers | Autonomy, personalized care, reproductive counseling |
| Healthcare providers | Clinical GD consumers at point of care | Precision treatment, pharmacogenomic safety, continuity of care |
| PH researchers | Anonymized aggregate GD consumers | Population genetic epidemiology, PH policy development |
| IT developers / system administrators | System builders, maintainers, security enforcers | Technically robust, compliant, trusted platform |
| State regulatory bodies | Legal oversight, compliance monitoring | Governed national GD infrastructure |
| Research institutions and universities | Research access, academic training | High-quality anonymized GD for studies and teaching |
| Forensic and security agencies | Legally authorized extended-use access | Forensic identification, personnel ID, mass casualty response |
1. Patients
Patients will be the central stakeholders — they will own their GD and control all access to them. This is not merely a design preference but a legal and ethical requirement, for GD are personal property with multigenerational implications.
GD control and privacy: Patients will grant, restrict, and revoke access at any time, with full visibility of who has accessed their GD and when.
Personalized healthcare: GD integrated into the EHR will enable clinicians to deliver precision diagnostics and treatment without the patient needing to manage GD transfer between institutions.
Reproductive and family counseling: For patients with hereditary conditions or carrier status, InDiGenous will provide a structured basis for informed reproductive decision-making within existing genetic counseling frameworks.
2. Healthcare providers
Clinicians will access patient GD within their existing EHR workflow — no separate login, no manual retrieval. The system will surface relevant genomic findings contextually: pharmacogenomic alerts at the point of prescribing, hereditary risk flags during preventive consultations, tumor variant summaries in oncology.
Precision treatment: Drug selection and dosing informed by pharmacogenomic profile, reducing adverse reactions.
Continuity of care: GD will be accessible across institutions, eliminating redundant testing when patients transfer.
Clinical decision support: Variant interpretation linked to current guidelines (CPIC, ACMG).
3. PH researchers
PH researchers will access anonymized, aggregated GD under a governed data access framework. Individual-level data will be never exposed. Researchers will interact with de-identified datasets or server-side summary statistics.
Genetic epidemiology: Population-level GD will enable identification of community-specific risk factors — of particular relevance in Israeli population subgroups.
Policy development: Evidence base for targeted screening programs and preventive interventions.
Ethical compliance: GA4GH-aligned data access agreements will ensure that research use remains within consented boundaries.
4. IT developers and system administrators
This group will build and maintain the platform — ensuring security, reliability, and regulatory compliance. They will have system-level access only; no GD content wiil be accessible to them.
Security architecture: Encryption, access logging, penetration testing, incident response.
System reliability: Uptime, performance, cross-platform consistency.
Compliance: Ongoing alignment with GDPR, HIPAA, Israeli Privacy Protection Law, and evolving GD governance standards.
5. State regulatory bodies
The Ministry of Health, the Privacy Protection Authority, and relevant oversight bodies will define the legal framework within which InDiGenous operates — approving data access policies, auditing compliance, and updating governance as the regulatory landscape evolves.
Data protection: Ensuring national and international privacy standards are met.
PH planning: Leveraging aggregated GD insights for national health strategy.
Quality control: Independent audit of data management practices.
6. Research institutions and universities
Academic institutions will access anonymized GD for studies in genomics, genetic epidemiology, personalized medicine, etc. InDiGenous will also serve as a teaching resource — exposing students to real-world GD infrastructure within an ethical, governed framework.
7. Forensic and security agencies
This stakeholder group is absent from conventional genomic ID proposals but is directly relevant in the Israeli context. The National Forensic Institute (Abu Kabir), Israeli Police, IDF Medical Corps, and relevant security services will be able to access InDiGenous under a separate legal authorization pathway — distinct from the clinical and research tiers — with mandatory judicial or ministerial oversight and independent audit logging.
Forensic identification: Identification in mass casualty events and criminal investigations.
Personnel ID: Identity verification for military and security personnel in field conditions.
Access in this tier will never be self-authorized by the patient consent engine alone — it will require external legal authorization, logged separately, and subject to independent oversight.
