A health insurer’s offer of free genetic testing to patients raises concerns, say privacy advocates.
The Minnesota-based non-profit HealthPartners has created “myGenetics DNA Research Program,” an initiative to provide “more personalized care to our patients, families, and community,” according to its website, by collecting population health data. HealthPartners is offering the tests at its hospitals and clinics to any of its 1.8 million plan members in the Midwest if they enroll in the program and provide a blood and/or saliva specimen.
Clinically, the program is focused on genetic tests for relatively rare clinical syndromes, a few inherited cancers, and hereditary high cholesterol, but it is collecting data on the protein-producing part of the human genome, says Roger Klein, M.D., J.D., a diagnostic radiology specialist and policy advisor to The Heartland Institute, which co-publishes Health Care News.
“This company is exome sequencing, and partnering with a number of health systems, providing limited data back to the person who participates in the research study,” said Klein. “As a broader [research] program, … they are sequencing all of the genes and there is some significance in that. They are testing everything, and they are storing the data. It’s a different model.”
Genetic Data Mining
Limited protections for consumers could result in long-term loss of personal and private data protections, stated the Citizens’ Council for Health Freedom (CCHF), a patient advocacy group, in a press release on February 6.
Patients must read the fine print, says Twila Brase, R.N., founder and president of CCHF, and a Heartland policy advisor.
“It could create genetic dossiers on individuals and a genetic goldmine for HealthPartners,” said Brase.
Genetic data can be used to deny someone life insurance, which is not protected under national genetic privacy law, according to CCHF. Consumers who have been determined to be predisposed to certain diseases may not qualify or be charged significantly more.
After reviewing public documents on the program, CCHF found no apparent limit on the type of research conducted on DNA samples, no consent form regarding potential harms, and a lack of clarity over lifetime ownership and control of a participant’s individual data.
Genetic Testing Companies
Consumer Reports (CR) reviewed privacy practices of direct-to-consumer genetic testing companies 23andMe, Ancestry, CircleDNA, GenoPalate, and MyHeritage.
Despite the companies’ claims that privacy is a top priority, “when consumers opt into ‘research,’ many are providing third-party access not only to their DNA but also to other types of data the company has about you,” states an article in CR. In fact, “companies employ policies and practices that our experts think unnecessarily compromised consumers’ privacy,” CR found.
“If you read the fine print, 23andMe allows for third-party access,” said Brase. “Essentially, the company owns [genetic material] after they’ve given you your test results. They’re building this great repository of DNA. There’s a lot of money to be made in research.”
In 2019, 23andMe and Ancestry launched the Coalition for Genetic Data Protection with the publicized intent to “ensure the responsible and ethical handling of every person’s genetic data,” but a uniform policy does not ensure protection of individual data, says Brase.
“The lobbyists have made it clear that the industry is moving to protect itself,” said Brase. “They want the right to use all of this.”
Data Privacy Bill
The Minnesota State Legislature is considering a bill to protect individuals’ genetic data.
Natasha Chernyavsky, a CCHF legislative and policy specialist, testified before the Minnesota House Commerce Committee regarding HF 1520, which would require “direct-to-consumer genetic testing companies to provide disclosure notices and obtain consent,” on February 20.
“[W]e are concerned that the bill does not sufficiently protect privacy and individual rights, and gives a false sense of security to consumers,” Chernyavsky said.
One problem with the current bill is the limited scope of the information it protects, Chernyavsky said. The bill states that genetic data “does not include de-identified data,” leaving companies free to share this information without consumer consent once personal identifiers are removed.
“Even though it’s still the person’s blood or the person’s spit, it will no longer be deemed genetic data, and those specimens and any related data will be exempt from the protective provisions of this bill,” said Chernyavsky. ”[And] if the un-pooled individual data is breached, a person could potentially be identified by their deidentified DNA and data by simply using a public database.”
‘Access Will Be Everywhere’
The Minnesota bill would shift authority over data protection to the federal Common Rule for federally funded research, putting control into the hands of regulators who could be influenced by activists or industry lobbyists, Chernyavsky testified.
The Minnesota legislation is “less about privacy and more about providing companies with the right to use genetic data as they wish without consent,” said Chernyavsky.
At some point, “exome sequencing will be antiquated, and we will be sequencing the entire genome,” said Klein. “As costs come down, access will be everywhere.”
Right now, data privacy protection is “the wild, wild west,” says Brase.
“This is the most personal, private data anyone could ever obtain about you,” said Brase. “This is very valuable property. We should have a real genetic privacy law to protect consumers as they are becoming research subjects.”
Ashley Bateman (bateman.ae@googlemail.com) writes from Virginia.