Panel Urges Genomic Privacy Measures

Regulatory Discrepancies Create Confusion
Panel Urges Genomic Privacy Measures

A new report by the President's Commission for the Study of Bioethical Issues makes a dozen recommendations for policies to better protect the privacy of patient genomic sequencing data.

See Also: On Demand | 2024 Report Findings: Security & Productivity in the Age of AI

The 154-page report, Privacy and Progress in Whole Genome Sequencing, concludes that "to realize the enormous promise that whole genome sequencing holds for advancing clinical care and the greater public good, individual interests in privacy must be respected and secured."

The commission, an independent panel of experts that advises the president and the administration, found that "current governance and oversight of genetic and genomic data varies in its protection of individuals from the risks associated with sharing their whole genome sequence data and information."

For instance, only about half of states offer protections against surreptitious commercial testing, such as secret DNA testing of an individual's saliva on a discarded coffee cup.

"In particular, a great degree of variation exists in what protections states afford to their citizens regarding the collection and use of genetic data," says James Wagner, the commission's vice chair, who is also president of Emory University.

In addition, federal protections differ for patient genomic data collected for medical testing versus data collected for medical research.

"Your genome sequenced at your doctor's office would be the same as your genome sequenced during research," says Amy Gutmann, the commission's chair. Yet, the sequence information collected in a doctor's office is protected by HIPAA, while the same sequence information collected during research is protected by what's known as the Common Rule, says Gutmann, who is president of the University of Pennsylvania.

"These are just a few discrepancies in public policy that can create confusion and uncertainty when it comes to understanding how to protect some of our most personal data. Confusion and uncertainty tend to erode trust, and trust is the key to amassing the large number of genomic data sets needed to make powerful life-saving discoveries," she says.

Recommendations Listed

Among the report's recommendations :

  • Federal and state governments should "develop a process for ensuring a consistent floor of protections covering whole genome sequence data regardless of how they were obtained." These policies should protect individual privacy by prohibiting unauthorized whole genome sequencing without the consent of the individual from whom the sample came.
  • Individuals who work with whole genome sequence data, whether in clinical or research settings, public or private, should be held accountable to state and federal laws and regulations. That includes regulations that require specific remedial or penal measures in the case of data security lapses, such as breaches due to the loss of portable data storage devices or hacking.
  • A federal agency should establish clear and consistent guidelines for informed consent forms for research involving DNA sequencing that's conducted by those under the purview of the Common Rule.

"Presently, many national and state policies are in place to guard person¬ally identifiable health information and records of participation in research," the report states. "These policies should apply to all handlers of the data, from those who collect the data, to researchers who use them, to third-party storage and analysis providers," including hosts of cloud computing services.

Privacy protections should guard against unauthorized access to, and illegitimate uses of, whole genome sequence data and information while allowing for authorized users of these data to advance individual and public health, the report says.

The Genetic Non-Discrimination Act makes it illegal to use genetic information for insurance underwriting purposes. A pending omnibus package of regulations would modify the act to spell out that using genetic information for underwriting is a privacy violation as well. The omnibus package also includes extensive proposed modifications to HIPAA.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.