Category: Medical Privacy

Dov Fox on Genetics and “The End of Family Secrets”

Dov Fox 1 Comment

Bill of Health blogger Dov Fox was featured in a recent National Geographic article on genetics and genealogy.

Dov Fox, an assistant professor of law at the University of San Diego who specializes in genetic and bioethical issues, told me that it’s only a matter of time before genetic genealogy leads to lawsuits regarding fidelity, paternity, and inheritance. But it’s unclear, for now, how the law will handle those cases.

Here in the U.S., there aren’t any federal privacy statutes that would apply, Fox says. The U.S. Genetic Information Nondiscrimination Act (GINA), passed in 2008, says that health insurers and employers cannot use an individual’s genetic information to deny medical coverage or to make employment decisions. But genetic genealogy doesn’t have anything to do with medical risks. That means lawyers will have to get creative in how they present their cases.

“What happens often with advances in science and technology is that we try to shoehorn new advances into ill-fitting existing statutes,” Fox says. So genetic genealogy cases might hinge upon laws originally written for blackmail, libel, or even peeping Tom violations.

For more, read the full article here.

Big Data Proxies and Health Privacy Exceptionalism

Nicolas P. Terry Leave a comment

By Nicolas Terry

I have posted Big Data Proxies and Health Privacy Exceptionalism. The article argues that, while “small data” rules protect conventional health care data (doing so exceptionally, if not exceptionally well), big data facilitates the creation of health data proxies that are relatively unprotected. As a result, the carefully constructed, appropriate, and necessary model of health data privacy will be eroded. Proxy data created outside the traditional space protected by extant health privacy models will end exceptionalism, reducing data protection to the very low levels applied to most other types of data. The article examines big data and its relationship with health care, including the data pools in play, and pays particular attention to three types of big data that lead to health proxies: “laundered” HIPAA data, patient-curated data, and medically-inflected data. It then reexamines health privacy exceptionalism across legislative and regulatory domains seeking to understand its level of “stickiness” when faced with big data. Finally the article examines some of the claims for big data in the health care space, taking the position that while increased data liquidity and big data processing may be good for health care they are less likely to benefit health privacy.

Of Data Challenges

Leslie Francis Leave a comment

By Leslie Francis

Cross-posted from the HealthLawProfs blog.

Challenges designed to spur innovative uses of data are springing up frequently. These are contests, sponsored by a mix of government agencies, industry, foundations, a variety of not-for-profit groups, or even individuals. They offer prize money or other incentives for people or teams to come up with solutions to a wide range of problems. In addition to grand prizes, they often offer many smaller prizes or networking opportunities. The latest such challenge to come to my attention was announced August 19 by the Knight Foundation: $2 million for answers to the question “how can we harnass data and information for the health of communities?” Companion prizes, of up to $200,000, are also being offered by the Robert Wood Johnson Foundation and the California Healthcare Foundation.

Such challenges are also a favorite of the Obama administration. From promoting Obamacare among younger Americans (over 100 prizes of up to $30,000)–now entered by Karl Rove’s Crossroads group–to arms control and identification of sewer overflows, the federal government has gone in for challenges big time. Check out challenge.gov to see the impressive list. Use of information and technological innovation feature prominently in the challenges, but there is also a challenge for “innovative communications strategies to target individuals who experience high levels of involuntary breaks (“churn”) in health insurance coverage” (from SAMHSA), a challenge to design posters to educate kids about concussions (from CDC), a challenge to develop a robot that can retrieve samples (from NASA), and a challenge to use technology for atrocity prevention (from USAID and Humanity United). All in all, some 285 challenges sponsored by the federal government are currently active, although for some the submission period has closed. Read More

