Discovery

A Case for Progressive Institutional Review Boards

by Luna

Innovation is a constant topic in the biomedical research space. The pace of new tools, new techniques, and new discoveries is often hard to keep up with. Researchers and study participants expect innovation to deliver improvements as well as compatibility with new science, new methodologies, and new priorities, all in a constantly changing, complex environment for study participants.

This progress is almost always seen in the insights and outcomes of the research, but not in how the research is designed, begins, progresses, and is managed. Anyone who has done work in the biomedical research space knows that ethical oversight – whether by internal reviewers, external Institutional Review Boards (IRBs), or Ethics Review Boards (ERBs), collectively known as “reviewing bodies” – constitutes a significant part of all study construction and, therefore, is a significant part of all new science and discoveries. Shouldn’t the processes that enable study construction also be innovative and capable of adapting to new science, new methods, and new priorities?

A careful balance must always be maintained between ensuring protection of individuals participating in research and supporting innovative methods and processes to drive more efficient and cost-effective reviews and research.

The often broad, non-specific nature of regulations that govern “human research protections”, as they are called in the US, leave reviewing bodies somewhat adrift in what amounts to a vacuum. This vacuum forces them to make their own interpretation and implementation of the exact protections to uphold and leaves them without a mechanism to cross-communicate new processes for reviews or validations of new methods for research. At their core, reviewing bodies are simply a group of people working together to determine if a research study meets certain requirements and thresholds as interpreted from these regulations. The social psychology of how people interact on a larger social scale, how people make decisions in isolation and in aggregate, and how the context of their engagements changes their behavior in those different settings is sufficiently understood today. Yet, there is a large gap in transforming that understanding into the application of how reviewing bodies function. These factors have created a space that is prone to stagnation rather than innovation, languishing as a relatively static space for decades. The same study reviews are taking place, and the same study constructions are expected, with few changes permitted, let alone the ability to include entirely new methods. How do we inject innovation into such an environment to create what amounts to an adaptive or progressive IRB?

A careful balance must always be maintained between ensuring protection of individuals participating in research and supporting innovative methods and processes to drive more efficient and cost-effective reviews and research.

“At the Genetic Alliance IRB, we’ve found that an open dialogue between the IRB members, researchers, and technology providers is essential to understand pain points and inefficiencies in our process, and incorporate new techniques that improve both our processes and the research being done. We cannot limit ourselves to past methodologies, given the pace with which new technology is developing worldwide,” says Chris Carter, chair of the Genetic Alliance IRB.

IRBs and ERBs typically do not interact with service providers on the underlying technology by which data is collected for a study. Instead, their focus is on the burden of participation, the ethical considerations of what is being asked, and the privacy, burden, and safety risks to participants. However, we have seen a marked increase in the efficiency of designing and reviewing new studies when the IRB works in conjunction with the technical service provider to understand and approve the underlying mechanisms and processes first. By utilizing standard IRB practices to review and approve new processes and methodologies leveraging newly established technology supporting the research, we can increase the speed of research by reducing the complexity of new study design. Working with the Genetic Alliance IRB, we set out to find ways where an IRB and technology provider could work together to innovate reviews and research. Here’s what we did.

Case Study #1: Luna Platform – Simplifying the IRB Process for New Studies

“For several decades, standing in the shoes of research participants, I have been outraged at the delays and extra work some IRBs cause in the name of protecting the participants. From my perspective, many IRBs act to protect an institution rather than the people. In the case of advocacy organizations and communities working to accelerate research on their condition, making this as simple as possible and ensuring conduct of the best research for their communities is paramount,” said Sharon Terry, CEO of Genetic Alliance. “Working with LunaPBC, we did a first-of-its-kind submission to the Genetic Alliance IRB to approve an entire platform based on the methods it encompasses for participant engagement and retention, data collection, and analysis. This paves the way for a streamlined review process for any study being executed using the platform. There is no need for redundant approvals or long timelines.”

The Luna platform is a tool for researchers to establish new communities or cohorts to collect data and perform analyses for their studies in a continuously participant-connected environment. The platform has IRB approval, which includes a consent individuals e-sign to share de-identified data for research purposes on the platform. This allows CDI to be deployed on Luna by groups for the benefit of their community through a simple Organization-Specific CDI Addendum. Then study-specific consents are only needed for those studies that go beyond the standard methods described above for the platform and enables the IRB to focus on specific goals of and populations included in the research, since the underlying mechanics are the same from study to study. Examples of protocols that are not covered by the approval are 1) the collection of personally identifiable information instead of de-identified data, and 2) use of bespoke instruments on topics not prioritized by the community through Community Driven Innovation.

