Genetic Databases Bump Up Against Privacy Concerns

Jared Kaltwasser
JUNE 19, 2018
hca news,genetic data privacy,dna privacy,genomic data protection

In many ways, it’s the golden age of genetic research.

As our knowledge of genetics increases and our ability to crunch massive amounts of data accelerates exponentially, scientists have the ability to make highly accurate predictions about health, both at the individual and population levels. That information could have far-reaching implications for the ways we optimize healthcare—implications that we’re only now beginning to realize.

But there’s a caveat.

Among the things that can be elucidated from genomic data is a person’s identity. In theory, this could happen even in cases where a patient’s name is removed from the data. And in the age of Cambridge Analytica, the Golden State Killer, endless hacking of banks, and daily ransomware attacks, the potential for telling genomic data to be linked to individuals has become a major headache for genetic researchers and cybersecurity experts alike.

>> LISTEN: Should Cops Have Access to Consumer DNA?

Just ask Bonnie Berger, PhD, a mathematician at the Massachusetts Institute of Technology. She and her colleagues were frustrated by the effects that privacy issues have had on research. In many cases, investigators have to wait months for approval to access large databases of genomic data. And while privacy has always been a concern for scientists handling human subject data, Berger told Healthcare Analytics News that the issue overlaps with new fears on the part of the public about online privacy.

“Increasing public awareness of data privacy issues may lead to fewer individuals contributing their genomic data to scientific studies and biobanks, a challenge that cryptographic solutions such as our work can help overcome,” she said.

Berger and colleagues at MIT and Stanford are working to improve the cryptographic methods used to protect genomic data. They recently unveiled a new “secret sharing” system that protects genomic data by dividing sensitive data among multiple servers. The hope is that a better security apparatus will make it easier for researchers to obtain and share data on a large scale.

Top Threats

If data security is the concern, the logical question is: Who are we protecting data from? The answer can be divided into 2 broad categories: business and governmental organizations that might have an interest in our genetic secrets and hackers or cybercriminals.

Ellen Wright Clayton, JD, MD, MS, co-director of the Center for Genetic Privacy and Identity in Community Settings at Vanderbilt University, said many people have second thoughts about sharing their genetic data because they worry it could be used against them.

 “They’re worried about employment,” she said. “They’re worried about insurability. And they’re worried about the government.”

The Genetic Information Nondiscrimination Act of 2008 (GINA) was meant to allay concerns about genetic data being used in dystopian ways. GINA protects against discrimination in employment and health insurance, though the law is limited in its scope. Patients are also protected against health insurance discrimination based on pre-existing conditions under 2010’s Affordable Care Act.

But Mark A. Rothstein, JD, who directs the Institute for Bioethics, Health Policy, and Law at the University of Louisville, said GINA doesn’t outlaw a number of other types of potential discrimination. Life, disability, long-term care insurance, real estate transactions, for example, aren’t covered under GINA.

He noted that a privacy risk that is often overlooked is the area of “compelled disclosures,” instances where people are asked to give access to their health records in order to apply for products or services.

“For example, it is reasonable for a disability insurance company to see the medical documentation of disability before they pay a claim,” he said. “The problem is that with the advent of electronic health records, more information can be disclosed easily, and it is not unusual for the disclosure to be of the individual’s entire health record.”

>> READ: If You Can't Beat the Hackers, Join Them

Thus, the disability insurer could also receive unrelated information such as a patient’s mental health history or genetic information. Partly because at least 25 million compelled disclosures take place every year, as per Rothstein’s research, many people are reluctant to undergo any form of genetic testing.

So, what about the hackers?

Bradley Malin, PhD, a professor of biomedical informatics and associate professor of biostatistics who co-directs Vanderbilt’s genetic privacy center with Clayton, said the threat from hackers is real but also somewhat narrow.

“Hackers are always going to be interested in VIPs, so [there’s a risk] if you have individuals in these databases who are sufficiently high-profile that paparazzi would be interested in the data, or it could be used against somebody in some kind of smear campaign,” he said.

However, Malin noted that most hackers don’t have the expertise or resources to interpret the data on their own, meaning it would be difficult to yield meaningful information from raw genetic data in a cost-effective manner. In the future, there might be a simple tool that delivers quick, cheap genetic information, but it doesn’t exist yet.

“I think, again, this becomes a question of the value and the ability to do interpretation quickly,” he said.

But hackers can be a strange breed. Some might simply want to prove they have the skill to sneak into a database, either to embarrass the database’s owner or simply to raise their own profile.

Become a contributor