HIPAA and GINA Notwithstanding

October 22, 2008

Ever since the Health Insurance Portability and Accountability Act (HIPAA) of 1996 was passed, we have become accustomed to far more forms and red tape than ever before in hospitals and physicians’ offices. With the institution of the Privacy Rule, our Protected Health Information is strictly guarded in new ways by healthcare professionals and hospital systems — with good intentions. This law was designed to protect a patient’s privacy in ways no hospital gown ever could. For similar reasons, but hopefully with less resultant red tape, Congress passed the Genetic Information Nondiscrimination Act (GINA) earlier this year. Neither an individual’s medical history nor his/her genetic information is to be publicly revealed.

What, then, are we to make of the “Personal Genome Project”? This project is seeking 100,000 individuals who will agree to have their personal genomes made publicly available via the Internet. Their website states,

We believe individuals from the general public have a vital role to play in making
personal genomes useful. We are recruiting volunteers who are willing to share their
genome sequence and many types of personal information with the research
community and the general public, so that together we will be better able to advance
our understanding of genetic and environmental contributions to human traits and to
improve our ability to diagnose, treat, and prevent illness.

To date, the Personal Genome Project has enrolled ten luminaries, including Misha Angrist, Keith Batchelder, George Church, Esther Dyson, Rosalynn Gill, John Halamka, Stan Lapidus, Kirk Maxey, Steven Pinker, and James Sherley. Portions of their genomes are to be revealed this week on the PGP website. Information once revealed, even if subsequently taken down from a public website, remains known by someone, somewhere. If one of these ten has a gene associated with the development of Alzheimer’s Disease, how will that person or those who know him or her react? If such information were subsequently taken down from a public website, would the knowledge disappear? Not likely.

How we treat information, particularly genetic information, is a very important issue. It is becoming increasingly vital to develop appropriate safeguards and procedures for managing such specific and identifiable data. From the New York Times this week:

Over the last three years, more than a half-million people who participated in over 100
publicly financed genetic studies on traits like schizophrenia and drug addiction were
promised that their anonymity would be protected. But last month, after a paper in a
scientific journal described how an individual’s profile could be identified even when it
was aggregated with hundreds of others, the National Institutes of Health abruptly
restricted access to the data. ( “Taking a Peek at the Experts’ Genetic Secrets” by
Amy Harmon)

Where are the limits for privacy with respect to our DNA? Where are we going? What is happening in the arena of storing and/or disclosing our genetic data? Do we have a blueprint for our biobanks? We need more than a hospital gown to protect our privacy.