Table 1 Policies for human genetic resources management in High-Income and Middle-Low-Income countries
Country | Policy Name | Issuing Authority | Year | Key Provisions |
|---|---|---|---|---|
USA | Health Insurance Portability and Accountability Act (HIPAA) | U.S. Congress | 1996 | Establishes national standards to protect individuals’ medical records and personal health information (PHI), including genetic data. Requires healthcare providers, health plans, and healthcare clearinghouses to implement administrative, physical, and technical safeguards for PHI. |
USA | Genetic Information Nondiscrimination Act (GINA) | U.S. Congress | 2008 | Prohibits genetic discrimination in health insurance and employment. Prevents health insurers from using genetic information to determine eligibility, coverage, or premium rates. Bars employers from requesting, requiring, or using genetic information for hiring, firing, job placement, or promotions. |
USA | American Data Privacy and Protection Act (ADPPA) | U.S. Congress (Proposed) | Pending | Establishes a unified national framework for personal data protection, including sensitive information such as genetic data. Introduces comprehensive requirements for data security, transparency, and individual rights over their data. |
USA | NIH Genomic Data Sharing Policy | National Institutes of Health (NIH) | 2014 | Requires NIH-funded researchers to comply with genomic data sharing (GDS) standards to promote broad data access for biomedical research. Mandates the submission of large-scale human genomic data to controlled-access repositories such as the NIH database of Genotypes and Phenotypes (dbGaP). Ensures that researchers obtain explicit consent from participants for data sharing and follow data access policies to balance privacy and open science. |
USA | Federal Policy for the Protection of Human Subjects (“Common Rule”) | U.S. Department of Health and Human Services (HHS) | 2017 | Establishes ethical principles and regulatory requirements for human subject research, including genomic and biomedical studies. Mandates informed consent from participants, specifying how their genetic data will be used and whether it will be shared. |
USA | Certificates of Confidentiality | National Institutes of Health (NIH) | 2017 | Grants legal protections to researchers and participants in genetic and biomedical research, preventing compelled disclosure of identifiable data. Shields research data from being subpoenaed by law enforcement, courts, or other government entities. |
UK | Human Tissue Act 2004 (HTA 2004) | Human Tissue Authority (HTA) | 2004 | Regulates the storage and use of human tissues, including DNA and genetic material. Requires licensing for the collection, storage, and use of human biological samples. Ensures informed consent for the use of human genetic materials in research. |
UK | UK Biobank Ethics and Governance Framework | UK Biobank | 2006 | Provides a governance model for UK Biobank genetic research, ensuring long-term data security, participant consent, and controlled data access. |
UK | Research Governance Framework for Health and Social Care | UK Department of Health and Social Care | 2017 | Establishes governance principles for health and social care research, including genetic research. Ensures research integrity, ethical compliance, and patient/participant safety in NHS-funded research. |
UK | Data Protection Act 2018 (DPA 2018) | UK Parliament | 2018 | Implements UK GDPR and provides additional data protection measures for specific contexts, including scientific research. Regulates personal data processing and outlines individual rights regarding genetic and health data. |
UK | UK General Data Protection Regulation (UK GDPR) | UK Government | 2021 | Establishes rules on the collection, processing, and storage of personal data, including genetic data, to ensure privacy and security. Defines genetic data as “special category data,” requiring additional safeguards for its processing. Retains key principles of the EU GDPR but with UK-specific modifications. |
UK | Medical Research Council (MRC) data sharing policy | Medical Research Council (MRC) | Ongoing (latest version active) | Requires MRC-funded researchers to make data available for reuse, ensuring transparency, reproducibility, and maximizing public benefit from research investments. |
Japan | Act on the Protection of Personal Information (APPI) | Japanese Government | 2003 (Revised 2017, 2020) | Protects personal data, including genetic information, establishing legal frameworks for data collection, storage, and sharing. The 2020 revision strengthens cross-border data transfer regulations, requiring data exports to meet adequacy standards. |
Japan | Ethical Guidelines for Human Genome and Gene Analysis Research | MEXT, MHLW, METI | 2001 (Revised 2017, 2021) | Establishes ethical requirements for genomic research, ensuring privacy protection, informed consent, and data security. Requires research institutions to obtain Ethics Review Committee (ERC) approval before conducting human genetic studies. |
Japan | Ethical Guidelines for Medical and Health Research Involving Human Subjects | MEXT, MHLW, METI | 2014 (Revised 2017) | Governs precision medicine and personalized healthcare research, mandating ERC approval, informed consent, and data security compliance for human genetic research. |
China | Biosecurity Law of the People’s Republic of China | National People’s Congress (NPC) | 2020 | Establishes national security measures for biosafety, including regulation of biotechnology research, prevention of biological threats, and management of genetic resources. |
China | Data Security Law | National People’s Congress (NPC) | 2021 | Defines how data, including genomic and health data, should be collected, stored, processed, and transferred, ensuring national security and individual privacy. |
China | Personal Information Protection Law | National People’s Congress (NPC) | 2021 | Regulates the collection, processing, and storage of personal data, ensuring individual privacy and preventing data misuse. |
China | Regulations on Management of Human Genetic Resources | Ministry of Science and Technology (MOST), State Council | 2019 | Governs the collection, preservation, utilization, and sharing of human genetic resources, ensuring ethical compliance and national security. |
China | Implementation Rules for the Regulations on the Management of Human Genetic Resources | Ministry of Science and Technology (MOST) | 2023 | Provides detailed procedures for applying for approval to use human genetic resources, ensuring ethical and legal compliance in research and commercial applications. |
India | Biological Diversity Act, 2002 | National Biodiversity Authority (NBA), Government of India | 2002 | Regulates access to biological resources and associated traditional knowledge; aligns with the Nagoya Protocol to ensure fair benefit-sharing. |
India | Biological Data Storage, Access and Sharing Policy of India | Department of Biotechnology (DBT), Indian Biological Data Centre (IBDC) | Latest version 2023 | Provides guidelines for the ethical collection, storage, and sharing of biological and genomic data; ensures compliance with privacy laws. |
India | Centre for Cellular and Molecular Biology (CCMB) | Council of Scientific and Industrial Research (CSIR), India | Ongoing | Establishes ethical and governance guidelines for cellular and molecular biology research; promotes genomic studies and personalized medicine. |
India | Digital Personal Data Protection (DPDP) Act | Government of India | 2023 | Establishes a legal framework for the protection of digital personal data, including genetic data. Sets provisions for informed consent, data processing, data subject rights, cross-border data transfers, and data fiduciary responsibilities. |
Kenya | Data Protection Act 2019 | Government of Kenya | 2019 | Establishes regulations for the collection, processing, and storage of personal data; includes special provisions for sensitive personal data such as genetic information. |
Kenya | National Biodiversity Action Plan (NBAP) | Ministry of Environment and Forestry, Kenya | 2019 (latest version) | Provides strategies for protecting biodiversity, including genetic resources; aligns with the Nagoya Protocol to ensure fair access and benefit-sharing of genetic materials. |
Kenya | Data Protection (General) Regulations 2021 | Office of the Data Protection Commissioner, Kenya | 2021 | Specifies how personal and sensitive data, including health and genetic data, should be handled, ensuring data subjects’ rights to access, correction, and deletion. |
Kenya | KEMRI-Wellcome Trust Research Programme (KWTRP) | Kenya Medical Research Institute (KEMRI), Wellcome Trust, University of Oxford | Ongoing | Establishes ethical guidelines for conducting genomic and biomedical research; ensures compliance with local and international regulations. |