NLM and Public Policy

Policy—and its cousin, legislation—make the world go ‘round. They lay out a course of action, guide decisions, and set the parameters for future choices. While policies and legislation are being crafted, it’s a tug of war between details and context, minutiae and meaning, big picture and nuance, with that push and pull yielding documents that govern actions for years, often for decades if not longer.

So much of what we do here at NLM originates in and builds upon policy and legislation. As an agency of the Federal Government, NLM’s authorities are prescribed by law. The National Library of Medicine Act of 1956 defined not only our name but also our mission, key functions, and the size and composition of our Board of Regents. Over the following 40 years, additional legislation created structures and responsibilities within NLM, including the Lister Hill National Center for Biomedical Communications, the National Center for Biotechnology Information, and the National Information Center on Health Services Research and Health Care Technology. A 1965 law authorized NLM to issue grants, leading to the development of NLM’s extramural programs and the National Network of Libraries of Medicine, while legislation in 1997 and 2007 laid the foundation for the ClinicalTrials.gov registry and expanded it to include results reporting.

Policy and legislation also shape the way NLM implements its programs and services. Copyright law, for example, governs the ways we disseminate journal information via PubMed, interlibrary loan, and our on-site services. The NIH Public Access Policy, which implements a part of the Omnibus Appropriations Act of 2009, helps populate NLM’s PubMed Central archive of full-text biomedical literature by requiring the deposit of articles resulting from NIH-funded research. Regulations issued by the Office of the National Coordinator for Health Information Technology within the Department of Health and Human Services (HHS) mandate the use of NLM-supported terminologies – SNOMED, LOINC, and RxNorm—in certified electronic health records.

Because of the interplay between policy, legislation, and NLM programs and services, NLM is often called upon to provide advice to Congress and the Executive branch. We commission important national studies of policy issues, such as the potential health uses of high-performance computing and strategies to forecast and manage the rising costs of data sustainability. We participate in trans-NIH and interagency working groups and committees, national round tables, and international organizations that focus on scientific communication and trans-national data management. We also communicate with stakeholder groups with similar missions and interests, such as the Medical Library Association, the Association of Academic Health Sciences Libraries, and the American Medical Informatics Association.

Given the numerous policy issues that touch NLM, we must engage judiciously, focusing on issues with high importance to NLM and the opportunity to make a difference. Because of the broad range of NLM services, we can often bring a unique, data-driven perspective that informs policy debates and helps resolve bottlenecks. Among the policy issues most relevant to NLM are those addressing:

  • Open Science, Open Data, Public Access, Data Science, Data Management and Data Sharing
  • Copyright and Licensing
  • Data Privacy and Protections
  • Federal Websites, Information Technology, Health Information Technology
  • Net Neutrality, Internet, and Artificial Intelligence
  • Clinical Trials, Genomics, Biomedical Science, and Research
  • Federal Government Operations

NLM has a core policy team with senior level experience in policy development and implementation. The team works closely with staff from every office and division within the Library, a collaboration critical to moving NLM’s mission forward and ensuring its views are represented in relevant policy efforts.

Currently, NLM’s policy team is helping NIH form and implement significant science policies. These include policies regarding data management and data sharing, such as the NIH Genomic Data Sharing Policy, and others related to clinical trials, such as the HHS Final Rule on Clinical Trials Registration and Results Information Submission and the NIH Policy on Dissemination of NIH-Funded Clinical Trial Information. The policy team also provides policy expertise in many NLM and NIH-wide initiatives, such as the NLM Strategic Plan 2017-2027, the NIH Strategic Plan for Data Science, and other open science and data science-related activities.

It’s essential work, crucial to our future, but too often overlooked in the day-to-day—which is why we focused our latest staff Town Hall on it and why I highlighted the policy team’s work here. Their efforts in the public policy arena help NLM fulfill its mission to translate biomedical research into practice and lay the foundation for the data-driven discovery that will shape our future. In other words, they make our world go ‘round. I wouldn’t have it any other way.


headshots left to right of co-authors Jerry Sheehan, Dina Paltoo, Rebecca Goodwin, and Patricia Flatley Brennan

Co-authors (left to right):

  • Jerry Sheehan, NLM Deputy Director
  • Dina Paltoo, PhD, MPH, NLM Assistant Director for Policy Development
  • Rebecca Goodwin, JD, Policy Analyst & Open Science Specialist, Office of Strategic Initiatives
  • Patricia Flatley Brennan, RN, PhD, NLM Director
Photo credit (US Capitol, top): Architect of the Capitol [Flickr, US Government Work]

An Introduction to Authority-based Security

A guest post by Kurt W. Rodarmer, a software security architect in NLM’s National Center for Biotechnology Information.