Good News for HIV Prevention Policy: Syringe Access Update

Temple University Center for Public Health Law Research Leave a comment

By Scott Burris

In documenting how often public health law research does influence legislation, I’ve used syringe exchange programs as an example of evidence NOT guiding policy.  Despite the consensus in health research that increasing access to sterile syringes has helped reduce HIV, state drug paraphernalia laws, and pharmacy regulations remain a barrier, as does the lack of strong and stable funding for the programs that are working.  The case was just made again in an article in the Annals of Health Law. Rachel Hulkower and Leslie Wolf retell the story of the federal funding ban, going over the evidence yet again, and argue that state inaction would best be overcome with money: replacing the federal ban with a positive endorsement and real funding.  (As long as we are in an optimistic mood, I would add strings – no HIV funding for states that don’t remove legal barriers to syringe access.  This would balance the scales a bit for Congress’ past sin in requiring state recipients of HIV funds to provide for criminalization of exposure and transmission.)

But today I type to tell a happier story. This summer, the state of Nevada passed a statute authorizing syringe exchange and pharmacy sales.  There are now 16 jurisdictions whose laws explicitly authorize syringe exchange programs (CA, CO, CT, DC, DE, HI, MA, MD, ME, NJ, NM, NV, NY, RI, VT, WA) and the number of states that require a prescription for retail purchase without exception has dwindled to ONE (Chris Christie’s New Jersey – Delaware, the other hold out, changed its law this year.)  But the important thing is not the next halting steps in this slow trend, but the quality of Nevada’s legal contribution.  This is going to get a little bit wonky in parts, but let me just take you on a quick tour of this marvelous statute, which drew from a model created several years ago by the Canadian HIV/AIDS Legal Network.

Read More

Dov Fox on the Future of Genetic Privacy

Dov Fox Leave a comment

Bill of Health contributor Dov Fox has a new op-ed at the Huffington Post on “junk” DNA and the future of genetic privacy in the aftermath of the Supreme Court’s ruling, in Maryland v. King, that police may collect DNA from people under arrest. Fox argues,

The next great controversy over forensic DNA won’t have anything to do with whether police can test “junk” DNA from people whose identity they already know. It will be about whether police can look “more broadly” at the “other stuff” that genetic information can reveal from people who aren’t yet known to them. That our DNA could serve as an eyewitness has powerful implications, beyond individual privacy, for the pervasive role of race in the investigation of crime.

Read the full piece here.

Art Caplan on the NIH’s Agreement Regarding Control of Henrietta Lacks’ Cells

acaplan Leave a comment

Art Caplan has a new opinion piece up at nbcnews.com on the longstanding controversy over the use of the cells of Henrietta Lacks, a poor African American woman who died of cervical cancer in 1951, for research that has generated billions of dollars through scientific research over more than six decades. This research was conducted without Lacks’ or her family’s consent. According to a new NIH agreement with the Lacks family:

Lack’s genome data will be accessible only to those who apply for and are granted permission. And two representatives of the Lacks family will serve on the NIH group responsible for reviewing biomedical researchers’ applications for controlled access to HeLa cells. Additionally, any researcher who uses that data will be asked to include an acknowledgement to the Lacks family in their publications.

The new understanding between the NIH and the Lacks family does not include any financial compensation for the family. The Lacks family hasn’t, and won’t, see a dime of the profits that came from the findings generated by HeLa cells. But this is a moral and ethical victory for a family long excluded from any acknowledgment and involvement in genetic research their matriarch made possible.

Read the full article here.

Science, Art, Policy, and the Importance of Good Science Communication

mmeyer Leave a comment

By Michelle Meyer 

Although I promised that I was done commenting on the artist-cum-policy wonk who claims to make 3-D “masks” of unknown individuals from their discarded DNA, Matthew Herper of Forbes has taken the criticisms of her (and the media covering her project) articulated by me and others directly to the artist. I confess that her response does not make me feel any better. Even if you’re “only” engaging in art, it seems to me that when that art has an obvious science policy message — indeed, one that you invite — you have some obligation to be clear about how “speculative,” as she puts it, your art is. But when you decide to move from the world of art into the world of science, and to start leading policy discussions based on your speculative art and working with forensic examiners? Then you really have a strong duty to be very clear about what your work can and cannot do. That means, among other things, taking care when talking with the media, and correcting the media if they get it wrong.