Case Study #2: Community Driven Innovation – Innovative Methods for Research
Luna established the Community Driven Innovation™ (CDI) method for uncovering and validating the top priorities of a community or cohort, similar to methods like the Delphi technique, but without the disadvantage of inherent groupthink or expert bias those other techniques often introduce. By working collaboratively with the Genetic Alliance IRB and several researchers using CDI for their research goals, we were able to identify new ways to not only improve the research being done, but also simplify certain aspects of the IRB process itself.

 “The Genetic Alliance IRB immediately understood the value of the CDI method, not only in reducing burden on study participants, but also in reducing costs and time for their own reviews for both new studies using CDI and new data collection, typically surveys, being designed based on the insights from CDI,” shared Ian Terry, senior user experience research at Luna.

Together, we established two concepts that were integrated into the Luna platform protocol with the Genetic Alliance IRB: (1) A CDI “meta-study” design, and (2) “Related Topics” surveys.

CDI Meta-Study Design

We established a protocol that defines the CDI method leveraging the mechanisms on the Luna platform for consent, recruitment, data collection, and data analysis. New deployment of CDI can be added via an addendum to this protocol defining the specific populations and key personnel involved in recruitment since nothing else changes from CDI to CDI. This streamlines the time for review and cost to review by the IRB, and enables researchers with less scientific experience to take advantage of deploying a CDI to their communities or cohorts.

Related Topic Surveys

Building off of the CDI method protocol, we worked with the Genetic Alliance IRB to design a process to eliminate the need for researchers to submit all research questions during the initial study design and instead enable evolving content based on the insights generated from the CDI itself. Together, we established thresholds for specific topics and priorities uncovered by the CDI that could be turned into questions in follow-on surveys without requiring additional IRB reviews. We’ve now opened up the research such that the involved patient population can select the research topics using several well-documented methods from Computational Social Choice theory. By doing this, we don’t have to pre-decide what a specific population may need; we can build the very task of asking that question into the study design. This allows us to remove many steps that would have been spent attempting to figure out what the population wants and thereby speed up the time it takes to establish this study in the first place. But also gives the research population – versus the experts or researcher – the autonomy to decide where the research should be headed, a power that has been missing in the medical world for a long time.

These are only a couple of examples of how collaborative exploration of new processes, methods, and technologies can create an innovative and efficient environment for safe, ethical research. By focusing on technology and method innovation in our external and internal ethical reviews, we can explore new frontiers in the research that empower participants to help drive study design. Subsequently, elevating the participant to drive the study design ensures that the new inventions and products developed meet their needs and pain points directly, thereby expediting answers, time- to-market, and ultimately better health. We’ve turned a top-down study process into a dynamic ecosystem of iterative listening, accessible to non-scientists, that supports the privacy and safety of its members.

Learn more about Community Driven Innovation at www.lunadna.com/cdi

About Luna

Luna’s suite of tools and services connects communities with researchers to accelerate health discoveries. With participation from more than 180 countries and communities advancing causes including disease-specific, public health, environmental, and emerging interests, Luna empowers these collectives to gather a wide range of data—health records, lived experience, disease history, genomics, and more—for research.

Luna gives academia and industry everything they need from engagement with study participants to data analysis across multiple modalities using a common data model. The platform is compliant with clinical regulatory requirements and international consumer data privacy laws.

By providing privacy-protected individuals a way to continually engage, Luna transforms the traditional patient-disconnected database into a dynamic, longitudinal discovery environment where researchers, industry, and community leaders can leverage a range of tools to surface insights and trends, study disease natural history and biomarkers, and enroll in clinical studies and trials.

Privacy and Security

Privacy-Preserving Technologies and Rights-Based Privacy Regulation Compliance

by Luna

There has been increased interest over the past decade over what to do with the growing volume of digital information collected on individuals that are potentially used or sold by companies and governments. This interest is even more heightened when health data is involved and how this data might be used in ways contrary to the interests or values of individuals. In parallel, new data protection laws have passed in many parts of the world and increasingly in several states within the United States that express the control of data privacy as a human right.

