Genetic Privacy Part 2: The Case For

medical-records Last week in Genetic Privacy Part 1, we discussed the potential harm done when a patient chooses not to share her data with other family members. Such arguments, and the argument that widely sharing genetic data would advance scientific research, have made some question whether all genetic data should be public.

Some of the most common concerns voiced by patients who undergo genetic testing are: ‘Will my insurance pay for this?’, ‘Could my insurance company discriminate against me based on my results?’ and, ‘Who will gain access to my test results?’. These concerns have led many patients to use aliases and to pay for testing in cash, especially before the Genetic Non-Discrimination Act GINA was passed.

Privacy concerns, and fear of who will have access to genetic data and how it will be used, were prominent among ethnic minorities in my practice over the years. They worried with good reason, considering the long and ugly history of abuse of minorities in scientific research. As a clinician, I spent many hours allaying such fears, telling patients that we would guard their test results and their family pedigree and keep it private. But is that still accurate? Consider this: if your cousin details her family pedigree at her genetic counseling session (which she must, in order to receive accurate risk assessment and the right genetic testing), your personal and medical history will be in that record. At least your first name will likely be on that document. Your health, psychiatric and genetic information, and those of your children, parents, and siblings, will then be available to anyone who opens your cousin’s medical record. In today’s age of electronic medical records that could be hundreds of people. Many hospital administrators, with little or no training in genetic privacy or bioethics, are making decisions about what genetic information will be entered into patients’ electronic medical records, ignoring pleas from clinicians that sharing of such information constitutes a HIPAA violation.

Let’s walk through a few potential scenarios. You see your primary care physician for your annual visit and she reluctantly shares that she saw your family pedigree in a relative’s electronic medical record. Your doctor cannot tell you which relative, or on which side of the family, but advises you that a relative of yours carries a mutation for Lynch syndrome and you may be at increased risk to develop colon, uterine and ovarian cancer. If you do carry the familial mutation you will need preventive surgery and she recommends you seek genetic counseling and testing immediately. You are flabbergasted. Which relative? On which side? And why hasn’t that relative shared this information? Could it be a mistake? How are you supposed to verify this information?

Another scenario: your teenage niece writes as her Facebook status, “I’m so nervous. My mother finds out if she carries the BRCA2 mutation in our family today” and tags you and several of your relatives. You have not shared your family history of a BRCA mutation with your 350 casual Facebook friends. You are inundated with posts and emails from your contacts asking if you are a carrier, if you had your breasts removed like Angelina Jolie, and saying they’ll pray for you. Some friends even reach out to your two teenage daughters – they are overwhelmed and embarrassed.

Or, a distant relative opts to have direct-to-consumer (DTC) testing and learns he carries an APOE mutation, that places him at high risk to develop Alzheimer disease. He posted this information on an ancestry website and tracked down family members, including your 70-year old father, to tell them of their risks. Your father calls you, very upset, to ask you if he has seemed forgetful lately. You take your father to his physician and learn that there are no specific interventions to reduce the risk of developing the disease, even if he is a carrier.

There is no doubt that widely sharing genetic information could increase the odds that relatives would be notified of their risks and would advance scientific research. However, we must not ignore the downsides and risks associated with it. Decisions about what will be shared and with whom must not be made by those ignorant of the ethical, societal, legal and emotional implications associated with genetic privacy. Once this genie is out of the bottle, there will be no putting it back.

Photo by Tom Magliery, via Flickr.