NLM is working to unleash the potential of data and information to accelerate and transform biomedical discovery. Foundational to that goal lie the data themselves. We assess their value, collect and curate them, and then make them accessible.

But access has its risks. Big risks. Especially when it comes to personal medical data or hard-earned, grant-funded proprietary data. We need to find a way to deliver access while simultaneously controlling and protecting the data.

That’s where security comes in.

We’re all familiar with “identity-based security,” evolution’s primitive mechanism that predates our species. It starts by using our eyes, ears, and nose to identify someone or something and ends with an immediate risk-assessment. Not surprisingly, this mechanism was modeled in modern cybersecurity and is virtually ubiquitous across consumer and industrial-grade systems.

For all their efforts though, these systems sure seem to fail—a lot. Common wisdom suggests breaches are inevitable, but that’s not entirely true. There are other approaches.

Authority-based security is one. With that, authority, permissions, and trust are explicitly modeled, and policy decisions are made up front. We create objects that embody these ethereal concepts and make them tangible. These objects can then be stored, transmitted, accessed, sub-divided, transferred, etc. The discipline of modeling and managing authority is called Authority Management.

Identity- and authority-based approaches achieve several common goals. They each have strengths and weaknesses. Where they differ, the stronger, more effective, and more elegant of the two is nearly always authority-based.

Both approaches grant permissions based upon security policy. Authority-based security captures the result of policy evaluation as permissions in unforgeable and unmodifiable tokens. Since these tokens come from a known source of authority and are tamper-evident, the permissions they contain require no further scrutiny. They are as trustworthy as the authority that issued them. A permission token typically contains only a small subset of the overall permissions available to an individual, ideally never more than are needed within the current dynamic context.

By contrast, identity-based techniques make permission decisions based upon global attributes or provide crude static mechanisms. In most cases, they reflect zero context sensitivity. That means, for example, that if I run a program on a stock Linux system, that program executes using 100% of my permissions, even though it may need only read access to one file and write access to one directory. For all I know the program could be surreptitiously stealing my most sensitive data in the background, and I’d have no awareness or protection against it. Without my permission? That’s the point—I just gave it ALL my permissions!

In an authority-managed system, I would have given that same program permissions to access only the file and directory needed, leaving it powerless to read other sensitive files, much less phone home and exfiltrate them.

So, if identity-based security is so far behind the curve, what accounts for its continued use? It has one highly prized strength: its ability to revoke permissions on the spot. Since permissions are granted at the moment they are going to be exercised, any permission can be immediately denied as the result of updating policy. Since this policy update is often reactive, coming about once damage has already occurred and possibly delayed by weeks or months, the value of its immediacy is questionable. Tokens have a built-in timeout making them self-revoking, and in practice perform similarly.

Here’s how it works. To do anything of substance in a system, you need permissions. You may have those permissions already stored on some device, such as your phone. Or, you may need to go through the process of identifying yourself to some part of the system that is storing permissions on your behalf, accessible once your identity has been authenticated. In either case, the first step is to get ahold of a token containing your set of pre-approved permissions.

The permission set you now hold represents the complete permissions you have within the system you have just entered, e.g., dbGaP, a grant administration system, etc. It is unlikely to represent all the permissions you have within every system you can access. Even so, it’s probably too permissive for what you have in mind. Your next step would typically be to subset your permissions to only those needed to limit the potential damage should the token fall into the wrong hands.

Sometimes you need to share your permissions, such as when a grant-funded investigator delegates most of the research documentation to lab assistants. She can take her permission tokens received with the grant, subset, and delegate them to her lab as appropriate, so everyone can work.

What else can you do with them? Literally anything that can be done in an information system! Beyond implementing the traditional security processes of Identity and Access Management (IAM, a proper subset of Authority Management), tokens are also used to protect resources in other ways. They can be used to model spending accounts and quotas, control access to consumable or metered resources, mitigate DOS attacks, provide audit trails, and eliminate the use of passwords and multiple logins.

Because tokens carry permissions whose source of authority is irrefutable, they are the mechanism for implementing the fundamental principles of security. We can bring some of their benefits to bear right now and help lay the groundwork for secure, accessible biomedical data.

headshot of Kurt RodarmerKurt Rodarmer started work on military-grade secure operating systems over 20 years ago in Silicon Valley, working with the architect of KeyKOS, Norman Hardy. He is an expert in secure software and language design and has formalized the field of Authority Management. Kurt previously worked for Apple and Oracle and was a consultant to IBM and Sun, among others.