It is commonplace to merge the concepts of data privacy and security, even though each has a unique role. Data security is the step taken to prevent unauthorized access to data. A common security approach involves data encryption that requires user-specific information to decrypt the data back to its original form. Privacy-preserving technologies, or PPTs, are a newer class of technologies that support the distribution of encrypted data that can be selectively decrypted to reveal some or all of the data that is encapsulated. PPTs are especially exciting for the sharing of genomic data so that only some of the data is made available to a researcher, which presents a lower risk to the individual for subsequent data misuse.

A common data privacy policy is the right to rescind one’s consent and to have the individual’s data deleted, also known as the “right to be forgotten.”

Data privacy, in contrast to data security measures, is a set of policies that are applied to secure data. These policies typically govern the data collected, the purpose for which the data is collected, and the informed consent granted to the researcher to study the data. A common data privacy policy is the right to rescind one’s consent and to have the individual’s data deleted. This is also known as the “right to be forgotten.”

Security-based protections such as PPTs and privacy-based protections are very different in how they are implemented. With security-based approaches, data are distributed to researchers that are approved to access the data. Once access is granted, the control of the data is lost. Over time there can be many copies of the data that have been granted to multiple researchers, as shown in Figure 1A.

Figure 1A. Once permission is granted data is distributed to uncontrolled environment(s)

In contrast, privacy-based approaches maintain control of each piece of data within an environment that supports the removal of the data if an individual’s consent is withdrawn. Under the privacy-based approach, an individual has a virtual string on their data that supports the pulling back of their data at any time, as shown in Figure 1B.

Figure 1B. Use of permissive data is used within an environment that enforces privacy policies.

The question of which approach is better rests largely on the regulatory environment in which the research is being performed. In Europe, compliance with the General Data Protection Regulation, or GDPR, requires that the data rights of individuals persist when they share their sensitive personal data, such as health data. In states such as California, the California Privacy Rights Act (CPRA) that has come into law in 2023 requires similar protections for individuals. For historic datasets, databases, and biobanks that include genomic data, the use of PPTs has provided a more secure way to distribute such sensitive personal data.

About Luna

Luna’s suite of tools and services connects communities with researchers to accelerate health discoveries. With participation from more than 180 countries and communities advancing causes including disease-specific, public health, environmental, and emerging interests, Luna empowers these collectives to gather a wide range of data—health records, lived experience, disease history, genomics, and more—for research.

Luna gives academia and industry everything they need from engagement with study participants to data analysis across multiple modalities using a common data model. The platform is compliant with clinical regulatory requirements and international consumer data privacy laws.

By providing privacy-protected individuals a way to continually engage, Luna transforms the traditional patient-disconnected database into a dynamic, longitudinal discovery environment where researchers, industry, and community leaders can leverage a range of tools to surface insights and trends, study disease natural history and biomarkers, and enroll in clinical studies and trials.

Privacy and Security

Something Exciting Happened on October 6, 2022, Concerning Your Medical Records

by Luna

Editor’s note: This article is jointly authored by Luna and Greenlight Health Data Solutions.

The Information Blocking Rule, now in effect, is a new federal regulation we should all celebrate as a big win for control over our health information, a right that we should always have had.

Let’s take a step back in time and then fast forward to today. In recognition of the importance of digital health information for advancing precision medicine, the Information Blocking Rule was a provision of the 21st Century Cures Act which aimed to modernize healthcare data interoperability and update a component of HIPAA that was oriented to paper-based medical records, not Electronic Health Records (EHRs). Part of the motivation to connect EHRs was to improve the portability of one’s health data to multiple healthcare providers and to give direct access to one’s health data using online patient portals. The Information Blocking Rule requires that all healthcare organizations give patients access to their full health records digitally (via a patient portal)–without delays or cost.

Why is this important? The new Information Blocking Rule unblocks access to Electronic Health Information (EHI), which Health and Human Services (HHS) defines as electronically Protected Health Information, or PHI. The significance of this rule has many threads–not least of which is bringing control and rights to the information much closer to the patient–the individual who the data is about, you! You can now review and research your own information to be a more informed patient. You can easily share your data with new healthcare providers if you relocate or change your insurance coverage. You can avoid time-consuming and costly duplication of diagnostic tests, which is commonplace whenever one engages with a new medical professional. You can also choose to share your data with a clinical research study or trial that is of interest to you to advance medical knowledge and health discoveries for society more broadly.

