Growing Privacy Law Concerns: As Genetic Mapping Could Change the Medical Field

November 17, 2021
Privacy law might be about to enter a new age as 23andMe begins to implement its next stage of business. 23andMe hopes to expand their business, from genetically mapping ancestral heritage and locating predisposed genetic conditions, into a pharmaceutical company that crafts medicines from the insights gained from the statistical data of millions of genetic spit tests. With a large enough data base, 23andMe and other genetic research groups like them, hope to provide the medical field with statistically significant patterns to better create pharmaceutical drugs.

Being able to recognize predisposition markers has already affected how the medical field operates. For example, the presence of variants in BRCA1 or BRCA2 genes have been shown to elevate a person’s risk of breast cancer. Doctors can suggest genetic testing for patients to better predict diseases that might occur in the future. Armed with a better understanding of statistical probability, physicians can instruct stronger cautionary measures; such as an increase in screenings or begin screenings at an earlier age.

The expanding field could provide the world with medical breakthroughs, although, as the field grows, regulation is likely to multiply.

With a large and growing sample size and the identification of more predisposition markers, scientists hope to better identify patterns that could aid in treatment plans. Although the identification of markers for predisposition have mostly helped in monitoring, they are increasingly being used in drug creation. 23andMe is currently starting research into six identified target areas. As statistical genetic, data-bases grow it is likely the medical field will hit its stride since the genetic analysis field is still young. In addition, the data connected to current databases continues to grow as people progress through their lives and self-report diseases. The expanding field could provide the world with medical breakthroughs, although, as the field grows, regulation is also likely to multiply.

23andMe had previously run into regulatory problems from the FDA. There were concerns over providing knowledge to the layperson of their negative health markers, without physician oversight, could cause unnecessary anxiety. As individuals’ genetic data is used for widespread drug development, customers might find themselves second guessing their decision to sign away their genetic rights, fourteen years ago. Just how easy is it to turn over the rights to ones own genetic code? Congress, in 2008, passed the Genetic Nondiscrimination Act (“GINA”) recognizing expanding access to data on predispositions could lead to societal repercussions. GINA bars discrimination based on someone’s genetic predispositions; this legislation is meant to discard the use of genetic data for insurance companies determining coverage and when employers are making employment decisions.

Thus, companies like 23andMe do not have to be HIPPA compliant.

The developments in genetic privacy are much bigger than 23andMe. Genetic privacy is complex. Unlike passwords on your computer or even your social security number; an individual will only ever have one genetic code. Once the information connected to your code are released into the world, the ability to withdraw and remove the information can be difficult. For example, HIPPA only applies to healthcare organizations and providers, such as physicians, insurance companies, and hospitals. Thus, companies like 23andMe do not have to be HIPPA compliant. HIPPA holds covered organizations to a higher standard of confidentiality for patient data. None HIPPA providers are under no obligation to tightly keep data that might be medically sensitive, including genetic databases.
There also has been a history of collected genetic databases being sold to outside companies. DeCODE, working with the Icelandic government, collected the genetic data of half of the Icelandic population. Amgen later bought DeCODE and gained access to the collected data-base with the intent to use the data in the creation of pharmaceuticals. Although HIPAA does not extend protection to all genetic databases, the European Union, on the other hand, has made sure to categorize genetic data as sensitive data. Sensitive data must be protected by adequate safeguards under the General Data Protection Regulation (“GDPR”). Data that cannot be linked back to an individual is not regulated by the GDPR, but it is thought difficult to detach an identity from a genetic code. The question of regulating the transfer of genetic data is likely to grow as more genetic data-base, pharmaceutical companies arise.
At times our society, rightfully so, looks to the worst-case scenario. We imagine a future in a Philip K. Dick or Aldous Huxley novel; where everyone is identified from a retina scan or humans born in factories. Privacy law does need to consider the problems that could arise from the free trade of genetic data, but any future regulation needs to be balanced against the benefit of genetic data sharing and not be based in dystopian fiction. As long as the rights to genetic data is being given over ethically and with proper notice, statistical medical researchers should have the chance to change the medical field.  Only time will tell how genetic privacy concerns will affect this developing medical field.

Caroline Morning Pope

Caroline attended North Carolina State University; where she received her Bachelor of Arts degree in History. When not in class, she runs half-marathons, fly fishes, and takes ball room dance classes.