See the Government Health IT article: NCI to open research grid to cancer patient ‘army’
Women desperate to cure breast cancer are contributing their sensitive personal health information to “an army” of researchers.
But there is no reason that these altruistic women have to risk their futures and their daughters’ futures to find a cure.
It’s possible to do research without risking their futures and their daughters’ and granddaughters’ futures by using privacy-protective technologies and robust informed electronic consent. But this project does NOT protect the privacy of these generous and well-intentioned women.
The women’s data can be downloaded by “thousands of users”–all of whom make copies of their extremely sensitive, IDENTIFIABLE records. The records are identifiable so that the women can be contacted by researchers.
Some of the major things wrong with this picture:
1) The NCI system allows “researchers (to) form and maintain large breast cancer disease databases.” Is there any way to tell if the security is ironclad, state-of-the-art? No.
2) How many copies will researchers make? How many times will the data be replicated and backed-up across the world? No way to know.
3) What countries will copies of the records be kept in? No way to know.
4) How many and which researchers will download and keep their data? No way to know.
5) The researchers must sign agreements to protect and not sell the data, but there are no ‘data police’ to enforce those agreements. If there are no ‘data police’ watching this data, how do the women know it’s safe? No way to know.
6) What if a woman does not approve of a particular study or researcher who has their data? Can a woman prevent any researcher from using her information? No.
7) How will the data be handled after the research study is complete? How will the women know if it is destroyed? No way to know.
8) How safe is research access via a web browser? No way to know
The severe flaws in this plan are obvious. Fearful women desperate for cures are being exploited by the government and the research industry that designed these systems to serve their needs, NOT the women’s rights to privacy. Putting such sensitive data out into cyberspace KNOWING it can never be retrieved or destroyed is grossly irresponsible. Like Paris Hilton’s sex video, this data will live forever in cyberspace, risking future jobs and opportunities of every child of every woman desperate for a cure.
The NCI could do this a better way—we can have research and privacy at the same time. But the privacy protective technologies that can enable both are not being used. Why not?????
See our testimony Sept 18th at the national HIT Policy Committee and the many letters from the Coalition for Patient Privacy to federal agencies and Congress describing how to do research while protecting privacy.
And NO–the Genetic Information Nondiscrimination Act (GINA) DOES NOT protect our genetic data. It allows insurers and employers to have our genetic data and it has no enforcement. Zero. And HIPAA has no protections for genetic data either–it allows others to control and use our data without consent.
The cost of contributing to research should not be that your female descendents are unemployable. Unless data is protected, we will have generations of people who cannot work because employers will not risk hiring anyone at risk of getting a disease.