We’ve been advocates for individuals’ rights to access their health information for a long time. Greenlight Health was an early software platform specifically designed to offer patients online access to their health data. Luna has implemented Greenlight’s EHI data-sharing APIs which support connections to more than 90% of the U.S. provider market. This approach allows for the inclusion of EHR data, along with genomic and health survey data, for patient-centered research studies to understand and improve health outcomes. Gathering health information from multiple health systems, and across decades, provides convenience to individuals and their families while simultaneously providing a richness of data to researchers to unlock new insights for health improvements. Such patient-centered studies hold promise to enrich the standard of care more equally for individuals of all ethnic and racial backgrounds.

An essential aspect of inclusive clinical study participation requires that data shared by individuals is done with their informed consent and that the data is not used for other purposes outside the individual’s consent. Luna’s health data sharing and analysis platform uses rights-based data privacy measures to protect access to shared data so that a contributor (you) can remove their data from the platform and/or from any studies they joined with a simple click of a button. By implementing rigorous rights-based data protection and privacy that complies with all current privacy laws (such as GDPR in the EU), Luna provides a path to international clinical studies that can benefit from population diversity globally.

It’s no longer in the medical provider’s control to decide when to release a patient’s information. The Information Blocking Rule is really about information sharing and empowering the patient with ownership of their health data. Under HIPAA, healthcare providers are allowed 30 days to fulfill medical record requests; 60 days is permitted if the provider needs an extension. With this new rule and direct EHI access methods for patients, a healthcare provider cannot “interfere” with the flow of EHI, and it needs to flow without delay. When there are instances of interference, healthcare providers and EHR vendors are subject to financial penalties (up to $1 million per occurrence and/or reductions in Medicare and Medicaid reimbursement). Healthcare providers and vendors lobbied strongly against this rule being passed (in fact, the rule was held up for six years). Days before the rule became effective, 10 of the leading healthcare industry trade associations pushed HHS for a delay. As stated, the rule extends an individual’s right to access EHI through a patient portal. As the name implies, patient portals were designed to support functionality that allows individuals to connect to their medical records whenever needed. The intent of having immediate access to medical records through a patient portal is to provide a mechanism for sharing EHI with other healthcare providers, with family members, and for research.  

It’s no longer in the medical provider’s control to decide when to release a patient’s information.

This rule is one more step toward providing you with a comprehensive understanding of and access to your own healthcare information and, more importantly, control of how your health records are shared.

Taking the power of your health records to the next level, Greenlight Health and Luna combine capabilities to enable you to consolidate your records in one place and safely share your health records and other unique experiences in research studies that are of interest to you. You are in the driver’s seat now. The steps you take next could make a big difference in finding treatments and cures for those who need them most.

About Luna

Luna’s suite of tools and services connects communities with researchers to accelerate health discoveries. With participation from more than 180 countries and communities advancing causes including disease-specific, public health, environmental, and emerging interests, Luna empowers these collectives to gather a wide range of data—health records, lived experience, disease history, genomics, and more—for research.

Luna gives academia and industry everything they need from engagement with study participants to data analysis across multiple modalities using a common data model. The platform is compliant with clinical regulatory requirements and international consumer data privacy laws.

By providing privacy-protected individuals a way to continually engage, Luna transforms the traditional patient-disconnected database into a dynamic, longitudinal discovery environment where researchers, industry, and community leaders can leverage a range of tools to surface insights and trends, study disease natural history and biomarkers, and enroll in clinical studies and trials.

newborn feet
Health

Use of Genomics in Newborn Screening Offers New Insights and Decisions

by Luna

Newborn screening (NBS) in the United States has been used for more than 50 years and is often touted as the world’s most successful public health program. Some 99% of the nation’s children are screened at birth for treatable genetic conditions caused in whole or in part by variations in their DNA sequence. Screening has saved infants, and their families, from enormous suffering.  

Recently the NBS program has garnered even more attention and interest thanks to the groundbreaking work by Rady Children’s Hospital to leverage genomics more broadly in the screening and treatment of infants.  Recently, clinicians have pushed to expand the NBS list of treatable genetic conditions.  

