PHG Foundation | Privacy risks and data sharing in genomics

Privacy risks and data sharing in genomics
12 April 2010 | By Alison Hall | Research article
PHG Foundation is the trading name of the Foundation for Genomics and Population Health, a charitable company registered in England and Wales
Company Number: 5823194, Charity Number: 1118664

A recent paper argues that the mechanisms traditionally employed to protect the identity of participants in medical research are 'increasingly untenable in genomics' [Heeney C et al. (2010) Public Health Genomics; Epub ahead of print]. Existing methods have focused upon the data source: customary safeguards include making data unidentifiable or by only disclosing those data where identifiable variables have been removed or the data aggregated. Threats to privacy and confidentiality should take account of the prevailing data environment: in many contexts, there is a plethora of other available datasets which may be used for the purposes of reidentification of an individual, ranging from publically accessible data sets of genomic sequence data to supermarket loyalty schemes. Moreover, it is not sufficient to consider the range of ways in which data may be extracted or inferred. To be effective, data sharing policy must consider the perspective of a 'data intruder' namely 'someone with a motivation to investigate the attributes or identity of a data subject, and who uses available information for reidentification of individuals'.

These concerns are not merely theoretical: in 2008, a description of the analysis of 3 datasets to identify an individual in the data [Homer N et al. (2008) PLoS Genet. 4(8):e1000167] resulted in the Wellcome Trust and the NIH withdrawing open web access to genomic datasets (see previous news). Heeney et al. describe this episode and go on to chronicle the potential for genetic discrimination which may arise as a result of identifiable genomic information becoming available, particularly in the context of insurance and employment. The integration of genomic data from forensic and biomedical datasets is an especial cause of concern, particularly if combined with computational techniques such as redlining (a process used to exclude access to goods and services to selected subgroups) and inference.

The authors argue that there is now a need to develop a more sustainable response to concerns over privacy and confidentiality, which is unlikely to be satisfied by the strategy of withdrawing genomic datasets from the public domain. Instead Heeney et al. offer recommendations for privacy protection that include restricting access to genomic data to legitimate academic researchers; engaging in privacy risk assessments that take account of all the resources available to potential data intruders in the data environment; refining the promises of confidentiality that are made to participants in research so that assurances about data protection are both robust and realistic; and that these initiatives are 'supported by appropriate legislative and governance responses, at a higher policy level, and by ensuring fair access to employment and healthcare'. A failure to address these challenges, they propose, could result in widespread loss of public trust and a decline in willingness to take part in research.

Comment: Although the paper concentrates upon the challenges for genomics research, the threat to privacy and confidentiality within the context of providing health care services is likely to become increasingly pressing as genetic and genomic technologies are rolled out more widely. As financial pressures build, it seems that more may be at stake both in terms of insurers and employers wishing to exclude those who are likely to become costly claimants in the future: and also because the exhortation for governments to provide fair access to healthcare might become increasingly difficult to satisfy.

open here please:
PHG Foundation | Privacy risks and data sharing in genomics