How Safe is the Sharing of Our Genetic Information?
By Fiona Nielsen, CEO and Founder, Repositive
In the 10 years since the US introduced its GINA regulations – the Genetic Information Nondiscrimination Act – the genetic landscape has changed substantially. There is more genomic data available than ever before. As many as one in 25 individuals in the US is thought to have undertaken genetic tests, including Direct to Consumer or ‘DIY’ tests, which individuals can order online and conduct at home. Large-scale genomics projects have also been pioneered – Genomics England has sequenced 71,095 genomes to date.
In the UK, while DIY testing is not yet as popular as it is in the US, individuals are, none the less, undertaking genetic testing for a number of reasons, including: in paternity disputes; to confirm family relationships to support an immigration application; to discover distant relatives; to investigate dietary requirements; or to learn more about individual health concerns. The NHS also recently announced that it is to become the first health service in the world to routinely offer genomic medicine, and will provide patients in England with DNA tests on ‘an unprecedented scale’ from the autumn.
The predictive value of genomics for individual health has, however, not been as high as first imagined. In the 1990s people thought that we would be able to predict, within a few years, individuals’ eventual cause of death. There was an overestimation of how predictive genetic information would be, on all counts – from health, disease, personality traits and more – which has just not been realised. There are actually a multitude of factors which can affect the expression of your genetics, from the bacteria which live in your body to the chemicals you are exposed to in the environment.
The companies that conduct genetic tests with disease prediction in mind cross-reference DNA against just a handful of genetic markers – those that have been discovered to date which predict, to greater or lesser extent, an individual’s predisposition to a particular disease. The presence of the BRCA1 marker, which indicates an above 80% likelihood of an individual developing breast cancer during their lifetime – and which Angelina Jolie famously acted on by electing to have a preventative double mastectomy – is likely to be the most actionable test result. Other results may have a high likelihood but have no actionable response possible, other than to invest in a healthy lifestyle. Most other markers that have been discovered so far will indicate only a nominal level of risk of developing a particular disease (often 10% or lower).
Yet despite this limited predictive value of genomics testing for most individuals, the upward trend in genetic testing has led to more frequent discussions, both in the UK and the US, about how safe it is to test and share (the provider conducts the test and so has the results on file), genetic information. In fact, one in three respondents to a survey conducted in 2016 by UBS reported that the privacy of their genetic data was a concern.
While there is limited predictive value of genomics alone for individual health care, the use of genetic data in aggregate is offering genuine disruption and advancement, through new diagnostics and medical treatments. Researchers in industry and academia rely on anonymised datasets of genetic information as the basis of studies including resistance to diseases or sensitivity to different treatments across populations. It’s concerning to note that, as the number of people taking genetic tests has been steadily increasing, the reactionary response has been largely focused on security concerns around, rather than the benefits of, genetic testing. Should this negative outlook continue we may see a future decline in the number of individuals taking the tests or willing to share their results – which will slow down progress in genetics-based health care developments.
As the National Human Genome Research Institute explains, the human genome contains about 3 billion base pairs that spell out the instructions for making and maintaining a human being. There are four chemical bases which form “base pairs”: Adenine (A), Thymine (T), Cytosine (C) and Guanine (G). The pairing underlies the methods by which most DNA sequencing experiments are done and, to anyone other than a genetic expert, even excluding people who run genetic testing companies and most who process DNA samples, this information looks like a string of unintelligible As, Ts, Cs and Gs.
Why are individuals becoming fearful or anxious about genetic testing?
Data for discrimination
One area that people are particularly concerned about in terms of genetic information is whether test results could be used by health insurers to discriminate against them with hiked premiums.
In the UK, we tend not to worry so much about this as everyone is entitled to free healthcare at the point of access. However, as many of us also have health or life insurance, we can easily see how concerning it might be to think that if we had even just a 3% risk of developing a particular disease, our premiums could skyrocket. Nevertheless, we are protected by a Concordat and Moratorium on Genetics and Insurance, a long-standing agreement between the Association of British Insurers (ABI) and the Department of Health (DH) on how insurers use genetic information – established as long ago as 2001.
In countries like the US, however, these concerns are more prominent because of the way the healthcare sector is financed, with individuals relying on being able to afford health insurance to cover the costs of their healthcare. It is within this context that the GINA regulations were first established and, 10 years on, there is more of a need than ever for such regulations to protect patients, DIY test takers and research participants from data misuse.
Individuals who are concerned about the use of their data, who do not think that the GINA regulations offer sufficient protection, are potentially missing out on accessing the medical treatment they need, by refusing to take a genetic test. There have been instances where individuals with a family history of a genetic disorder such as Huntington’s disease, for example, have rejected a genetic test which could provide them with essential support and treatment. Additional concerns regarding future uses of genetic data may also come from areas outside healthcare, such as families which have been split up at the US/Mexico border rejecting a genetic test provider’s offer to conduct free tests to support the reunification of families, due to concerns about how the genetic information could be used against them in the future, or the recent arrest of a suspect in a long-running murder investigation in California, based in part on the police use of ancestry websites to match a DNA sample from the crime scene.
