What Makes 23andMe “Terrifying”?

In a recent “warning letter” to 23andMe, the FDA informed the genetic testing company that they are marketing their Saliva Collection Kit and Personal Genome Service (PGS) to the public without the proper marketing clearance or approval from the FDA. The FDA then went on to say that 23andMe needs to discontinue marketing the PSG kit until the company has received FDA approval to do so. The Genomics Law Report outlines some background and details of the cease and desist letter in two posts, here and here. If you’re interested in more of the legalities and potential implications of the FDA v. 23andMe battle, the posts are a great read.

However, what really resonated with PPR was this Scientific American article by Charles Seife, also prompted by the recent FDA/23andMe kerfuffle: 23andMe is Terrifying, But Not for the Reasons the FDA Thinks. Seife also touches on the regulatory issue with the FDA, but really captures what we see to be the bigger problem with 23andMe with this:

But as the FDA frets about the accuracy of 23andMe’s tests, it is missing their true function, and consequently the agency has no clue about the real dangers they pose. The Personal Genome Service isn’t primarily intended to be a medical device. It is a mechanism meant to be a front end for a massive information-gathering operation against an unwitting public.

As Seife also reports, the company wants to become the “Google of personalized health care.” Well, yikes.

For now, 23andMe says they won’t sell your information without your explicit consent, but we’ve seen enough policies and rules change over time (e.g., Google’s constantly changing policies, HIPAA and the elimination of consent, etc.) to know that “guarantee” isn’t written in stone. Sure, it’s possible that the company wants to use the data it collects for research that proves beneficial to the public, but…it doesn’t seem like a huge leap to say that 23andMe isn’t gathering all that data for altruistic purposes.

Ultimately, as Seife says, the real issue here is what 23andMe (and any other company or organization that collects personal health information) should be allowed to do with the data it collects. There are a number of privacy problems that must be considered when answering that question, which Seife also outlines quite well in the article. Of course, the debate over how we can best manage privacy concerns vs. public benefit and other interests is complex and varied. But at the very least, PPR believes you should be in charge of how your personal information is used. And, you should be able to see who all has access to it, when someone has accessed it, and why.

 
Side Note: As always, we want to point out that we’re not trying to stand in the way of the very cool things happening with research and technology. In fact, we are very excited about the possibilities offered by advancements in these fields. We like you, research and technology, we really like you. But we like research and technology that does what the public expects and truly protects your privacy; that doesn’t allow your personal information to be used or shared in hidden ways; that allows you to be in charge and aware of what’s happening with your personal information at all times; that you can trust to honor your wishes regarding how your sensitive health information is used.

Texas Election 2014: Abbott Pledges to Safeguard DNA

“Texas gubernatorial frontrunner Greg Abbott recently released an extensive list of items he says he’ll push for once elected.. Ths list includes gun rights, campaign ethics, and blocking implementation of the Affordable Care Act, but the number one item is safeguarding your DNA according to KUT News.”

To view the full article, please visit: Texas Election 2014: Abbott Pledges to Safeguard DNA

Abbott’s Privacy Rights Proposals Draw Attention

“Attorney General Greg Abbott‘s support for more stringent privacy laws is getting some notice, as privacy rights activists say his proposals would lead to more protections for Texans. But concerns tied to the enforcement of the proposed policies are also being raised.”

To view the full article, please visit: Abbott’s Privacy Rights Proposals Draw Attention

Security and Privacy of Patient Data Subject of Regulatory Hearing

Representatives of patients, providers, insurers and tech companies testify before federal panel yesterday at the HIT Policy Privacy & Security Tiger Team Virtual Hearing on Accounting for Disclosures.

“We believe it’s the patient’s right to have digital access that is real-time and online for accounting of disclosures,” said Dr. Deborah Peel, the head of Patient Privacy Rights, a group she founded in 2004. Patients “need and want the data for our own health. We need to have independent agents as advisors, independent decision-making tools, we need independence from the institutions and data holders that currently control our information. We need to have agents that represent us, not the interests of corporations,” she said.

