Monthly Archives: April 2014

From Volunteers, a DNA Database

Abigail Wark wants to see your areolas.

But only if you are a participant in the Personal Genome Project, a research effort to find 100,000 volunteers as research subjects in the public domain — contributing data from their genomes, microbiomes, health records, tissues and more.

The project comprises 16 research groups that want to study different aspects of the data. Scientists from each group are meeting on Tuesday in Boston with a group of 150 volunteers whom the project’s executive director, Jason Bobe, calls “omic astronauts,” from the “ome” in words like genome. This is the fifth annual GET conference; the initials stand for genomes, environments and traits.

“We’re prototyping a legal and technical infrastructure for sharing data,” Mr. Bobe said.

The project started in 2005 with 10 volunteers, called the P.G.P. 10, including noted scientists like the psychologist Steven Pinker, the technology expert Esther Dyson, and the project’s founder, the geneticist George M. Church.

Since then more than 3,360 participants have enrolled and the genetic data for more than 600 have been posted online. Ultimately, the data could be used to answer countless questions about the body; the immediate goal is just to collect the data.

Dr. Wark, a postdoctoral research fellow in the Tabin Laboratory at Harvard Medical School, studies variation in the human areola, the circular patch of differently colored skin around the nipples. “One of the wonderful things about a process like GET labs,” she said, “is instead of asking single-trait, single-gene questions, we can say, ‘Let’s look at everything we can collect about breast biology.’

“We’re casting a big net,” she continued. “There’s so little known about these questions that we’re not in a place to target highly specific investigations.”

Working with the Personal Genome Project, she has collected measurements and images of the areolas of 150 people so far. One initial finding is that the diameter of the areola seems unrelated to the number of areola glands — the small bumps in the skin surrounding the nipple.

Dr. Wark says that with data from more than 200 people, researchers will be able to look at which genes control that variation.

The project depends on volunteers’ open consent. With the amount of data being shared, participants cannot be guaranteed of anonymity or privacy. While their names are not directly associated with their data, other information about them is, including birth dates, genders, ZIP codes, genomes and medical histories.

Because of the privacy concerns about this data, all participants must pass an entrance exam to ensure that they are informed of the risks of participation — for example, the possibility of discrimination in obtaining life or disability insurance. Because these participants have given such broad consent, researchers have leeway to ask them for follow-up data to conduct new experiments.

Once this data is in the public domain, it is there forever. Some of the risks mentioned in the consent form sound like the stuff of science fiction, like the possibility that someone could plant samples of synthetic DNA to frame a participant for a crime, or use the DNA to create human clones without a participant’s knowledge.

But for Beau Gunderson, a software developer in Seattle who enrolled in 2010, “the benefit both for me having access to my genomic data and for the larger scientific community having access to a large pool of well-consented data made it seem like it was worth it,” he said, adding that he was partly motivated by his mother’s experience with breast cancer caused by a specific gene mutation.

“When somebody goes through something like cancer, you feel very helpless,” he said. “There’s the desire to help in some way.”

Albert Sun, NY Times

Parents and Children Deserve Genetic Privacy


Newborn screening is practiced nationwide to detect rare conditions that may be life-threatening or require medical attention. Shortly after birth, the baby’s heel is pricked and a few drops of blood are placed on a special filter-paper blood spot card, which is sent to the state government laboratory for screening. According to a 2009 study published in the journal Public Health Genomics, nearly every child born in the United States is screened. However, not all parents know the screening took place. Birth is a stressful time. Some parents tell researchers they can’t remember it happened. Others say they were in a “fog.”

Although most parents support newborn screening, parents in Minnesota and Texas have successfully sued after discovering the states stored and used babies’ blood spots after screenings without parental consent. DNA from blood samples has been used for genetic research. In Texas, the Department of State Health Services provided anonymous newborn blood specimens to the U.S. Armed Forces DNA Identification Laboratory for the creation of a forensics database. In 19 states, blood samples taken from newborns are stored from 1 to 23 years, and in eight states they are kept indefinitely, according to the 2009 study led by Beth Tarini, an assistant professor of pediatrics with the University of Michigan Health System.

