“There are literally millions of people who participate in medical research, and probably over a million people whose genomes have been characterized in some way or another,” where the data is not freely available precisely because of privacy concerns, says David Altshuler, deputy director of the Broad Institute of M.I.T. and Harvard. He is also a leader in the global alliance, the 1000 Genomes Project and the International HapMap Project, which look for genetic variations involved in health and disease. Those projects upload genomes online to promote open science, but they collect much less personal information than the PGP does.
The drawback of a tight emphasis on subject privacy, of course, is that researchers lose out on an enormous pool of valuable data—information that can allow them to link the confluence of genes and environment in determining health and disease traits. With demographics, a scientist could compare zip codes with susceptibility to lung cancer to surmise the potential role of air quality in developing the disease.
Most investigators say that a solution to the privacy conundrum is offering subjects a choice about how much protection they get. What people want is the key, says Duke University geneticist Misha Angrist, a founding member of the PGP. “People have different preferences: researchers should do their best to honor them rather than to do what's most convenient for themselves or what keeps the lawyers and regulators at bay.”
Erlich, too, thinks scientists should “give people options.” And Altshuler, of the global alliance, says, “we’re not going to have a one-size-fits-all approach.” The alliance has laid out ideas for “participant-centric initiatives” in which subjects would specify the level of privacy they require in individual studies.
The alliance is trying to work out privacy issues now before more data goes online. At the moment, it plans to restrict and monitor use of its data as well as limit access to researchers whose bona fides can be established. It also wants to adopt cloud-computing that encrypts shared data.
Some researchers argue that privacy laws must be changed to make people feel safe when they give their personal information to researchers. Currently it is still legal to identify the names of people whose genomes have been made public. “The regulatory situation needs to change in the long term such that people will not be concerned that their data leaked or somehow got out,” says Dov Greenbaum, an intellectual property lawyer and a Yale University adjunct professor specializing in issues at the intersection of science and the law.
Federal agencies also are grappling with privacy issues surrounding the sharing of medical data. “The awareness of this is coming to the broader community's attention, it's coming to the public's attention,” says Laura Lyman Rodriguez, director of the Division of Policy, Communications and Education at the NIH National Human Genome Research Institute.
The Office for Human Research Protections of the U.S. Department of Health & Human Services is in the process of revising the Common Rule, the rule of ethics concerning human research in the U.S., so that it can provide greater consistency on best practices with regards to privacy concerns in genomic research.
It is the age-old question of privacy versus a social good. “There’s some amount of privacy we’re willing to give up in order to be safe, in terms of national security,” Altshuler says. He thinks it’s high time that America, having raced into the Internet age, discusses how genomic privacy stacks up against the social good of providing better health care.