A new 22-member federal healthcare advisory panel on
grafting healthcare information technology to genetic
testing and research met for the first time Thursday,
but an HHS official reported that leaders from his
agency had been meeting since March to try and develop
federal policy on the subject.
Privacy issues, several of the officials at the meeting
said, will have to be dealt with if the goals of the
group are to be achieved.
Gregory Downing, assigned by HHS Secretary Mike Leavitt
to lead the department's IT and genetics effort, gave a
progress update to members of the American Health
Information Community work group on personalized
The work group takes its name from a proposed end
result of genetic testing and research, the ability to
personalize therapies on the basis of a patient's
genetic makeup. According to Downing, Leavitt's vision
for the combination of IT and genetics is to identify
patient propensities for genetically linked diseases
and address them through preventive intervention, and
to accelerate the discovery and use in medical practice
of new genetic drugs and therapies.
AHIC, a 17-member committee of government and private-sector leaders, was created by Leavitt in 2005 to
advise him and HHS on IT policy. At its December
meeting, the AHIC approved HHS-drafted, long-term and
short-term objectives for the IT/genetics work
Long term, the work group is to make recommendations "to foster a broad, community-based approach to establish a common pathway based on common data standards that encourage the incorporation of interoperable, clinically useful genetic laboratory test data and analytical tools into electronic health records to support clinical decision-making for the health care provider and patient." Short term, the group is to recommend ways "to establish standards for reporting and incorporation of common medical genomic tests data into electronic health records, and provide incentives for adoption across the country including federal government agencies.
"Communities already exist that are developing
standards for the technology platforms for medical
tests but they lack the needed framework to harmonize
their efforts," Downing said.
One major potential stumbling block on the path between
now and the envisioned future, when personalized,
genetically guided treatment programs will be readily
available, is privacy, according to testimony.
Jodi Daniel, director of policy and research for the
Office of the National Coordinator for Health
Information Technology at HHS, told work-group members
that if the potential is to be realized from combining
IT and genetic testing and research, "We really have to
have the trust of consumers."
Daniel informed work group members that another AHIC
work group -- this one dealing with confidentiality,
privacy and security issues -- was formed last year.
Because genetics is such a specialized field, however,
both work groups likely will be pressed into duty
handling privacy issues, she said.
More generalized privacy concerns of IT/genetics work
group members -- such as whether there be opt in or opt
out, and whether there be a role for consumers in
sharing information -- might best be shared with the
confidentiality, privacy and security work group, Daniel said.
But issues unique to genetic testing, where the privacy
work group won't have the same level of expertise as
members of the IT/genetics work group, will best be
addressed by IT/genetics members, Daniel
The IT/genetics work group members also received oral
and written testimony from Amy McGuire, a lawyer and an
assistant professor of medicine with the Center for
Medical Ethics and Health Policy at Baylor College of
McGuire co-authored the article 72/370?maxtoshow=&HITS=10&hits=10&RESULTFORMAT=&andorexacttitleabs=and&andorexactfulltext=and&searchid=1&FIRSTINDEX=0&volume=312&firstpage=370&resourcetype=HWCIT" target="_new">No Longer De-Identified
target="_new">No Longer De-Identifiedthat appeared in the April 21,
2006 issue of Science, the journal of the
American Association for the Advancement of Science,
about the threat to privacy posed by IT and genetic
McGuire said neither the more generalized privacy
provisions of the Health Insurance Portability and
Accountability Act that govern the handling of some
electronic medical-record information, nor the more
specific HHS guidelines embodied in what is called the
Common Rule for the Protection of Human Subjects, which
governs federally supported research projects, are
adequate to protect individuals when it comes to
A 2004 guidance document to the HIPAA privacy rule,
says that "neither blood nor tissue nor the results
from an analysis of blood or tissue are in and of
themselves considered (to be) individually identifiable
health information," McGuire said. In addition,
according to McGuire, researchers may not be "covered
entities" as defined by HIPAA and if not, there is no
federal mandate to comply with its privacy provisions.
Common Rule protections also are inadequate because the
process of genetic sequencing typically involves three
In the first phase, primary clinical investigators
obtain consent and institutional review board approvals
for their research, recruit study subjects, warn them
of potential risks, obtain patient consent, collect
blood or other samples to obtain genetic materials and
code the samples to maintain the subjects'
In the second phase, often the coded samples are handed
over to a scientist, who sequences the subjects' DNA.
The scientist then publishes the sequenced data at a
publicly accessible Web site. No additional review board
approvals or further consents are required under
Finally, an independent researcher wanting to make
secondary use of the Web-published data, downloads it,
performs his or her own research and makes additional
correlations, and publishes the results online.
While the first phase of research is constrained by
informed consent requirements, McGuire wrote in her
article, "It is our experience that, in general, the
consent process for most disease-specific genetic
research is not protective for these (second and third)
phases and that the privacy risks associated with
public data-sharing are not stated."
In most cases, McGuire wrote, "Subjects are simply told
that genetic analysis will be performed without any
explanation of what that means or with whom the
resulting data will be shared." This will be a growing problem as genetic databases
proliferate because, due to the discrete nature of the
data itself, even anonymized genetic test results can
be re-identified with test subjects.
McGuire cited the work of a team of Stanford University
researchers who noted that only 30 to 80 positions of
variance in a person's genetic sequence, called single
nucleotide polymorphisms, or SNPs, are needed to
positively identify an individual, and even fewer SNPs
if the variations are rare. The Stanford group, with
lead author Zhen Lin, also published its findings in
Science on July 9, 2004. For a summary, click here.
Both Zhen and McGuire concluded that current
technologies for anonymizing such genetic data are
unsatisfactory in that they either won't protect the
subject's identity or they disturb the data to the
extent unacceptable to researchers. Both wrote that
policy and government regulation will be required to
protect individual privacy.
The first steps are to limit access to genetic
information and broaden the definition of what is
"identifiable" healthcare information to include
genetic sequencing, McGuire told work group members. In
addition, McGuire called for legal prohibitions against
discrimination on the basis of genetic information.Currently, some states have such laws, but
there is no federal ban on genetic discrimination and
overall she described the current legal framework as
"Consent is where I do most of my research," McGuire
said. "I feel it is essential to have a policy of
transparency and have well-defined genetic test
authorization forms and be very open about the risk.
There always is the challenge between protecting
privacy and promoting research. It is best left to the
people most affected by it, that is, the patients or
the subjects of genetic research."
But achieving informed consent won't be easy.
"If technology continues to develop at the pace it is
developing, it will be very difficult to assess the
(privacy) risks of disclosing that information," McGuire said. "This is
a very complex area. Oftentimes when I talk to my
scientist colleagues, I have a hard time understanding
what they are talking about."
So far, the cost and the time constraints of performing
full sequencing of a person's genetic material with
current technology have limited the number of
individuals whose genetic information is in databases,
McGuire said in a telephone interview. So the threat of
a person's genetic test results becoming a unique
identifier on par with a person's social security
number remains "a bit of a ways away."
But when the technology becomes available to do whole
genomic sequencing at an affordable price, the threat
will become more pressing.
"We're certainly moving in that direction, to do it
much more rapidly and much more inexpensively," McGuire
said. The National Institutes of Health has set the
$1,000 genome as a goal, so the time to set a
"I always believe in the practice of preventive
ethics," McGuire said. When it comes to databases and
personal information, she said, "Once you put it out
there, it's impossible to take it back."What do you think? Write us with your
comments at [email protected]. Please include your name, title and hometown.