At issue is ownership of newborn DNA. Should a baby’s birth signal the automatic transferal of DNA rights from a newborn to the government with no parental say? The Citizens’ Council for Health Freedom, which discovered this issue in 2003, firmly believes such a transfer is a fundamental violation of privacy rights. While some states allow parents to opt out of government storage and use, this is not parental consent. It’s dissent. It gives government first dibs to the baby’s DNA. Consent requires a form with a signature before the sample can be stored or used for research. Surrounded by the “fog” of a birth, most parents won’t opt out because they don’t even know their child’s DNA has been stored.

The American Civil Liberties Union of Minnesota has testified against legislation that would strip parents of consent rights in storing and using their babies’ blood samples. Calling it a “radical departure from the traditional use” of these samples, the ACLU said the program was originally developed for the benefit of the child, but the legislation changes the program to one “benefitting medical research at the expense of individual rights.”

Parents rightly want to protect their child from the potential for outside DNA analysis and profiling. The 2009 Tarini study found only 28.2 percent of parents were “very or somewhat willing” to consent to research using their child’s blood samples if their permission were not obtained. In fact, without consent, 55.7 percent would be “very unwilling.” Yet, the Newborn Screening Saves Lives Reauthorization Act of 2013, which is now headed toward a floor vote in the U.S. House, having passed the Senate, does not require that states receiving federal newborn screening dollars obtain parental consent before newborn blood samples can be stored by the government and used for research.

Newborn screening has many health benefits. But to maintain the privacy and liberty rights of the children, ownership of infant samples and the DNA they carry must not be transferred from newborns to the state. The rights of parents to protect their child’s most unique, precious property, their genetic code, must be upheld.

Twila Brase, US News and World Report

DNA swab kits to help NY bus drivers bust spitters

The MTA is about to get a little more CSI.

City bus drivers will soon be armed with DNA swabs to gather evidence in the all-too-common event of an unhinged passenger spitting on them.

Transit workers catch a loogie 14 times a month, the MTA estimated in 2011.

The swab kits will be distributed to drivers once a new contract between the MTA and Transport Workers Union Local 100 is finalized, union sources confirmed. They’ll include swabs, a rinse and a sealed container to store an assailant’s saliva sample.

“I’m overjoyed that the MTA finally put this into effect,” said Frank Austin, the TWU’s safety director for bus drivers. “We’ve been working on this for two contracts, about seven years.”

Swab kits have been given to drivers in Boston and England and have led to arrests there. In Boston, swabs cost $200 a pop.

After a sample is submitted, police run it against a DNA database for a match.

An MTA spokeswoman declined to comment on the cost of the program, noting the contract was not yet finalized.

But two MTA subdivisions — the MTA Bus Company and NYC Transit — operate a total of 5,701 buses, each of which would be outfitted with a swab kit. At a potential cost of $200 per kit, the overall cost to the city could reach $1.1 million.

“It’s going to cut down on people spitting on us, especially if people get arrested and it ends up in the newspaper,” said Thomas McNally, a TWU safety inspector.

Gobbing city bus drivers has become increasingly common in the last 10 years, said Austin, who has been driving an MTA bus for 25 years and estimates he gets reports of spitting at least once a week.

“It happened to me once in front of Stevenson HS. I was driving the Bx36,” he said. “I got the cops there the next day to see if they could find him.”

Most of the time, spitters don’t get caught.

David Ayala, who has been driving a bus in The Bronx for seven years, couldn’t collar a man who slimed him two years ago.

“The guy came on board and had no money. I’m looking at him, and he says, ‘What are you looking at?’ ” he recalled. “Before I knew it, he just said hoo-tooey and spit on my face.

“I’ve never been the same. I used to be real friendly, and now I’m distant.”

