Privacy in clinical genomics: the risk of missing the point

As the European Commission considers ramping up data security, with the introduction of the EU Data Protection Regulation (EUDPR), Jurgi Camblong cautions that extending existing rules runs the risk of limiting the sharing of valuable genomic data.

Privacy and data security issues hit the headlines every day, whether its revelations about the banking sector or the recent hacking of health insurer Anthem in the US, which led to the exposure of personal information from 80 million patients. Indeed, the use and safeguarding of personal information is an issue which affects many business sectors but, as in the case of Anthem, debate is often at its most acute when it focuses on healthcare.

The Brookings Institution recently highlighted that the number of such incidents in the healthcare sector has increased from 13 in 2008 to 256 in 2013, with the total number of patients affected up from about half a million in 2008 to nearly nine million people in 2014. The 2015 Anthem leak illustrates how this number is growing dramatically.

In parallel, the gathering and interpretation of genetic data is fuelling a revolution in medicine, as the secrets to disease contained within the genome are progressively unlocked. Already, thousands of patients in Europe are benefiting from genetic testing which can predict the likelihood of chronic diseases occurring, or can indicate the best way to manage and treat existing illnesses.

It is difficult to underestimate the benefits of these scientific advances. Mutations in specific genes can now be detected through screening, allowing thousands of women to take preventative action and avoid a greatly increased risk of developing ovarian or breast cancer. More broadly, for patients with chronic illnesses such as cancer, heart disease and cystic fibrosis, a whole new range of personalised medicines have been developed which work in those with particular genetic profiles. These therapies radically improve patient outcomes, but only when used with the right diagnostic tools.

However, gathering and analysing this data means storing and transferring it and, in the context described above, this process has given rise to concerns over the potential misuse or loss of personal data. Many will question what safeguards are in place to ensure that DNA, like banking or health insurance information, is correctly looked after, and it is understandable that the ability of companies to maintain sufficient security may be challenged.

"To realise the full potential of data-driven medicine, the system of data collection, storage and processing must provide patients and doctors with confidence and trust"

As a consequence, to realise the full potential of data-driven medicine, the system of data collection, storage and processing must provide patients and doctors with confidence and trust. The promise and benefits are too important to risk institutional resistance and fear of misuse becoming a barrier. On the other hand, policy makers should also engage in dialogue to understand what safeguards are already in place to avoid a knee-jerk reaction to particular events. In fact, the scientific community in Europe is deeply concerned about the risk that Europe's new rules on data protection, such as the Data Protection Regulation (EUDPR), presents for the sharing of personal genomic data.

The clinical community is already working with European healthcare institutions to provide data analysis for thousands of European patients every year, and places a heavy emphasis on the importance of securely handling personal information. This approach allows hospitals and laboratories to comply with European law as it currently stands while also providing the critical analysis and information required to improve patient outcomes. The system has proven itself resilient and robust in everyday clinical practice and it is important for those debating the new proposals to take this into account.

But vigilance must be maintained given the growing menace of cyber espionage and online crime. As a greater number of hospitals procure genetic testing services, so more patients will benefit, but the risk of data breaches will increase too if providers do not maintain the right approach. Safeguarding genomic data is a non-negotiable precondition of providing testing and analytics services.

Experience to date indicates that there does not necessarily need to be a trade-off between privacy and the use of data in clinical genomic if handled in the right way. Stakeholders must work together to ensure this consensus remains in place.

About the author:

Jurgi Camblong is an entrepreneur and co-founded Sophia Genetics in 2011 with Dr Pierre Hutter and Prof Lars Steinmetz, where he is CEO. He holds a PhD in Life Sciences (University of Geneva) and an EMBA in Management of Technology (EPFL-HEC Lausanne).