The price of genomic testing has continued to come down and innovations in understanding genetic disorders have also been demonstrated to relieve financial pressures on the healthcare sector. In fact, rapid and effective treatment early in life has been shown to be less costly than chronic conditions that would otherwise require ongoing intervention by the health system. 

What is newborn screening?

In the United States, small blood samples are collected from every infant shortly after birth and analyzed for treatable genetic disorders. Newborn screening was pioneered in 1963 by Robert Guthrie, MD, for diagnosing phenylketonuria, a genetic disorder that affects metabolism leading to toxicity that damages the brain.  

Today, it has become a public health practice in all States to screen newborns for a minimum of 29 treatable disorders to detect inherited genetic disorders. The Advisory Committee for Heritable Disorders in Newborns and Children recommends screening for 61 conditions, 35 of which are conditions that are screened in all 50 states. Over the past decade, the use of low-cost DNA sequencing to diagnose and treat sick children suggests that expanding the Recommended Uniform Screening Panel from 35 treatable conditions to a much more comprehensive set is both possible and affordable for the U.S. healthcare system. 

Long-term follow-up is key to ensuring the information learned through DNA sequencing of newborns is appropriately communicated and integrated into clinical care with the family’s pediatrician.  

The path to genomic screening in infants 

Funding of the sequencing of 100,000 patients in England by the U.K. Department of Health in 2013, Genomics England piloted the use of whole genome sequencing (WGS) in 4,660 children suspected of having rare genetic conditions.1 In parallel, Stephen Kingsmore, MD, and Rady Children’s Institute of Genomics Medicine championed ultra-rapid WGS to diagnose affected newborns within 13 hours.2 These efforts, in conjunction with other programs around the world, established the use case of WGS delivering precision care to pediatric practice and set the stage for use of WGS to screen newborns earlier in life and before symptoms appear. 

It is believed there are currently roughly 600 conditions for which early-life intervention will improve the longer-term health of the child. This motivated the National Health Service in the U.K. to begin piloting newborn screening using WGS in 2021. In the U.S., New York is funding the GUARDIAN initiative to offer WGS NBS for 100,000 newborns in the state to screen for 250 conditions and to characterize the diagnostic benefits to the child and the health economic impact on the health system. 

Long-term follow-up is key to ensuring the information learned through DNA sequencing of newborns is appropriately communicated and integrated into clinical care with the family’s pediatrician.  

Luna, in collaboration with the American College of Medical Genetics, Genetic Alliance, and various medical systems, is engaged in a study to understand the follow-up needs of families and children affected by spinal muscular atrophy and other conditions who receive their diagnosis through NBS. This study uses Luna’s Community Driven Innovation™. This participant-led methodology addresses long-standing problems with traditional research approaches while providing an unbiased, clear understanding of the priorities, values, and challenges of individuals, families, and communities. One of the objectives of this study is to understand the impact of both NBS and long-term follow-up for children impacted by one of the conditions covered with current screening programs and potentially recommend changes in patient care. The NBS study may prove the feasibility of one path to improved care moving forward. 

Consider privacy issues with newborn screening research 

As new medical approaches are implemented, parents have important decisions to make prior to enrolling their newborn into WGS studies. Consider the risk and benefits involved regarding further use of DNA data after screening for genetic conditions. They should ask how their child’s data will be used in research, by whom, over what period, and for what types of research. Who makes these decisions is a function of the data privacy and protection regulations in various states and countries.  

One’s genome uniquely identifies them—and their family—for their entire life, so understanding the impact of early decisions such as these is critical. 

As new medical approaches are implemented, parents have important decisions to make prior to enrolling their newborn into WGS studies. Consider the risk and benefits involved regarding further use of DNA data after screening for genetic conditions.

About Luna

Luna’s suite of tools and services connects communities with researchers to accelerate health discoveries. With participation from more than 180 countries and communities advancing causes including disease-specific, public health, environmental, and emerging interests, Luna empowers these collectives to gather a wide range of data—health records, lived experience, disease history, genomics, and more—for research.

Luna gives academia and industry everything they need from engagement with study participants to data analysis across multiple modalities using a common data model. The platform is compliant with clinical regulatory requirements and international consumer data privacy laws.

