When it comes to sensitive data, it doesn't get much more personal than your genes. And there's now tons of genetic records stored by health care companies and consumer genetic testing companies. That's raised concerns we're at risk of a-style event that reveals genomic data to parties who should never have gotten their hands on it.
Experts speaking Wednesday at the RSA Conference in San Francisco said concerns that genetic information could be used in unexpected ways are already prompting patients to forgo genetic tests that might benefit their health. They added that completely de-identifying patient information, including genomic data, isn't possible, further heightening worries about the field.
People are already pulling back from genetic testing because of privacy concerns, said Kaiser Permanente Chief Medical Officer Dr. Patrick Courneya. He didn't specify what specific issues led patients to avoid some tests, but some of them likely stem from concerns over, a crime-solving technique that combines genetics and family history. Bioethicists and civil liberties watchdogs have raised concerns about potential issues with the practice because anyone sharing their DNA in a database makes a decision for people who share their genetic makeup.
Kathy Hibbs, 23andMe chief legal and regulatory officer, said patients need to understand genetic genealogy relies on more than genetic records. But Courneya said he didn't believe consumers will find that comforting.
Genetic data is also difficult to use safely in research, said Molina Healthcare Chief Security Officer Michael Wilson. Though it's standard to de-identify genetic data, it's too easy to reverse that process and figure out who specific data belongs to, Wilson said. He added that it's impossible to accurately assess what the value of genetic information will be in 50 to 100 years, and it'll have to be protected for as long as researchers have it.
Wilson said stolen genetic data won't likely be valuable in and of itself but could be if "combined with other data."
Fundamentally, people need to have final control over their data, with the power to stop it from being shared, said Sharon Terry, the president and CEO of Genetic Alliance.
"We can't de-identify it," Terry said. "We can limit access and have the people themselves be in control."