Personalized medicine promises much. New initiatives aim to harness technology and genomics to create bespoke medicine, customizing your healthcare like your Facebook profile. Instead of relying on generic practice guidelines, your doctors may one day use these new analytic tools to find the ideal treatment for you. Big data will make this precision possible: patterns that emerge from the DNA and medical records of millions can predict which treatments work best for which patients. Fewer mistakes, lower costs, and more effective care may result.
But this precision has a price that science and medicine don’t acknowledge. Personalized medicine demands that we all contribute our medical histories and genomes to the big data research pool. The science works only if the numbers are very large; so large that some envision every patient as a subject whose medical data will be shared for research. As this future unfolds, you will, of course, be assured of your privacy. Unfortunately, that’s a promise science cannot honestly make and you should not believe.
A growing number of experts, particularly re-identification scientists, believe it simply isn’t possible to de-identify the genomic data and medical information needed for precision medicine. To be useful, such information can’t be modified or stripped of identifiers to the point where there’s no real risk that the data could be linked back to a patient.
This realization is colliding with research norms that permit the relatively free exchange of patients’ medical information. Research and medical privacy regulations, as currently interpreted, allow review boards to waive patient consent, and even allow researchers to call DNA sequences “de-identified,” data, a category without oversight or privacy protection. Newly-announced changes to federal research regulations simply broaden the scope of these practices.
Is your genome being shared for research? It’s impossible to know for sure. In some states, doctors need your consent to test your blood for your medical care, but it is perfectly legal for a researcher to obtain blood no longer needed for your care, then sequence your genome and place your information in a research database, all without your consent or even your knowledge. Federal medical privacy and research laws permit this on the misguided assumption that there’s no re-identification risk.
Regulators have been slow to acknowledge re-identification risks, though it is known that genome sequences might be re-identified through comparison to a database of identified genomes (such as those held by law enforcement consumer genetic testing companies), through the use of demographic information provided along with the sequence data, or even, potentially, through new technologies that may enable prediction of an individual’s face from genomic data.
Security is essential to protect privacy, yet few specific regulatory standards protect the security of the sensitive health data needed for precision medicine research. What exists is outdated and insufficient. For example, while your fingerprint, long known to be useful for re-identification, was protected under the 2003 federal HIPAA Privacy and Security rules as a “biometric identifier,” your genome was not—and today, 14 years and millions of genotypes later, still is not.
Millions of Americans have seen their medical data compromised by cyberattacks on data stored at hospitals, insurers, and clinical laboratories. Electronic health records (EHRs) are favorite targets; once these records link to the genomic data needed for precision medicine, the privacy impact of cyberattacks will increase exponentially. Unlike a medical record number or credit card number, genome sequences, unique and permanent, can’t be replaced when compromised, and sequence data are a wellspring of information about health risks, ancestry, and sometimes, unexpected parenthood.
Databases containing genomes and medical histories are multiplying, sometimes populated with the data of unwitting participants who don’t know researchers have sequenced their genomes and placed the data in research databases operated by public entities (such as the NIH) or private drug companies. Data from these databases is shared with researchers world-wide, typically under a “data use agreement” that offers no recourse to data subjects if their information is misused or compromised.
We became interested in this issue when we realized that the biggest database of all – the increasingly networked EHRs of hospitals and physician practices nationwide – might one day include genomic data from everyone, as gene sequencing becomes common in healthcare.
Typically patients aren’t notified when their medical records are shared for research, or with whom. An increase in funding for biomedical data research has grown the number of studies obtaining EHR data on a large scale; almost always, these studies are conducted without informed consent. And researchers aren’t held to specific, uniform legal requirements for protecting the security of genomic and health data they receive for research.
This isn’t right. Researchers should never lead participants to believe that no one could re-identify their genomic data – re-identification is always a risk. Patients should always know who is receiving their genomes and medical records for research, so they can demand better security oversight of the privacy risks.
Ethical guidelines for research, including data research, stress the importance of respect for persons. Informed patients are respected persons who can help hold researchers accountable for data security. Better security is possible—for example, researchers are exploring new techniques to encrypt genomes without making them useless for research— but if patients remain unaware and regulators are reluctant to question the status quo, they’ll be few incentives for improvement. Unless we raise the bar on research data security, however, patients, though they may benefit from better care, will assume unreasonable and unnecessary privacy risks as their data is shared in the pursuit of precision medicine.
Featured image credit: Security by TheDigitalWay. CC0 Public Domain via Pixabay.