Like many drivers who get spit on, Ayala took several days off afterward.

Brooklyn bus driver José Martinez has been spit upon at least three times in his 30-year career and took off a combined year of work as a result.

“I’d rather be punched in the face five times,” the B68 driver told The Post in 2010 after the third assault. “I couldn’t be near people. I couldn’t trust them.”

Michael Gartland, NY Post

DNA and Insurance, Fate and Risk: CRG in NY Times Room for Debate

As costs for DNA sequencing drop, hundreds of thousands of Americans are undergoing the procedure to see if they are at risk for inherited diseases. But while federal law bars employers and health insurers from seeking the results, insurers can still use them in all but three states when considering applications for life, disability and long-term care coverage.

Should insurance companies be barred from seeing genetic information when considering those policies so people can get the tests without fear that the results would be used against them?

CRG and an International Group of Experts Debate the Issue

CRG in Room for Debate in the NY Times

New Issue of GeneWatch Magazine: Privacy in the Age of Genomics

We are at a critical time in the development of medicine:  the mapping of the human genome has provided powerful new tools to understand the genetic basis of disease and genetic tests can help diagnose genetic conditions, guide treatment decisions, help predict risk of future disease, inform reproductive decision-making, and assist medication selection. DNA is also rapidly becoming a biometric identifier for law enforcement and governments around the world. People are enthusiastic about the promises of the genetic revolution; but are understandably fearful about how this powerful information can be accessed and abused.

With genetic testing and genetic information increasingly pervasive in our daily lives, many are asking themselves:  How truly safe is your DNA?

From police uses of DNA to research and commercial databases, from assisted reproduction to newborn screening, and from the United States to Europe and around the world, this special issue of GeneWatch magazine explores the current state of genetic privacy and how researchers at Microsoft are developing cutting edge encryption technologies to protect us.


Try GeneWatch for free online now at


About GeneWatch

It is hard to keep up with the rush of information and opinion set off by the rapid growth in genetic research and technology. Without our fully realizing it, genetic technology is entering almost every area of our lives; from the genetically modified foods we eat, to the biodiversity of our eco-system, from human health and reproductive technologies to the operation of the criminal justice system. The public needs information from a trusted source.

For 30 years GeneWatch, CRG’s award-winning magazine, has filled this critical role. GeneWatch covers a broad spectrum of domestic and international issues: genetically engineered foods, biological weapons, genetic privacy and discrimination, reproductive technologies, and human cloning. GeneWatch features articles by international experts in the field, interviews of critical figures, profiles of every-day individuals impacted by developments in biotechnology, and reviews of books and movies.

GeneWatch is available by subscription for delivery or for free online. Please visit the CRG website for more information at

Since 1983, the Council for Responsible Genetics has represented the public interest and fostered public debate about the social, ethical and environmental implications of genetic technologies.  CRG is a leader in the movement to steer biotechnology toward the advancement of public health, environmental protection, equal justice, and respect for human rights.

Maryland police DNA tactics again at issue in top courts

An Anne Arundel County man who was found guilty of a burglary based in part on DNA evidence asked a state appellate court Thursday to throw out his conviction, arguing that police improperly kept his genetic information in the database they used to link him to a Coke can from the crime scene.

George Varriale, 46, gave a DNA sample to Anne Arundel County police in 2012 as they were investigating a reported rape. The sample did not link him to that crime, but police later used it to place him at the 2008 burglary of a Glen Burnie business.

Because Varriale was not charged in the rape case, his lawyer told the Court of Special Appeals, police should not have retained his information.

Varriale’s appeal challenges the little-known but widely used police practice of holding on to genetic information volunteered by individuals in one case so that it may be used in future investigations.

Critics have called for such records to be thrown out, much like the highly regulated samples that the U.S. Supreme Court has ruled Maryland may take from suspects charged with serious crimes.

Because Varriale volunteered his sample, he was not subject to the same protections — a distinction his lawyer says led to the violation of his rights.