It Takes a Village

Last Friday, the National Library of Medicine hosted a conversation with spouses and authors Dr. Steffanie Strathdee and Dr. Thomas Patterson about their book, The Perfect Predator, which details Tom’s extreme, sudden, and terrifying illness and his hard-fought return to health.

While vacationing in Egypt, Tom developed an infection in his pancreas brought on by a very rare organism, Acinetobacter baumannii, that could have quickly killed him. One of the world’s “super bugs,” Acinetobacter baumannii is antimicrobial resistant and can’t be treated by modern therapy.

Steffanie credits PubMed with giving her access to the research literature that helped her understand her husband’s problem, and most importantly, locate a promising but long-unused approach to treating such infections: bacteriophages. Bacteriophages are viruses that infect and replicate within bacteria, essentially rendering the bacteria non-infectious.

Let me say it loud and clear: NLM’s PubMed saves lives!

What a wonderful thing to know—that because of our resources, people can discover therapies that can be used to help heal even the most complex illnesses.

Bragging about our wonderful literature resources would be enough to warrant a blog post. However, that’s not the story I want to tell you today. Instead, I want to shine a light on the people across the Library who made this remarkable program possible.

First, a shout out to the Library Operations Technical Services Division and the NCBI’s PubMed and PubMed Central teams who create the collections, ensure the curation, and develop the web interface to our literature resources. Steffanie pointed out the essential role the long arc of PubMed resources played in her discovery, linking present-day users to biomedical and health sciences literature that spans over 150 years. Our PubMed team works to create an intuitive web interface that allowed a frightened but committed family member to find relevant studies, identify researchers exploring new treatments, and obtain articles that could be shared with Tom’s physician and care team.

Second, our communications staff broadly distributed announcements for the event. As a result, almost 100 people—including people from at least 10 different Institutes and three Institute and Center directors—attended the lecture despite the snowy spring morning. Our chief of visitor operations warmly greeted our guests, helping them feel welcome as they made their way to the auditorium on walkways cleared of snow by our grounds crew.

Finally, we had tremendous creative and technical support. Staff from the Lister Hill Center’s Audiovisual Programs Development Branch devised the unconventional image above showing a bacteriophage resting atop a PubMed results page, while their technical colleagues prepped the auditorium, hooked up the mics, and captured the event on video for posterity (link forthcoming).

My own gratitude for NLM staff members’ tremendous effort was echoed throughout the day by numerous positive comments from others. And while the speakers’ remarks evoked feelings of horror and sadness in the face of such a dramatic and terrifying ordeal, I also heard many express pride that PubMed played such an essential role in Steffanie’s discovery and Tom’s health. Man, oh man, am I proud, too!

On Becoming

At what point can one say, “I am a librarian”?

No, I’m not asking about myself. Instead, after reading Michelle Obama’s autobiography, Becoming, I’ve been thinking about how our lives, including our careers, unfold, and whether or not we ever truly become what we aspire to be.

So, at what point can one say, “I am a librarian”? Is it on entry to a graduate program in library science? When assuming that first professional position? As one grows in skill and sophistication or achieves some recognition for the unique expertise of the profession?

You might argue for any of these, but from where I sit, a librarian is always becoming. Curiosity and intellectual drive lead to acquiring the academic degree, but opportunities, shifting trends, and emerging technologies stimulate continuing education and life-long learning. As Mrs. Obama observed, “Becoming isn’t about arriving somewhere or achieving a certain aim…[it’s] forward motion, a means of evolving.” (p. 419)

So it is with librarians, I think. With each change, librarians are challenged to continue becoming—in new ways—the professionals responsible for selecting, acquiring, and managing important collections. In this sense, becoming calls for recognizing the opportunities and choices available and reconciling them to one’s life goals. This type of becoming might lead to acquiring new skills, abandoning old patterns, or stepping into unfamiliar territory, whether by moving across the country or into a different role.

The National Library of Medicine wants to be a part of that becoming for medical librarians, public librarians responsible for health information in a community, and academic librarians who support researchers, students, and academic clinicians. Through our National Network of Libraries of Medicine, we provide webinars and training courses to help librarians solve practical problems and prepare for a future of data-powered health, and we partner with the Medical Library Association to offer programs on access, digital rights management, and open science—all trends that promise to nudge libraries in new directions and librarians toward expanding roles.

