What is the impact of genetic testing on privacy?

"Genetic testing appears to exist in a regulatory vacuum," according to the policy director of the Genetics and Public Policy Center at Johns Hopkins. Because of the difficulty of performing and interpreting genetic tests, the labs which perform the approximately 1,000 tests currently available are not well (if at all) regulated at either the Federal or state level. Indeed, almost none have been reviewed by any government agency to ensure they do what they say they do. The FTC (Federal Trade Commission) regulates how genetic tests are advertised to consumers but none have been enforced yet with respect to the advertising of genetic tests. The FDA (Food and Drug Administration) regulates genetic test kits, but, according to Javitt, most gene testing labs develop their own in-house methods that are not currently reviewed by FDA. Even laboratories certified by CLIA (Clinical Laboratory Improvement Amendments) which covers basic and generic lab practice issues, does not provide information that is relevant to disease or future disease or condition.

With regard to privacy, there is no comprehensive federal protection in place. At the state level, privacy/discrimination legislation is variable, at best. For example, a consumer in Oregon purchases a genetic test from DNADirect (an online vendor based in San Francisco, CA). The consumer sends in their DNA sample to be tested. As soon as the sample leaves the state it is no longer protected under Oregon's genetic privacy laws. DNADirect sends the sample to Myriad Genetics, a laboratory in New Mexico, for testing. Since New Mexico currently does not have specific laws protecting the privacy of genetic information--and since the sample is no longer under Oregon jurisdiction--maintaining the privacy of the sample (and the donor) may be at-risk. At the present time, several other U.S. genetic testing labs, notably, Florida, California, and Ohio, also have no legislation which speaks directlly to protecting the privacy of genetic information.

For all of the above reasons, raising your awareness and understanding of the regulatory state of genetics and genetic testing in your state is important.

Consumer Considerations:

  • Genetic tests ordered through a doctor provide for better privacy protection.
  • Increasing the circulation of genetic and other health information through unregulated channels may increase the potential for unwarranted invasions of privacy and genetic discrimination.
  • Policymakers have been slow to enact blanket genetic privacy protections and the protections currently in place provide no solid protection for individuals.

How safe is your genetic information?

If you choose to have a genetic test purchased online from one of the many companies offering them, you may be concerned about the privacy of your genetic information. Check the website and the information you receive to learn what the company's policies are.

If, on the other hand, your genetic information is becoming part of a database covered by HIPAA (Health Insurance Portability and Accountability Act), you may be interested in how secure your information is when "protected" by the federal government. The Washington Post, in an article today titled "Medical Privacy Law Nets No Fines" starts this way:

In the three years since Americans gained federal protection for their private medical information, the Bush administration has received thousands of complaints alleging violations but has not imposed a single civil fine and has prosecuted just two criminal cases.

Of the 19,420 grievances lodged so far, the most common allegations have been that personal medical details were wrongly revealed, information was poorly protected, more details were disclosed than necessary, proper authorization was not obtained or patients were frustrated getting their own records.

More than 14,000 of the cases are considered "closed", either because no violation was found, or the group accused of violation (hospital or physican, for example) agreed to fix the problem. No one's watching, though, to see they do.

According to the article,

At least 309 possible criminal violations to the Justice Department. Officials there would not comment on the status of those cases other than to say they would have been sent to offices of U.S. attorneys or the FBI for investigation. Two cases have resulted in criminal charges: A Seattle man was sentenced to 16 months in prison in 2004 for stealing credit card information from a cancer patient, and a Texas woman was convicted in March of selling an FBI agent's medical records.

Advocates for personal privacy suggest that "the lack of civil fines has sent a clear message that health organizations have little to fear if they violate HIPAA."

To read more, check out the article at http://www.washingtonpost.com/wp-dyn/content/article/2006/06/04/AR2006060400672.html

Marie Godfrey, PhD

Privacy of medical information threatened

I haven't been watching the House and Senate daily since stem cells were dropped from the agenda, but today I was reminded that's not a good thing to do. While you're not looking, Congress may slip something through you had no idea about.

This time it could be the privacy of your personal medical information (including results of genetic testing).

I received a notice from the Ethics and Health Law daily newsletter, which happens to come from Australia. The lead-in said: "Congress has latched onto legislation to create a national health information system: the Health Information Technology Promotion Act of 2005 (HR 4157)." and the source was given as Medical News today, 11 February 2006 (http://www.medicalnewstoday.com/medicalnews.php?newsid=37575#)

Oddly enough, the bill in question was introduced in October of last year; it didn't reach the news, but did catch the eye of the Citizens' Council on Health Care (CCHC). According to the article,

"This bill gives the federal government complete control over private medical data. It advances a national health surveillance system - a system where the patient's data is shared, assessed, analyzed, collected, and used without the patient's consent or knowledge," said Twila Brase, president of CCHC.

She clarified, "If this bill passes, there will be no virtually no escape for the public. The so-called federal medical privacy rule (HIPAA) eliminated patient consent requirements. This bill allows the federal government to gut stronger state privacy laws. Together they will lead to the end of personal and medical privacy for all American citizens." 

CCHC has published a chart, including analysis of the bill language and implications for the public if HR 4157 passes, click here to see it.

If you're interested in the privacy of your medical information, you may want to check this out. At the moment, the bill is still in committee.

Marie Godfrey, PhD