Skip to Content

Your DNA Deserves Better… Privacy and Security Protections

What could be more intimate or more deserving of the best privacy and security practices available than those that protect the very essence of who we are: the genetic material strung together in that double-helix known as DNA.

State and federal law protecting a person’s genetic material are sound for the most part; however, the gaps that remain will only widen as the storage and transfer of this sensitive medical information moves from paper to electronic networks.  Policies must be in place that will instill confidence in the patient and trust in the networks.   

Without appropriate protections for privacy and security in the healthcare system, people will engage in “privacy-protective” behaviors to avoid having their personal health information used inappropriately, according to comments CDT filed jointly with Professor Melissa Goldstein of the George Washington University School of Public Health and Health Services.  The comments responded to the Presidential Commission for the Study of Bioethical Issues on the privacy issues raised by access to human genome sequence data.  

The comments urged the Commission to ensure genetic information is protected by a framework of privacy and security policies based on fair information practices, instead of relying disproportionately on individual consent.  As the comments note:
 

[I]t has been argued that over-reliance on consent could lead to ‘consent fatigue,’ where patients presented with too many complex consent forms unknowingly agree to uses and disclosures of their health information.

The concern is that a system that relies on patient consent alone as the policy backbone of patient choice and privacy may end up doing more harm than good by turning the process into little more than the mere signing of forms.

The comments also urged the Commission to explore how other privacy-focused, federal government initiatives could be used to further protect genetic information and yet keep it available for treatment and research purposes.  

The comments highlight the health IT data segmentation initiative being conducted by the Department of Health and Human Services and the Federal Trade Commission’s recent recommendation that de-identified data be protected from re-identification (issued in its recent Report on Consumer Privacy). [http://www.ftc.gov/opa/2012/03/privacyframework.shtm]

The text of the Commission’s official Request for Comment can be found at this link.