Along the way this Library is becoming, too. As NLM prepares to enter its third century, we are tackling emerging challenges and moving in new directions. Where once hundreds of people researched here in our reading room in Bethesda, now millions of people access our electronic resources daily.  Hundreds of subject matter experts and computer scientists now complement our outstanding library science workforce. And we’re moving beyond library science and computer science to improve everyone’s facility and fluency with data science, so we can be ready for what’s coming.

So, embrace the becoming. Continue to learn, to grow, to evolve. And let’s do it together.

Working—and Walking—Together for Healthier Hearts

You’ve heard the statistics: One out of every four deaths in the United States is due to heart disease.

Heart disease remains the number one killer across most ethnic groups, including African Americans, Hispanics, and whites. (Heart disease is second only to cancer as cause of death for American Indians or Alaska Natives and Asians or Pacific Islanders.)

But have you heard these more encouraging numbers? At least 30 minutes of physical activity five days a week can help protect your heart health. And the great news is that you don’t have to do that 30 minutes of activity all at once. If you can’t find time to take a 30-minute walk, taking three 10-minute walks will get your heart going, too.

With that in mind, NLM is participating in the #OurHearts campaign this month by encouraging staff to get out and get moving. We launched our own Heart Healthy Challenge on February 8 with an outdoor walk that brought about 70 folks out into a brisk Friday morning to get the blood pumping. Dr. Gary Gibbons, Director of the National Heart, Lung, and Blood Institute, joined us and offered a few remarks, noting particularly the power of working together for heart health within our families and communities. And he’s right, of course. Research shows that having social support makes it easier to be heart healthy.

So get out there and celebrate the power and strength of acting together to be heart healthy. Walk, run, dance, cycle—move! And then let us know what you’re doing for heart health.

NLM is doing its part, but your heart depends on you!

Celebrating the Contributions of African American Scientists at NIH

The National Library of Medicine is proud once again to partner with the NIH Office of Equity, Diversity, and Inclusion to celebrate Black History Month.  This year, we’re marking the occasion by hosting a photographic display celebrating African American scientists at NIH.  The exhibition will be on display through the end of February.

I was delighted to welcome the honorees and their families and friends to the exhibition’s opening ceremony on February 4. Christopher Williams, STEM education director of the National Museum of African American History and Culture, acknowledged in his opening remarks the power of being in a room with over 200 people celebrating African American scientists. The event, he noted, “provides an opportunity for those who have been blazing the trails to connect with those who are just starting along the way.”

For Roland Owens, PhD, NIH Director of Research Workforce Development, those just starting out include black youth, hungry for role models. “The purpose of this poster project is to make it easier for everyone to see that there are black scientists doing great things for the world,” he said.

Who are those doers of great things?

Let me introduce you to the 14 black scientists from 10 different institutes and centers across NIH who continue to drive the science and our organization forward.

headshot of Marie Bernard, MDMarie Bernard, MD
Deputy Director, National Institute on Aging

 

posed photo of Darlene Dixon, DVM, PhDDarlene Dixon, DVM, PhD
Group Lead, Molecular Pathogenesis Group, National Institute of Environmental Health Sciences

 

headshot of Emmeline Edwards, PhDEmmeline Edwards, PhD
Director, Division of Extramural Research, National Center for Complementary and Integrative Health

 

headshot of Courtney Fitzhugh, MDCourtney Fitzhugh, MD
Lasker Clinical Research Scholar, National Heart, Lung, and Blood Institute

 

headshot of Shawn Gaillard, PhDShawn Gaillard, PhD
Research Training Officer, National Institute of Allergy and Infectious Diseases

 

posed photo of Gary Gibbons, MDGary Gibbons, MD
Director, National Heart, Lung, and Blood Institute

 

Carl V. Hill, PhD, MPH, speaks from behind a podiumCarl V. Hill, PhD, MPH
Director, Office of Special Populations, National Institute on Aging

 

headshot of Alfred Johnson, PhDAlfred Johnson, PhD
Deputy Director for Management, Office of the Director

 

headshot of Zayd M. Khaliq, PhDZayd M. Khaliq, PhD
Stadtman Investigator, Cellular Neurophysiology Unit, National Institute of Neurological Disorders and Stroke

 

posed photo of Worta McCaskill-Stevens, MD, MSWorta McCaskill-Stevens, MD, MS
Chief of the Community Oncology and Prevention Trials Research Group, National Cancer Institute

 

headshot of Roland Owens, PhDRoland Owens, PhD
Assistant Director, Office of Intramural Research, Office of the Director

 

headshot of Anna Ramsey-Ewing, PhDAnna Ramsey-Ewing, PhD
Director, Office of Grants Management and Scientific Review, National Center for Advancing Translational Sciences

 

posed photo of Griffin Rodgers, MD, MACPGriffin Rodgers, MD, MACP
Director, National Institute of Diabetes and Digestive and Kidney Diseases

 

posed photo of Fasil Tekola-Ayele PhDFasil Tekola Ayele PhD
Earl Stadtman Investigator, Eunice Kennedy Shriver National Institute of Child Health and Human Development

 

The exhibition honoring these scientists is currently on display in the Library’s Lister Hill Center (Bldg 38A). The panels recognize each scientist with his or her photograph, current position, and a quote about his or her career path.