Yesterday, the Social Science Genetic Association Consortium, an international consortium that pools and conducts social science research on existing genome-wide association study (GWAS) data, and on whose Advisory Board I sit, published (online ahead of print) the results of its first study in Science. That paper — “GWAS of 126,559 Individuals Identifies Genetic Variants Associated with Educational Attainment” (plus supplemental data) — like much human genetics research, has the potential to be misinterpreted in the lay, policy, and even science worlds. That’s why, in addition to taking care to accurately describe the results in the paper itself, including announcing the small effect sizes of the replicated SNPs in the abstract, being willing to talk to the media (many scientists are not), and engaging in increasingly important “post-publication peer review” conversations on Twitter (yes, really) and elsewhere — we put together this FAQ of what the study does — and, just as important, does not — show. So far, our efforts have been rewarded with responsible journalism that helps keep the study’s limits in the foreground. Perhaps the DNA artist should consider issuing a similar FAQ with her speculative art.

Public Policy Considerations for Recent Re-Identification Demonstration Attacks on Genomic Data Sets: Part 1 (Re-Identification Symposium)

mmeyer 2 Comments

By Michelle Meyer

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science and Re-Identification Demonstrations. We’ll have more contributions throughout the week. Background on the symposium is here. You can call up all of the symposium contributions by clicking here. —MM

Daniel C. Barth-Jones, M.P.H., Ph.D., is a HIV and Infectious Disease Epidemiologist.  His work in the area of statistical disclosure control and implementation under the HIPAA Privacy Rule provisions for de-identification is focused on the importance of properly balancing competing goals of protecting patient privacy and preserving the accuracy of scientific research and statistical analyses conducted with de-identified data. You can follow him on Twitter at @dbarthjones.

Re-identification Rain-makers

The media’s “re-identification rain-makers” have been hard at work in 2013 ceremoniously drumming up the latest anxiety-inducing media storms. In January, a new re-identification attack providing “surname inferences” from genomic data was unveiled and the popular press and bloggers thundered, rattled and raged with headlines ranging from the more staid and trusted voices of major newspapers (like the Wall Street Journal’s: “A Little Digging Unmasks DNA Donor Names. Experts Identify People by Matching Y-Chromosome Markers to Genealogy Sites, Obits; Researchers’ Privacy Promises ‘Empty’”) to near “the-sky-is-falling” hysteria in the blogosphere where headlines screamed: “Your Biggest Genetic Secrets Can Now Be Hacked, Stolen, and Used for Target Marketing” and “DNA hack could make medical privacy impossible”. (Now, we all know that editors will sometimes write sensational headlines in order to draw in readers, but I have to just say “Please, Editors… Take a deep breath and maybe a Xanax”.)

The more complicated reality is that, while this recent re-identification demonstration provided some important warning signals for future potential health privacy concerns, it was not likely to have been implemented by anyone other than an academic re-identification scientist; nor would it have been nearly so successful if it had not carefully selected targets who were particularly susceptible for re-identification.

As I’ve written elsewhere, from a public policy standpoint, it is essential that the re-identification scientists and the media accurately communicate re-identification risk research; because public opinion should, and does, play an important role in setting priorities for policy-makers. There is no “free lunch”. Considerable costs come with incorrectly evaluating the true risks of re-identification, because de-identification practice importantly impacts the scientific accuracy and quality of the healthcare decisions made based on research using de-identified data. Properly balancing disclosure risks and statistical accuracy is crucial because some popular de-identification methods can unnecessarily, and often undetectably, degrade the accuracy of de-identified data for multivariate statistical analyses. Poorly conducted de-identification may fail to protect privacy, and the overuse of de-identification methods in cases where they do not produce meaningful privacy protections can quickly lead to undetected and life threatening distortions in research and produce damaging health policy decisions.