VI. Success metrics
The effectiveness of InDiGenous will be evaluated across six domains. For each, the metric, its rationale, and its measurement method are defined (Table 2).
| Domain | Metric | Target |
|---|---|---|
| User adoption and engagement | Number of active patients, providers, and researchers registered | Steady growth; high retention rates across all user tiers |
| Data security and privacy compliance | Number of data breaches, unauthorized access attempts; regulatory compliance rate | Zero breaches; full compliance with GDPR, HIPAA, and Israeli Privacy Protection Law |
| Research impact and utilization | Number of studies and publications using InDiGenous data; dataset access requests | Increasing citation and dataset access over time |
| Patient outcomes and clinical improvements | Reduction in adverse drug reactions; improvement in treatment efficacy indicators | Measurable reduction in preventable adverse events linked to pharmacogenomics |
| Reproductive and family planning use | Usage rate of GD for reproductive counseling; satisfaction with genetic counseling | High satisfaction scores; increasing uptake in genetic counseling workflows |
| PH contributions | Number of PH studies using aggregated GD; policies informed by InDiGenous data | Demonstrable policy impact at Ministry of Health level |
1. User adoption and engagement
High InDiGenous adoption rates will reflect trust in the system and satisfaction with its functionality. Patient adoption will indicate acceptance of the genomic ID concept; provider engagement will demonstrate clinical utility; researcher uptake will confirm the value of the governed data access framework. User registration logs, activity monitoring, and periodic satisfaction surveys will provide the measurement basis.
2. Data security and privacy compliance
Zero or near-zero security incidents are the baseline expectation, not an aspirational target — given the sensitivity of GD. Regular independent security audits, real-time access log monitoring, and formal compliance assessments against GDPR, HIPAA, and Israeli Privacy Protection Law will provide ongoing verification.
3. Research impact and utilization
Growing research InDiGenous utilization will demonstrates the system’s contribution to genomic and epidemiological science. Dataset request logs, publication tracking, and institutional partnership records will provide measurable evidence of research impact.
4. Patient outcomes and clinical improvements
These metrics will require linkage between InDiGenous access events and clinical outcome data — a function that the EHR integration layer makes technically feasible. Healthcare providers will report on treatment success rates and adverse event frequencies in GD-informed versus non-informed care episodes.
5. Reproductive and family planning use
This metric is particularly relevant in the Israeli context, where carrier screening for founder-population-specific recessive disorders is culturally and clinically established. Patient surveys and genetic counseling service records will provide the measurement basis.
6. PH contributions
PH agencies will track dataset use in epidemiological studies, health campaigns, and policy documents. The ultimate indicator is demonstrable policy impact — screening program design, population health intervention targeting, or national health strategy informed by InDiGenous-derived evidence.
VII. Legal and ethical framework
GD occupy a unique position in privacy law. Unlike most personal data, GD are:
Simultaneously individual and familial — a person’s genome implicates biological relatives who have never consented to GD collection.
Permanent — a compromised genome, unlike a compromised password, cannot be changed.
Predictive — they reveal future health probabilities that carry implications for insurance, employment, and personal relationships.
These properties demand a legal and ethical framework specifically designed for GD, not merely an extension of general personal data protection.
Applicable legal frameworks
InDiGenous will operate at the intersection of three regulatory domains:
- International frameworks:
GDPR (EU General Data Protection Regulation, 2016): Classifies GD as a special category requiring explicit consent, data minimization, and the right to erasure. While Israeli law is not directly subject to GDPR, alignment with it is strategically important for international research collaboration and data sharing.
HIPAA (US Health Insurance Portability and Accountability Act, 1996): Establishes standards for protected health information, including GD, in the US context. Relevant for collaborations with American research institutions and for benchmarking security standards.
GA4GH (Global Alliance for Genomics and Health) Framework for Responsible Sharing of Genomic and Health-Related Data: The de facto international standard for governed GD sharing in research contexts. InDiGenous will adopt GA4GH principles for its research access tier.