“I think the day will come when people will understand that their health information is the most valuable personal information about them in the digital world and that it’s an asset that should be protected in the same way that they protect and control their financial information online,” Peel said.

To view the full article click Security and Privacy of Patient Data Subject of Regulatory Hearing

To view a PDF of the hearing click HIT Policy Privacy & Security Tiger Team Virtual Hearing on Accounting for Disclosures

 

Prince William’s DNA

As more individuals start posting their genomes or other genetic information online, privacy issues grow. A recent article from GenomeWeb about Prince William’s DNA highlights one of PPR’s concerns about publicly sharing such information: one person’s choice to research and reveal information about themselves reveals information about so many others who had no say in that decision.

To be clear, PPR is not opposed to genetic testing and actually believes there are many new and exciting possibilities that exist within the realm of genetic analysis. However, there are several issues that need to be addressed before people start encouraging others to publicly share their own genetic information. This excerpt from the article sums up the dilemma quite nicely:

“What is noteworthy is the ethics of publishing details of this genetic analysis at all,” Brice says, noting that “one of the major ethical concerns about genetic information and privacy” is that individual information can lead to the disclosures about family members.

The Duke’s cousins are free to have genetic tests if they want, but disclosing information about other, non-consenting individuals, is “highly questionable,” Brice says.

To read the full article, click here. (Note: Free subscription may be required).

The Ethics of Publishing Genomes: Can Today’s Family Members Give Consent for the Next Generation?

To view the full article by Andrea Peterson in ThinkProgress, please visit: The Ethics of Publishing Genomes: Can Today’s Family Members Give Consent for the Next Generation?

In the early 1950′s, doctors at Johns Hopkins took the cells from Henrietta Lacks’ tumor and, without her consent, have used them for years for research. Earlier in March, the entire genome of Henrietta Lacks was published with neither the knowledge nor consent of her surviving family. This privacy breach has “started a new chapter in that tale about the complex relationship between researchers and the privacy of genetic information.”

Some key quotes from Dr. William Pewen, Assistant Professor of Public Health and Family Medicine at Marshall University, and a former top health care adviser to the now retired Sen. Olympia Snowe (R-ME):

  • -“The release of Henrietta Lack’s genome illustrates the fact that genetic information isn’t an individual matter — it impacts family members as well. This underscores the need to ensure the rights of individuals and preserve the confidentiality of research data. Once patient privacy is lost, problems are simply compounded. Just how can today’s family members give consent for the next generation?”
  • -“[i]n an age of technology advances and ‘Big Data’ analytics, it’s clear that medical data can be used in countless detrimental ways. That will simply be fostered if we allow ethics and human rights to be undermined by expediency.”

Putting Health IT on the Path to Success

“The promise of health information technology (HIT) is comprehensive electronic patient records when and where needed, leading to improved quality of care at reduced cost. However, physician experience and other available evidence suggest that this promise is largely unfulfilled.

Comprehensive records require more than having every physician and hospital use an electronic health record (EHR) system. There must also be an effective, efficient, and trustworthy mechanism for health information exchange (HIE) to aggregate each patient’s scattered records into a complete whole when needed. This mechanism must also be accurate and reliable, protect patient privacy, and ensure that medical record access is transparent and accountable to patients.”

*Subscription needed to see full article.

Private traits and attributes are predictable from digital records of human behavior

Picture a box with 2,000 or 10,000 puzzle pieces inside—any one puzzle piece reveals nothing about the picture. But when all the pieces are assembled, an incredibly detailed picture FULL of information is created.

The data mining industry—including Google, Facebook, Acxiom and thousands more unknown corporations and foreign businesses—assembles the puzzle of who we are from thousands of bits of data we leave online. They know FAR MORE than anyone on Earth knows about each of us—more than what our partners, our moms and dads, our best friends, our psychoanalysts, or our children know about us.