So, what is the realistic magnitude of re-identification risk posed by the “Y-STR” surname inference re-identification attack methods developed by Yaniv Erlich’s lab? Should *everyone* really be fearful that this “DNA Hack” has now made their “medical privacy impossible”? Read More

An Open Letter From a Genomic Altruist to a Genomic Extrovert (Re-Identification Symposium)

mmeyer Leave a comment

By Michelle Meyer

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science of Re-Identification Demonstrations. You can call up all of the symposium contributions here. We’ll continue to post contributions throughout the week. —MM

Dear Misha:

In your open letter to me, you write:

No one is asking you to be silent, blasé or happy about being cloned (your clone, however, tells me she is “totally psyched”).

First things first: I have an ever-growing list of things I wish I had done differently in life, so let me know when my clone has learned how to read, and I’ll send it on over; perhaps her path in life will be sufficiently similar to mine that she’ll benefit from at least a few items on the list.

Moving on to substance, here’s the thing: some people did say that PGP participants have no right to complain about being re-identified (and, by logical extension, about any of the other risks we assumed, including the risk of being cloned). It was my intention, in that post, to articulate and respond to three arguments that I’ve encountered, each of which suggests that re-identification demonstrations raise few or no ethical issues, at least in certain cases. To review, those arguments are:

  1. Participants who are warned by data holders of the risk of re-identification thereby consent to be re-identified by third parties.
  2. Participants who agree to provide data in an open access format for anyone to do with it whatever they like thereby gave blanket consent that necessarily included consent to using their data (combined with other data) to re-identify them.
  3. Re-identification is benign in the hands of scholars, as opposed to commercial or criminal actors.

I feel confident in rejecting the first and third arguments. (As you’ll see from the comments I left on your post, however, I struggled, and continue to struggle, with how to respond to the second argument; Madeleine also has some great thoughts.) Note, however, two things. First, none of my responses to these arguments was meant to suggest that I or anyone else had been “sold a bill of goods” by the PGP. I’m sorry that I must have written my post in such a way that it leant itself to that interpretation. All I intended to say was that, in acknowledging the PGP’s warning that re-identification by third parties is possible, participants did not give third parties permission to re-identify them. I was addressing the relationship between re-identification researchers and data providers more than that between data providers and data holders.

Second, even as to re-identification researchers, it doesn’t follow from my rejection of these three arguments that re-identification demonstrations are necessarily unethical, even when conducted without participant consent. Exploring that question is the aim, in part, of my next post. What I tried to do in the first post was clear some brush and push back against the idea that under the PGP model — a model that I think we both would like to see expand — participants have given permission to be re-identified, “end of [ethical] story.” Read More

DNA Art

kvantassel Leave a comment

According to an article in the NYT, an artist has collected DNA samples from litter on sidewalks, such as chewing gum and cigarette butts, and used those samples to extract and sequence DNA that she then used to make computer models of their owners’ faces. She then printed 3-D masks that she is showing at her upcoming exhibit called Stranger Visions. The artist hopes her exhibit will spark a dialogue over genetic surveillance.

The NYT article explains that

[w]hile staring at the wall of her therapist’s office, the artist Heather Dewey-Hagborg noticed a strand of hair stuck in a hanging print. Walking home, she noticed that the subways and sidewalks were littered with genetic material on things like chewing gum and cigarette butts, some still moist with saliva. Curious about what she could learn, Ms. Dewey-Hagborg began to extract and sequence DNA from these discarded materials. Then — and here it gets a little eerie — she began to make computer models of their owners’ faces, using genetic clues to print 3-D masks that she concedes “might look more like a possible cousin than a spitting image.” Hanging these portraits along with the original samples, she says, is “a provocation designed to spur a cultural dialogue about genetic surveillance.” After the June exhibitions, Ms. Dewey-Hagborg will show her work early next year at the New York Public Library. She has also collaborated on a tongue-in-cheek project called DNA spoofing, which purports to offer ordinary people some techniques to avoid detection by scrambling their genetic material.

Talk and exhibition at Genspace in Brooklyn on June 13. Exhibition at QF Gallery in East Hampton, N.Y., opens June 29.

[Cross-posted from HealthLawProf Blog]