I was touched and challenged by these scientists’ insights as I learned about their particular motivations, significant mentors, and notable experiences that shaped their research and their lives. I also marveled at their range of interests and accomplishments, though I couldn’t help but notice the common threads of tenacity, drive, and commitment to excellence that bound them all together.

I was also struck by the connection across generations as I toured the exhibit in the company of Gary Gibbons, MD, and Paule Joseph, RN, PhD. These two scientists represented different points on the career trajectory: Gibbons an accomplished cardiologist who has been the Director of NHLBI since 2012 (and my personal mentor since I arrived at NIH); and Joseph, a young scholar from the National Institutes of Nursing Research. As we strolled together among the panels and discussed the honorees, I felt grateful for the tremendous accomplishments of my colleagues featured in the exhibition, and I also felt excited and hopeful for the advancements yet to come from so many young, innovative researchers just starting out—and by those coming behind them, inspired by their stories. It leaves me optimistic and eager to see the bright future they will help usher in and makes me wonder what marks they will make on biomedical research and discovery.

Whatever they are, I expect NLM will be there to tell their story. The Library remains committed to showcasing the contributions of African Americans in health care and biomedical science. In fact, four of our History of Medicine’s recent exhibitions highlight those contributions:

  • Binding Wounds, an exhibition about African Americans in Civil War medicine
  • Opening Doors, stories of contemporary African American surgeons
  • Fire & Freedom, a look at power imbalance, food, and enslavement in the early days of the United States
  • The Politics of Yellow Fever, which includes the essential role Philadelphia’s free African American residents played during the Yellow Fever epidemic of 1793

You can see three of those exhibitions on display now at NLM. Two, Binding Wounds and Opening Doors, are set up in the Lister Hill Center (Bldg 38A) around the corner from the panels featuring our 14 scientist honorees. The third, The Politics of Yellow Fever, which just opened January 11, occupies the entryway to our History of Medicine Division.

If you can’t visit in person, check out the companion websites for each of these exhibitions. You’ll be glad you did—and grateful, like me, for the  contributions of African American healers, clinicians, and scientists.

Promoting Trust in Trustable Information

NLM is and always has been committed to providing access to trustworthy information. We pride ourselves on being an authoritative source of reliable biomedical and health information for scientists, clinicians, the public, and policy makers—a role that begins by building a collection of quality materials, carefully selected.

Our collection development policy, coupled with long-standing library principles, scientific expertise, and years of collective experience, helps ensure the quality, accuracy, and currency of our resources, whether that’s our literature repositories, our consumer health information, or our biomedical data banks. And that excellence is reflected in the trust we’ve earned, trust validated by the millions of users who visit our website each day.

But for all the authoritative information we and others share online, the internet serves up false or misleading information almost as frequently. How can we—and the citizens we serve—function effectively in such an environment?

A recent article in The New York Times helps highlight one possible path.

Pointedly titled “Why do people fall for fake news?” the article offers insights applicable beyond the political arena on which it focuses. The article’s authors, Gordon Pennycook and David Rand, ran studies to test participants’ ability to distinguish true statements from false claims. Their results highlighted the power of reflective reasoning to help people interpret information’s veracity. That is, the more people could think critically and be conscious of the steps in their own thinking, the more accurate their understanding of the information and the less likely they were to be swayed by their own rationalizations or weighted down by intellectual laziness.

What does this mean for NLM?

That beyond providing trustable health and biomedical information, we can also help our customers by building their reflective reasoning  and critical thinking skills and giving them the confidence and practice to use them. By integrating training, tools, and tutorials into our outreach programs we can boost people’s ability to distinguish good health information from the bad, which will help them make better decisions for their own health and the health of their loved ones.

After all, providing accurate information gets us only part of the way. We also need to be sure that people are recognizing and using quality, trustworthy health information and shunning the inaccurate, the biased, and the just-plain-dangerous. Our health depends on it.