Earlier this year Yaniv Erlich of the Whitehead Institute for Biomedical Research at M.I.T. sent bioethicists into a frenzy when he and his team uncovered the names of people whose anonymous genome profiles were published by the 1000 Genomes Project. Erlich and his co-workers found the identities entirely by connecting Y-chromosome data and other information from the database with publicly available records, including genealogy databases and lists of people living in particular locales.
Given the relative ease of linking seemingly protected genomic data to names, an expansive new medical data-sharing initiative is already fanning an ongoing debate over how far investigators need to go to protect the privacy of people who donate their DNA to research. This past month, over 70 leading medical and research organizations across 41 countries, including the National Institutes of Health (NIH) and The Wellcome Trust, declared their intent to form a global alliance by the end of this year to build a framework for sharing genomic and clinical data they collect from study participants.
Their aim is to mine the genomes and medical histories of study participants to pinpoint gene variants that contribute to such diseases as cancer and diabetes. A huge data set is needed to uncover genetic links that have so far proved elusive. Only after such links are established will society enter the promised era of personalized medicine, when physicians armed with patients’ unique genetic sketches can help prevent disease and customize therapies.
At the moment, however, the alliance and other genome researchers have no clear model to follow for how best to protect the privacy of genetic donors. Some researchers have simply accepted that privacy is impractical, even impossible. That is the premise of the Personal Genome Project (PGP), the brainchild of geneticist George Church of Harvard Medical School. This project intends to recruit 100,000 people to share with the world their genomic, medical and demographic data—even giving them the option to volunteer their names and headshots in light of Erlich’s recent work.
Church has designed this enterprise and its consent policies to cater to people who, like him, think that guaranteeing privacy in today’s digital world is unfeasible. People hack databases, genomes tell secrets and every lock has a key. His participants are informed explicitly about the benefits and risks of participating, going as far as being warned that malicious individuals could potentially synthesize and plant their DNA on a crime scene. They accept the risk and upload their data online. You can take a peek right now, if you wish. “The old idea ‘to add more security’ is looking less and less viable in the face of people like Julian Assange, Aaron Swartz and Edward Snowden,” Church says, referring to contemporary leakers of secrets that have made recent headlines. Instead of using a data model that prioritized privacy, “we flipped the whole thing on its head,” he says. “Instead of saying how can we make the data more secure, I said, ‘Let’s make it more open and find people who are okay with that.’” Church calls this “open consent.”
Historically, genetic research has fallen at the opposite end of the privacy spectrum. People have presumed privacy or asked for their medical information to remain private. Genome-wide association studies, for example, recruit people who all have the same ailment, say migraines, to donate their genomic data. The data is compared to find shared gene variants that might underlie the disease, and the results are published. But the genomes never leave the lab.
“There are literally millions of people who participate in medical research, and probably over a million people whose genomes have been characterized in some way or another,” where the data is not freely available precisely because of privacy concerns, says David Altshuler, deputy director of the Broad Institute of M.I.T. and Harvard. He is also a leader in the global alliance, the 1000 Genomes Project and the International HapMap Project, which look for genetic variations involved in health and disease. Those projects upload genomes online to promote open science, but they collect much less personal information than the PGP does.
The drawback of a tight emphasis on subject privacy, of course, is that researchers lose out on an enormous pool of valuable data—information that can allow them to link the confluence of genes and environment in determining health and disease traits. With demographics, a scientist could compare zip codes with susceptibility to lung cancer to surmise the potential role of air quality in developing the disease.
Most investigators say that a solution to the privacy conundrum is offering subjects a choice about how much protection they get. What people want is the key, says Duke University geneticist Misha Angrist, a founding member of the PGP. “People have different preferences: researchers should do their best to honor them rather than to do what's most convenient for themselves or what keeps the lawyers and regulators at bay.”
Erlich, too, thinks scientists should “give people options.” And Altshuler, of the global alliance, says, “we’re not going to have a one-size-fits-all approach.” The alliance has laid out ideas for “participant-centric initiatives” in which subjects would specify the level of privacy they require in individual studies.
The alliance is trying to work out privacy issues now before more data goes online. At the moment, it plans to restrict and monitor use of its data as well as limit access to researchers whose bona fides can be established. It also wants to adopt cloud-computing that encrypts shared data.
Some researchers argue that privacy laws must be changed to make people feel safe when they give their personal information to researchers. Currently it is still legal to identify the names of people whose genomes have been made public. “The regulatory situation needs to change in the long term such that people will not be concerned that their data leaked or somehow got out,” says Dov Greenbaum, an intellectual property lawyer and a Yale University adjunct professor specializing in issues at the intersection of science and the law.
Federal agencies also are grappling with privacy issues surrounding the sharing of medical data. “The awareness of this is coming to the broader community's attention, it's coming to the public's attention,” says Laura Lyman Rodriguez, director of the Division of Policy, Communications and Education at the NIH National Human Genome Research Institute.
The Office for Human Research Protections of the U.S. Department of Health & Human Services is in the process of revising the Common Rule, the rule of ethics concerning human research in the U.S., so that it can provide greater consistency on best practices with regards to privacy concerns in genomic research.
It is the age-old question of privacy versus a social good. “There’s some amount of privacy we’re willing to give up in order to be safe, in terms of national security,” Altshuler says. He thinks it’s high time that America, having raced into the Internet age, discusses how genomic privacy stacks up against the social good of providing better health care.