- Israeli national framework:
Privacy Protection Law (1981) and Privacy Protection Regulations (Information Security, 2017): Israel’s primary personal data protection legislation. Establishes data subject rights, controller obligations, and security requirements. Predates the genomic era and does not address heritable data specifically — a legislative gap that InDiGenous must navigate through internal governance until dedicated genomic privacy legislation is enacted.
Patient Rights Law (1996): Establishes informed consent as the basis for all medical data use. The consent architecture of InDiGenous is built on this foundation.
National Biometric Database Law (2009, amended 2017): Establishes the legal precedent for national-scale sensitive biometric data collection and governance in Israel — the closest existing model for the InDiGenous national ID layer.
Genetic Information Law (2000): Prohibits genetic discrimination in employment and insurance and regulates genetic testing consent. Directly applicable to InDiGenous and its clinical use tier.
Consent architecture
The consent model of InDiGenous is:
Dynamic: Consent can be granted, modified, or revoked at any time. Revocation will trigger immediate access suspension and — where technically feasible — deletion of previously shared data copies.
Granular: Consent will be given for specific data elements, specific recipients, and specific purposes — not as a single blanket authorization.
Audited: Every consent decision and every access event will be logged in a tamper-evident audit trail accessible to the patient.
The Figure 3 illustrates the consent lifecycle within InDiGenous.
Surveillance risk mitigation
The inclusion of forensic and national security access tiers in InDiGenous raises legitimate concerns about the potential for genomic surveillance — the use of a health data system as an instrument of population monitoring or targeted identification beyond its stated purpose.
These concerns are addressed through structural separation rather than policy alone:
Separate legal authorization pathway: Forensic and security tier access will require external judicial or ministerial authorization, independent of the patient consent engine. The system cannot be self-authorized by any internal user for extended-use access.
Independent audit logging: Extended-use access events will be logged in a separate audit system, monitored by an independent oversight body rather than the system operator.
Purpose limitation: Access requests must specify the legal basis, the specific data elements requested, and the authorized purpose. Bulk or speculative access will be technically prevented by the access control architecture.
Parliamentary oversight: The legal framework governing extended-use access will be subject to Knesset oversight, ensuring democratic accountability for the security tier.
These safeguards reflect a core design principle: InDiGenous is a health data system with governed extended-use capabilities — not a surveillance system with a health data layer. The distinction is architectural, not merely rhetorical.
The legislative gap
Israel currently lacks dedicated GD governance legislation. The InDiGenous proposal implicitly calls for its enactment — a law that addresses heritable data sensitivity, multigenerational consent implications, the right to genomic non-disclosure, and the specific governance requirements of a national genomic ID system. Until such legislation exists, InDiGenous will operate under the existing Privacy Protection Law framework, supplemented by internal governance policies aligned with GDPR and GA4GH standards.
Engagement with the Ministry of Justice, the Ministry of Health, and the Privacy Protection Authority in the development of that legislation is a prerequisite for InDiGenous implementation at national scale.
VIII. Implementation roadmap
InDiGenous is not conceived as a single deployment but as a phased national infrastructure project. Each phase builds on the previous, expanding scope while managing technical, legal, and adoption risks incrementally.
The Figure 4 and Table 3 present the three-phase roadmap as a sequential process with defined milestones.
| Phase 1: Foundation (Years 1–2) | Phase 2: Integration (Years 3–5) | Phase 3: Expansion (Years 6–10) | |
|---|---|---|---|
| Technical | Core repository; consent interface (HE/AR/EN); pharmacogenomic alert module at Carmel MC pilot; HL7 FHIR / VCF / GA4GH DRS alignment. | FHIR API integration with all four HMOs; pharmacogenomic alerts active across HMO workflows; PH research module operational; cross-institutional GD portability. | National ID linkage via Ministry of Interior registry; forensic and security tier under judicial authorization; international research access (GA4GH Passport); 50-year archiving infrastructure. |
| Legal and governance | Engagement with Ministry of Justice and Privacy Protection Authority; internal governance policy (GDPR / GA4GH aligned); ethics committee approval; data access agreement templates. | Dedicated GD governance law enacted or in advanced legislative process; data access agreements with ≥ 3 academic institutions; independent security audit published. | GD governance law fully operational; parliamentary oversight of extended-use tier; bilateral agreements with international genomic consortia. |
| Success criteria | Pilot repository operational; zero security incidents; legislative engagement formally initiated. | Active users across all HMOs; ≥ 1 published PH study using InDiGenous data; measurable reduction in pharmacogenomic adverse events. | National HMO and hospital coverage; forensic tier operational with documented legal framework; GA4GH-compliant national GD infrastructure recognized. |
Foundation (years 1–2): The first phase will establish the technical and legal core of InDiGenous at pilot scale, without national deployment.