“He did not consent to the state doing what it wants with his DNA for the rest of his life,” said defense attorney Thomas Mack.

The case represents the latest front in the battle over police use of DNA in Maryland and beyond. The nation’s high court gave its blessing last year to the state law that allows authorities to collect samples from suspects who are charged with serious crimes — but that statute requires police to discard the information when a defendant is cleared.

Police say DNA is an important tool to build strong cases against rapists and other dangerous criminals. But defense attorneys and civil rights groups are concerned that as the databases grow in size and sophistication, they will be used to intrude on the privacy of citizens who have committed no crime.

In another case this week, the state’s highest court heard arguments over DNA that was collected without a suspect’s knowledge by swabbing the arms of a chair in a police interview room. That case turns on whether people’s genetic information, when shed involuntarily, is private.

Varriale’s case touches on similar issues. Mack, his lawyer, said in court that Varriale was in the dark about how his information would be used. Mack said investigators went beyond what his client agreed to.

A lawyer for the state countered that police routinely keep material from investigations, such as mug shots and fingerprints, and called the practice innocuous.

The state law that reached the Supreme Court includes protections that do not apply to individuals who volunteer their information. Varriale is among almost 8,000 criminal suspects whose data is on file at Maryland police departments, whether or not they have been convicted of a crime.

The investigation into Varriale began in July 2012, when Anne Arundel County police identified him as a possible suspect in a reported rape.

Varriale, who was living at the time in a small camp behind a liquor store, agreed to let police take swab samples of his DNA and collect his saliva. The samples did not match DNA found on the alleged victim.

But the Police Department uploaded Varriale’s information into its DNA database and it came back as a match to the Glen Burnie burglary. He was charged last year, entered a guilty plea that allowed him to appeal, and was sentenced to probation.

The arguments in Varriale’s case Thursday centered on the form he signed when he agreed to be swabbed. Mack said that even the detective investigating the rape did not appear to know the genetic data would be kept.

“If you exceed the scope of the consent given, the consent becomes invalid,” Mack argued.

But Assistant Attorney General Robert Taylor Jr. said the form gave Varriale fair warning because it included wording that said the DNA could be used “in any future criminal prosecution.”

The panel of three judges gave no indication of which way they would rule, but Judge Kevin F. Arthur said the form looked as if it had been written by “someone who failed out of high school English.”

Mack said he thought police had intentionally written a misleading form because they did not want to reveal the full scope of what they can do with DNA data.

Maryland authorities have long had the power to collect DNA from felony suspects. A 2008 law empowered police to collect samples from people without their consent if they are charged with violent crimes or serious burglaries.

When legislators expanded the state’s DNA law to include collecting information from arrestees, they sought to address concerns over privacy and racial profiling by requiring police to expunge the information of defendants who are not convicted.

With that safeguard in place, Mack argued, if Varriale been arrested in the rape case he likely would not have been charged in the burglary. He wrote in court papers that the lack of protections could deter people from cooperating with police.

The Baltimore Sun reported last year on uses of local DNA databases that critics say are not in the spirit of the state law and allow police to keep the information of innocent people on file.

Police say the law covers only material collected from people who are charged or convicted. Del. Jill P. Carter, a Baltimore Democrat, filed legislation this year to extend the protections.

“We’re really allowing DNA from crime victims and completely innocent persons to be stored in … a more liberal way than … we’re allowing for arrestee DNA and convictee DNA,” Carter said.

A state police official told a legislative committee last month that Maryland’s crime labs had signed an agreement not to keep material gathered from living victims. They also pledged not to reuse genetic information volunteered by a suspect in one case in subsequent investigations.

Daniel Katz, the head of the state police crime lab, said the agreement should dispel concerns about lab practices. Katz said Carter’s bill would have diminished the ability of officers to solve crimes.

The legislation did not pass, and Taylor wrote in court papers that the General Assembly’s lack of action should be taken as a sign that it supports keeping samples collected from suspects.

