Inconsistent Genome Privacy Laws — A Legal Authority Shares Insights

By Jennifer Geetter

On October 11, 2012, the Presidential Commission for the Study of Bioethical Issues released its report, “Privacy and Progress in Whole Genome Sequencing.”  In issuing the Report, the Commission hoped to identify and document informational privacy and data risks attendant to whole genome sequencing (WGS). The Report sets forth 12 recommendations for how best to maximize the utility and availability of WGS while balancing important public policy and ethical concerns across the following goals: (1) data protections simultaneous with data access and sharing; (2) data security and access to secure databases; (3) different consent models; (4) facilitating WGS progress; and (5) maximizing public benefit.

It is well known that field of genetic testing is exploding and genetic testing is an increasingly routine component of the diagnosis and treatment of patients. Whole Genome Sequencing is a particular type of genetic testing in which a patient’s entire genome is sequenced, even those sections of the genome where we do not yet understand the clinical biochemical function the sequenced segments. The Report notes that WGS is increasingly popular among both patients and physicians, in part because the cost is rapidly falling. In addition, WGS is already a critically important part of genomic research when scientists seek to identify a possible genetic basis for a condition. With these testing trends in mind, the Commission states that it is concerned that privacy risks specific to and/or exaggerated by WGS should be addressed proactively.

The Report identifies a number of privacy and data sharing-related concerns that the Commission sees as raised by WGS. For example, information gleaned from WGS may not only reveal something about the individual undergoing the testing, but also about his/her family members or community if the results suggest a familial or racial or ethnic predisposition to a condition as opposed to a random, isolated genetic mutation in that one individual. The Report also discusses the need to enable sequencing sharing segmentation where patients are empowered to share pieces, but not all, of their WGS results and expresses concern as to whether this is currently possible. In a much cited example, the Report also noted that individuals could be subjected to unwanted WGS if they left behind a coffee cup or other routine genetic residue that a bad actor could submit for testing. The Report also identified certain regulatory restrictions on the sharing of unvalidated test results with individuals participating in genomic research in light of certain requirements under CLIA.

The Report questions whether existing privacy protections at the state and federal level are sufficient. Many WGS test companies do not meet the definition of covered entities under HIPAA and therefore sit outside the HIPAA privacy framework. GINA prohibits the use of genetic information in making health plan individualized risk-rating and employment decisions, but does not prohibit the use of genetic test results more broadly. Many states limit the use of genetic information to be used for certain employment and health coverage eligibility questions, but the definition of “genetic information” remains challenging. GINA, for example, includes within genetic information family history information but does not include symptomatic manifestation of disease.

Concerns about genetic privacy and data sharing are not new, and questions about the nature and degree of privacy risks posed by genetic information as compared to other types of sensitive health information, are also not new. The Commission in its Report identifies informational privacy and data sharing risks both new in kind and new in degree, and, overall, proposes recommendations whereby stakeholders are encouraged to look through genomic-colored glasses in order to leverage well-established ethical and legal principles in ways tailored for the genomic age. As genomic information continues its migration from the margins to the center of the health information universe, the privacy and data sharing protections and incentives put in place for genomic information may well serve as the foundation for an overall privacy and data sharing framework more generally. The Report, therefore, should be carefully considered as an early government effort to establish public policy in this important area and WGS stakeholders should begin the process of reviewing their policies, forms, agreements and other procedures with an eye to tailored protections.

Jennifer S. Geetter is a partner in the law firm of McDermott Will & Emery LLP and a member of the Firm’s Life Sciences Affinity Group and Personalized Medicine Team, and Privacy and Data Protection Practice.