[Posted on behalf of Elizabeth Pike and Kayte Spector-Bagdady from the Presidential Commission for the Study of Bioethical Issues – and cross-posted here.]
In the most recent issue of the Hastings Center Report, Drs. Amy Gutmann and James Wagner of the Presidential Commission for the Study of Bioethical Issues (the Bioethics Commission), contributed to the lively debate surrounding the identifiability of genetic data. In Found Your DNA on the Web: Reconciling Privacy and Progress, Gutmann and Wagner, Chair and Vice-chair respectively, argue that the paradigm of identifiability has become less relevant to individual privacy protections than restrictions on access and use.
In their commentary, Gutmann and Wagner continue the public deliberation of the Bioethics Commission’s report, Privacy and Progress in Whole Genome Sequencing, in which the Bioethics Commission took a forward-looking approach to the privacy concerns raised by whole genome sequencing—issues that have come to the forefront of this important science.
Under current law, health information that is deidentified—information for which there is “no reasonable basis” to believe it can identify an individual or that has been stripped of traditional identifiers—is afforded different legal protections than identifiable health information. However, whole genome sequence data are unique to only one person, making them more vulnerable to reidentification.
Recent articles have cast doubt on the extent to which whole genome sequence data can be deidentified. For example, in Identifying Personal Genomes by Surname Inference, published in Science in January, Melissa Gymrek, et. al. successfully uncovered full identities of 50 individuals.
It is not always easy to control access to genomic data—indeed scientific progress in this area requires large-scale access for researchers. As Gutmann and Wagner argued, to contribute to such progress “the public must trust that the research community will guard their data zealously and use them in the most respectful and productive manner possible. Donor consent to whole genome sequencing is critical, but warning participants of risks in a consent document is not enough: such risks must also be prevented whenever and wherever possible.”
Current federal and state laws protect genomic data differently—some are tied to the collector of the data, others to where the data is collected. Therefore, a centerpiece of Privacy and Progress was Recommendation 1.2, which urged “federal and state governments to ensure a consistent floor of privacy protections covering whole genome sequence data…” Informed consent should be obtained, regardless of the future identifiability of the data (Recommendation 3.1), and this consent should make it clear that there are potential risks inherent in agreeing to share data (Recommendation 3.2). The Bioethics Commission also recognized that persons who have authorized access to genomic data “must be guided by professional ethical standards related to the privacy and confidentiality of whole genome sequence data and not intentionally, recklessly, or negligently access or misuse these data…” (Recommendation 2.1). Best practices must be implemented to keep genomic data secure (Recommendation 2.3).
Recent studies highlight that whole genome sequence data thought to be deidentified can become identifiable to those with expertise; and the corresponding need to address privacy concerns through robust informed consent processes, data security and access provisions, and a consistent national floor of privacy protections. As Gutmann and Wagner concluded in Found Your DNA on the Web, “if we move the debate from identifiability to public beneficence and respecting persons, the real ethical focus must be on promoting progress while respecting privacy;” something to which all persons who work with whole genome sequence data can contribute.