By providing privacy-protected individuals a way to continually engage, Luna transforms the traditional patient-disconnected database into a dynamic, longitudinal discovery environment where researchers, industry, and community leaders can leverage a range of tools to surface insights and trends, study disease natural history and biomarkers, and enroll in clinical studies and trials.

data rights
Privacy and Security

Know your Rights Around Health Data Privacy

by Scott Kahn

Evolving privacy regulations, changing legal interpretations, and security breaches make it hard to keep up with our rights and risks these days. People are looking for resources to help them cut through the technical jargon regarding personal health data protection. Many simply want to use the technology they have come to enjoy while keeping their health information safe and secure. 

What are health data rights?

To unpack these questions, it’s helpful to review where your health information was first accessed and what your rights are currently. When individuals in the United States consider their health information,  they may be aware that the law regulates how healthcare providers (also known as “covered entities”) use their data. First passed in 1996, the Health Insurance Portability and Accountability Act (HIPAA) limits third-party access to personally identifying information stored within the healthcare system. 

Many people may not be aware that this information is used outside the healthcare system for research and other uses beyond medical care. Eighteen data types were established as protected health information (PHI) in the HIPAA Privacy Rule, finalized in 2000. PHI includes types of data such as names and addresses, but it also covers “any other characteristic that could uniquely identify the individual.” However, the HIPAA Privacy Rule only applies to healthcare settings. HIPAA does not protect the privacy of our data held by app providers, government bodies, biotech companies, and other entities that don’t provide healthcare services.

“Health discovery relies on health data. Luna advocates that the most reliable, representative health data comes directly from people. This is why, from Day 1, we’ve built privacy-by-design so that we can protect people and accelerate better health interventions.”

Scott Kahn, Chief Privacy and Information Officer

Since the passage of HIPAA, the amount of information that can be gathered about us has increased exponentially, and data science has advanced significantly. Remember, we just started using email in 1996! Today, computer science methods can combine non-identifying information—as few as two to three pieces of data—into very accurate assignments of a person’s identity. Put differently, the privacy protections that HIPAA gave us two decades ago were not designed with today’s information and science in mind. 

This simple observation has motivated some states and federal legislators to enact data privacy laws that focus on a set of rights for individuals, not institutions.

Read “How Modern Data Privacy Laws Enables Research
Scott Kahn
Scott Kahn, PhD, Chief Information and Privacy Officer, Luna

You have a right to data privacy

Today, as health and tech consumers, we have rights to data privacy. Modern laws define a person’s rights when it comes to data. They require companies, governments, and organizations to respect these rights when collecting and analyzing data about consumers. We can give permission, known legally as informed consent, for the use of our data, and we have a right to know who is using our data for what, such as a clearly defined public benefit.  

In general, these newer laws require that we are provided the purpose, such as the kind of research being done, for why our data is being collected. One example of these laws in practice is the numerous cookie notifications you receive on practically every website you encounter on the internet. You have the right to change your mind about sharing your data—also known as revoking consent—and the right to confirm that the company destroyed your data. 

We live in a time where data creation is incredibly astounding. Suppose we can use that data to advance causes that matter to us. In that case, we can change the quality and velocity of health interventions. 

At Luna, we appreciate the evolution of these consumer data privacy laws and have operated since Day One to exceed their requirements.

Read about Luna’s Data Protection Impact Assessment.

About Luna

Luna’s suite of tools and services connects communities with researchers to accelerate health discoveries. With participation from more than 180 countries and communities advancing causes including disease-specific, public health, environmental, and emerging interests, Luna empowers these collectives to gather a wide range of data — health records, lived experience, disease history, genomics, and more – for research.

Luna gives academia and industry everything they need from engagement with study participants to data analysis across multiple modalities using a common data model. The platform is compliant with clinical regulatory requirements and international consumer data privacy laws.

By providing privacy-protected individuals a way to continually engage, Luna transforms the traditional patient-disconnected database into a dynamic, longitudinal discovery environment where researchers, industry, and community leaders can leverage a range of tools to surface insights and trends, study disease natural history and biomarkers, and enroll in clinical studies and trials.

Scott Kahn, Ph.D.

Scott Kahn, Ph.D.

CHIEF INFORMATION + PRIVACY OFFICER

Scott is the former CIO and VP Commercial, Enterprise Informatics at Illumina. At Luna, he’s integrating data privacy and security provisions that keep member data safe, private, and secure.