Integration (years 3–5): The second phase will scale InDiGenous from pilot to regional deployment, with full EHR integration and activation of the PH research module.
Expansion (years 6–10): The third phase will achieve national scale and activate the extended-use tiers — national ID linkage, forensic and security access, and international research collaboration.
The phased approach serves double purpose beyond risk management: it generates evidence at each stage that justifies the next and builds the institutional trust — among patients, clinicians, researchers, and regulators — that a national genomic ID system requires before it can function at scale.
References
Legal and regulatory frameworks
General Data Protection Regulation (GDPR). (2016). European Union. https://gdpr.eu
Health Insurance Portability and Accountability Act (HIPAA). (1996). U.S. Department of Health and Human Services. https://www.hhs.gov/hipaa
Privacy Protection Law. (1981). State of Israel.
Privacy Protection Regulations (Information Security). (2017). State of Israel.
Patient Rights Law. (1996). State of Israel.
Genetic Information Law. (2000). State of Israel.
National Biometric Database Law. (2009, amended 2017). State of Israel.
Technical standards
HL7 International. (2023). HL7 FHIR Release 5. https://hl7.org/fhir
GA4GH Framework for Responsible Sharing of Genomic and Health-Related Data. (2021). Global Alliance for Genomics and Health. https://www.ga4gh.org
CPIC Guidelines. (2023). Clinical Pharmacogenomics Implementation Consortium. https://cpicpgx.org
ACMG Variant Classification Standards. (2023). American College of Medical Genetics and Genomics. https://www.acmg.net
Appendices
Appendix A: Patient access control guide
A step-by-step reference for patients managing GD permissions within InDiGenous (Table 4).
| Step | Action | Description |
|---|---|---|
| 1 | Open the consent control panel | Log into the InDiGenous patient portal (web or mobile) and navigate to the Consent Control Panel. |
| 2 | Select data elements to share | Select specific GD elements to share: e.g., pharmacogenomic profile, carrier status, hereditary risk variants, full genomic sequence. Elements not selected remain inaccessible to all parties. |
| 3 | Choose recipients | Designate recipients by category (treating clinician, researcher, family member, institution) and specify the permitted purpose and duration of access. |
| 4 | Review permissions | Review the access settings for each recipient. Confirm they reflect your intentions before saving. A plain-language summary is displayed for each permission granted. |
| 5 | Confirm and save | Confirm and save the permission set. A notification is issued confirming the update. All future access events by designated recipients are logged and visible in your audit trail. |
Appendix B: Applicable data protection standards: Comparative summary (Table 5)
| Framework | Jurisdiction | Relevance to InDiGenous |
|---|---|---|
| GDPR | European Union | Classifies GD as special category; explicit consent required; right to erasure; data minimization principle |
| HIPAA | United States | Governs protected health information including GD; security rule sets baseline encryption and access standards |
| Israeli Privacy Protection Law | Israel | Primary Israeli personal data law; predates genomic era; supplemented by InDiGenous internal governance policy |
| GA4GH Framework | International | De facto standard for governed GD sharing in research; adopted for InDiGenous research and international access tiers |
| Genetic Information Law (Israel) | Israel | Prohibits genetic discrimination; regulates consent for genetic testing; directly applicable to clinical and reproductive counseling tiers |