Presentation on theme: "What Should You Know and Be Doing About Genome Privacy? Ellen Wright Clayton, MD, JD Center for Biomedical Ethics and Society Vanderbilt University."— Presentation transcript:
What Should You Know and Be Doing About Genome Privacy? Ellen Wright Clayton, MD, JD Center for Biomedical Ethics and Society Vanderbilt University
The main point Making it difficult to link data to an individual is not the only issue Other factors that matter Who controls access? Who needs or is entitled to access? What is data appropriately being used for? From whose perspective? What are the chances that data will be misused?
What is the real risk to genomic privacy? Homer and Gymrek? Evidence of genetic discrimination is hard to come by even though our laws provide little protection Is there really a case for treating genomic information differently from other medical information?
So what is the risk of privacy breach? This occurs most commonly for medical records when laptops are lost or stolen http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule /breachtool.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule /breachtool.html
Deborah Peel “patients want to be personally contacted to give consent for research–either directly or by using technology to electronically, automatically check with their personal consent rules (in a single place they designate online). Electronic consent management systems or tools would ensure that patients can set their own broad and narrow rules, segment sensitive information, change their rules at any time, and be ‘pinged’ for any exceptions.” (email to me 7/3/14) Proposal from the U.S. Office of Human Research Protection to require “informed consent” for all uses of genomic data Contents of the consent not specified
But there are countervailing arguments Pressure from funders to obtain broad consent for data sharing Only choices are between controlled data base (e.g., dbGaP) v. open data base (e.g., 1000 genomes) Many uses of data without consent for disease detection, quality control, and research These uses are well embedded in many places, including public health law, the Regulations for Human Research Protection, and HIPAA Typically, but not always, de-identified to some degree
But there are countervailing arguments The obligation of patients to contribute to the common purpose of improving the quality and value of clinical care and the health care system. Traditional codes, declarations, and government reports in research ethics and clinical ethics have never emphasized obligations of patients to contribute to knowledge as research subjects. These traditional presumptions need to change. Just as health professionals and organizations have an obligation to learn, patients have an obligation to contribute to, participate in, and otherwise facilitate learning. Faden, et al., Hastings Center Report (2013)
Research – data sharing Despite great interest by funders and scientists in data sharing Lack of harmony in international law Standards for consent Standards for de-identification Standards for sharing Some countries do not allow data to be removed from their borders
Research – return of results Growing pressure to return at least some results of genomics research – what results? The target of the research Necessarily discovered – QC and pleiotropy Those you have to hunt for There is nothing “incidental” about these The debate in the US has been misguided by an inappropriate analogy to imaging studies Laboratory testing is the better comparison
Research – return of results Heated debate about which results to return Major variables are actionability and degree of pathogenicity Proposals range from: Highly pathogenic and actionable Lower degrees of pathogenicity and actionability Reproductive risk Personal meaning Everything Potential legal barriers
Research – return of results Impact of relationship between researcher and participant Wolf, et al., GIM 2012
Research – return of results If return of results is required, then calls removal of identifiers into question
Genomic data in the clinic Identification of data is essential What test is done? Single gene v. panel v. genome-scale Presidential Commission for the Study of Bioethical Issues calls for “diagnostic parsimony” where possible
Genomic data in the clinic – if genome-scale testing is done What must the report contain for clinical use? Essential to return the genotype, which may or may not be accompanied by a clinical recommendation Clinicians open themselves up to liability if they do not have access to the pertinent variants even if they rely almost exclusively on the recommendation
Genomic data in the clinic – if genome-scale testing is done Where does the data go? In the medical record? Somewhere else? What goes where? Who has access to it? Recent federal regulations requires that patients have direct access to their laboratory results Does this include all genomic data?
Genomic data in the clinic The same questions arise about what must and should be examined Clinical purpose, necessarily found, duty to look What criteria for return Clinically useful data All genomic data
Questions for the future Maintaining the integrity of the data Duty to reexamine? All genomic data Clinically actionable data
A note about DTC testing Should a clinician rely on this result?
A take-home point Many of the issues that I have outlined cannot be achieved by segregation or obscuring of data Rather, they require attention to oversight, control of access, and prevention of misuse