Increased participation, flawed public perception
A lack of public knowledge about how an individual’s genome can be used to predict health outcomes increases the uncertainty and contributes to some individuals’ hesitations about taking tests or sharing their results. But insurers are already entitled to ask individuals all manner of deeply personal questions, about our current and historical health care, as well as our family’s, so there is an argument to be made that insurers don’t gain much from discovering the results of genetic tests anyway. If anything, it may be of benefit to individuals to provide health insurers with their test results if, for instance, their family history indicates a predisposition for a particular disease, but their test results rule them out.
For most diseases, however, no markers have yet been discovered and those that have been are thought of as ‘low hanging fruit’; the idea that someone who came across our DNA could discover any deeply personal information about us, other than what has already been identified through the testing we have undertaken, is fantasy. In reality, the power of genomics lies in large data sets. What can be learned about an individual based on just their genetic data is relatively small. This is why people who have a good idea of how difficult it is to interpret DNA are always much more comfortable about donating their own and allowing it to be used in large scale research projects; they recognise that the risks of someone analysing their DNA are so minute, while the individual benefits and potential benefit for human kind so great.
Difficulty in deleting data
As the popularity of DIY testing has increased over the last few years, a number of national newspapers have reported on the phenomenon, with journalists undertaking genetic tests from main providers themselves and detailing how simple, affordable and insightful the tests were. More recently some of these journalists have conducted follow-up investigations to ascertain how easy, or not, it is to erase their genetic footprint from these different test providers. The resounding response, across the board, was ‘not easy’.
Both due to regulatory requirements (such as the Clinical Laboratory Improvement Amendments (CLIA) of 1988 which require laboratories to store de-identified results for at least two years for quality control purposes), and the reality that genetic data that has already been shared with a third party is impossible to retract (e.g. from medical researchers using the data as part of a broader study), some requests to delete the journalists’ genetic information were met with a simple ‘no’. Some providers promised to refrain from further sharing the journalists’ data with new third parties and offered to restrict the journalists’ own access to their data (by closing their accounts, essentially) but still keep their genetic data on file somewhere.
With implementation of European-wide GDPR regulation companies must have a valid ground for storing identifiable information about an individual. If the data subject asks for their data to be removed, there exists a qualified right of erasure. This law extends to foreign companies when they are processing the data of EU subjects. It is worth noting that in some cases data can still be lawfully kept such as if customers have entered into a contract where processing their data is a necessary part of the agreement. Additionally, once personal information has been anonymised, including aggregated genomic data, then it is no longer covered under GDPR. A company can rely on a legal obligation to keep the data for public health as well as archiving purposes for scientific research.
Digital footprint aversion
Another reason for individuals to have heightened anxieties about sharing their genetic ‘footprint’ is, no doubt, the growing and widely reported concerns about the security of our digital footprint. We share a lot of data unknowingly and recent abuses by global organisations of the data they have captured, stored and sold, have made people more reluctant to blindly trust organisations.
But, to some extent, any type of personal data can cause problems if it ends up in the wrong hands. In terms of discrimination or manipulation, people can discover a lot about us if they view our credit card transactions, the content of our WhatsApp conversations, what we share on social media, or our GP’s medical records. Yet there is a tendency to view online banking security measures as an annoyance; engage on social media on a daily basis; and have faith that in most cases our GP will have security measures in place to protect our health records.
Instead of opting out of these activities, we accept an element of risk and carry on, because we think the chances of being unfortunate enough to be defrauded, embarrassed, or even blackmailed are so slim. Additionally, we recognise that the benefits associated with agreeing to centralised medical records; talking to friends and family online; and being able to pay quickly and easily for goods with a credit card, far outweigh the potential risks.
The same is true in terms of how likely it is that our genetic information could fall into the wrong hands. It could, but when it comes to our information being used against us, the risks are actually very low. Most of us have used a card to purchase something we would be embarrassed about; and many have said something on social media that would make us cringe in later years. But, aside from a handful of genetic markers that can identify a relatively low predisposition to a particular disease – or for certain rare diseases where one genetic change is causing the rare condition, there is not that much that can be learnt for certain about an individual from their DNA – even tests for ethnicity can be wildly speculative and imprecise.
The benefits outweigh the risks
As with most of the decisions we make, genetic testing is not without risk. But we drive cars, we travel by plane, we conduct an enormous number of transactions online, and we trust all manner of professionals to care for our health, wealth and happiness – and to take responsibility for not putting our information at risk while doing so.
At Repositive we work hard to ensure health data is findable, accessible, interoperable and reusable, to advance research, because doing so is fundamental to speeding up the discovery and development of cures and treatments for diseases like cancer. But we also take seriously the need to protect individuals’ and organisations’ privacy and security requirements. Our ambition is to encourage everyone involved in research to share data more effectively and continue to support better education and transparency around the applications and benefits of genomic research among the general public.