The UK study (abstract below) shows how easy it is for hidden data mining companies to intimately know us (and sell) WHO WE ARE.

Most Americans are not aware of the ‘surveillance economy’ or that data miners can easily collect intimate psychological and physical/health profiles of everyone from online data.

The study:

-“demonstrates the degree to which relatively basic digital records of human behavior can be used to automatically and accurately estimate a wide range of personal attributes that people would typically assume to be private”

-“is based on Facebook Likes, a mechanism used by Facebook users to express their positive association with (or “Like”) online content, such as photos, friends’ status updates, Facebook pages of products, sports, musicians, books, restaurants, or popular Web sites”

-correctly discriminates between:

  • -Homosexual and heterosexual men in 88% of cases
  • -African Americans and Caucasian Americans in 95% of cases
  • -Between Democrat and Republican in 85% of cases
  • -For the personality trait “Openness,” prediction accuracy is close to the test–retest accuracy of a standard personality test

The “surveillance economy” is why the US needs FAR STRONGER LAWS at the very least to prevent the hidden collection, use, and sale of health data, including everything about our minds and bodies, unless we give meaningful informed consent.

This urgent topic, ie whether the US should adopt strong data privacy and security protections like the EU—will be debated at the 3rd International Summit on the Future of Health Privacy June 5-6 in DC (it’s free to attend and will also be live-streamed). Register at: www.healthprivacysummit.org

DNA records pose new privacy risks

To view the full article, please visit: DNA Records Pose New Privacy Risks

An article in the Boston Globe highlights the ease with which DNA records can be re-identified. According to the article, “Scientists at the Whitehead Institute for Biomedical Research showed how easily this sensitive health information could be ­revealed and possibly fall into the wrong hands. Identifying the supposedly anonymous research participants did not require fancy tools or expensive equipment: It took a single researcher with an Internet connection about three to seven hours per person.” Even truly anonymous data was not entirely safe from being re-identified. Yaniv Erlich”…decided to extend the technique to see if it would work with truly anonymous ­data. He began with 10 unidentified men whose DNA ­sequences had been analyzed and posted online as part of the federally funded 1,000 Genomes Project. The men were also part of a separate scientific study in which their family members had provided genetic samples. The samples and the donors’ relationships to one ­another were listed on a website and publicly available from a tissue repository.”

These findings are incredibly relevant because it is highly possible that “something a single researcher did in three to seven hours could easily be automated and used by companies or insurers to make predictions about a person’s risk for disease. ­Although the federal Genetic Information Nondiscrimination Act protects DNA from ­being used by health insurers and employers to discriminate against people”.

Dr. Deborah Peel chosen as one of the ‘Top 10 Influencers of Health InfoSec’

Patient Privacy Rights’ very own Dr. Deborah Peel was chosen as one of the ‘Top 10 Influencers of Health InfoSec”. This honor is given by HealthcareInfoSecurity “to acknowledge leaders who are playing a critical role in shaping the way healthcare organizations approach information security and privacy”.

Dr. Deborah Peel was deemed an “outspoken champion of national patient privacy concerns since 1993. As leader of the advocacy group Patient Privacy Rights, Peel often takes controversial positions on key issues, but she has proven successful in drawing attention to important patient privacy matters. She has testified before Congressional committees on genetic data privacy and medical record privacy.”

From Top 10 Influencers of Health InfoSec:

“Each of these top 10 Influencers makes a substantial impact. Their influence ranges from shaping national health data security and privacy regulations to providing real-life breach prevention insights and leading grass-root efforts to help patients deal with data privacy threats.

Our selections include some of the nation’s most recognized leaders in health information technology. But they also include a few individuals who aren’t in the national spotlight, yet are influential nonetheless.

As electronic health records become ubiquitous, and more information is shared via health information exchanges, the nation needs leaders who are willing to take bold action to ensure patient information is protected.

Our editors chose these individuals for the influence they’ve had over the last year, as well as the impact we expect them to have in 2013 and beyond.”