SAN FRANCISCO — Each person’s genome should be exclusively and without question their own property, but the business models of some major medical centers and organizations that own databases comprised of genomics are circumventing that belief, according to a group of medical, privacy, and legal experts at this week’s RSA Conference.
Oftentimes these organizations will say the patient owns the data, but when it comes to wide sharing or contributions of these data to various databases, that ownership is clouded. “What I’m most concerned about is that we do protect privacy, but at the same time that this information is available to us for research,” said Sharon Terry, president and CEO at Genetic Alliance.
“I don’t think we’re finding data is liquid as we want it to be and we’re finding some disincentives for sharing it, especially for institutions,” she said. “I think we’re going to need to see an integration with the system such that the consumer is central, the focus, and in fact gets rewarded” for sharing that data for research.
Kathy Hibbs, chief legal and regulatory officer at 23andMe, said there are real impacts at play when genomic data is withheld from researchers or otherwise claimed for commercial reasons. 23andMe makes individuals’ genomic information available for medical research, but it follows the same standards that apply to human-centered research for clinical trials, including an external ethical board, and a proactive approach to consent at three different levels, she explained.
“I think that is something that’s an area where those ethical standards that apply in the medical system can be examples for some of the other parts of technology” that follow an ad tech model or opt individuals by default without clear consent, Hibbs said.
Underscoring the heightened interest that people have in the ownership and use of their genomic data, Hibbs said that the privacy and transparency section of the 23andMe website receives more traffic from potential customers than any other section.
Genetic Consent is a ‘Moving Target’
Informed consent of genetic data is critical, but people aren’t always clear about what they are consenting to and how that data might be used down the line, particularly as advancements continue in the field of genomics. “The consent that I give today about the use of my genetics may be fundamentally different than I give in a year because things have changed so much that I didn’t understand then what I was signing up for,” said Dr. Patrick Courneya, chief medical officer at Kaiser Permanente.
“It is a moving target, it is quite challenging and I think we should not draw false comfort from the way the structure is set up right now,” he said.
“How does any one of us know what we’re consenting for the future and what we may or may not find out and how that’s going to strike us then,” Terry said.
Michael Wilson, SVP and chief security officer at Molina Healthcare, said health care is very unique from a privacy and security perspective, and genomic data is a particular example of that uniqueness. “Genomic data is as relevant 100 years from now at an individual level as it is now,” he said.
When asked whether a hacker can monetize genetic data or if they might be otherwise incentivized to gain access to genetic data, Wilson said probably not, but when it’s combined with other data it certainly can be monetized or used for nefarious reasons.
Making that data available for important research, protecting it, and correlating that data with more than 300 billion medical records already stored today is a difficult problem, according to Wilson.