“The fact is that [keeping the information is] prohibited by neither the Constitution nor Maryland law,” he wrote.

Ian Duncan, Baltimore Sun

New Law Limits DNA Collection in Idaho

In a legislative session filled with controversy and tension, one bill made it through the legislature without one dissenting vote.
Senate Bill 1240a, written by Republican Senator Jim Rice, Democrat Senator Elliot Werk, and Republican Representative Lynn Luker, aims to protect Idahoans’ privacy by limiting when law enforcement can collect DNA samples.

Last June, the U.S. Supreme Court made a ruling that would allow law enforcement to get a DNA sample upon arrest. This case originated in another state, but Idaho lawmakers wanted to make sure it doesn’t happen here.

“Once we start down the road of simply collecting DNA upon arrest, that’s a pretty slippery slope,” said Werk. “In Idaho law it is very, perfectly clear now that it’s only upon conviction, a criminal conviction, or with a court order.”

If you are convicted of a felony, your DNA is collected and put into a national database. Prosecutors also wanted to make sure the bill allowed them to get DNA of certain suspects.

“Let’s say that somebody was a suspect in a rape case,” said Werk, “A prosecutor could go to a court, with probably cause, request a warrant to be allowed to collect a DNA sample from an individual, and then they could collect that DNA sample.”

Senator Werk said the law is important in ensuring certain rights of Idahoans and making sure that arrest alone is not enough reason to collect someone’s DNA.

“The idea that DNA is useful in criminal investigations, everybody acknowledges that, but that doesn’t mean we should willy nilly go and start collecting DNA samples from the population in the state of Idaho,” Werk said. “DNA is your blueprint of you as a human being.”

Werk said that unlike a fingerprint, DNA reveals information that some people should not have to share.

“It’s a search and seizure of a person, taking an actual sample of your DNA,” Werk said. “We need to protect the rights and the liberties of our citizens and restrict the ability to be able to collect DNA.”

Governor Otter signed the bill on March 26. The law goes in effect on July first.

Stephanie Zepelin, KTVB

Fearing Punishment for Bad Genes

About 700,000 Americans have had their DNA sequenced, in full or in part, and the number is rising rapidly as costs plummet — to $1,000 or less for a full genome, down from more than $1 million less than a decade ago.

But many people are avoiding the tests because of a major omission in the 2008 federal law that bars employers and health insurers from seeking the results of genetic testing.

The Genetic Information Nondiscrimination Act, known as GINA, does not apply to three types of insurance — life, disability and long-term care — that are especially important to people who may have serious inherited diseases. Sponsors of the act say that they were well aware of the omission, but that after a 14-year effort to write and pass the law, they had to settle for what they could get.

That leaves many patients who may be at risk for inherited diseases fearful that a positive result could be used against them.

They include Brian S., a 33-year-old surgical resident in Pennsylvania, who has a 50 percent chance of carrying a genetic mutation that causes Cadasil, a fatal neurological disorder that afflicts his mother. “I kind of want to get tested,” Dr. S. said, speaking on the condition that his last name and other identifying details be withheld. But because he wants to apply for life and long-term-care insurance, he has decided against it.

There is no way of knowing how many people fall into this category, but experts say such concerns are mounting.

“It was all moot a few years ago,” said Dr. James P. Evans, a professor of genetics at the University of North Carolina, Chapel Hill. “It’s suddenly now become real because people increasingly have access to what’s in their genomes.”

Dr. Robert C. Green, a genetics researcher at Harvard Medical School, studied the behavior of those who had recently learned they carried a genetic marker that predisposes them to early Alzheimer’s disease. They were five times as likely to buy long-term-care insurance as those in a control group.

But while patients seek the protection that insurance offers, many are concerned about the possibility of paying higher premiums or being denied coverage altogether because of the known existence of a dangerous mutation.

“The fear is potent in our society that insurance companies are asking,” Dr. Green said. “The No. 1, 2 and 3 issue that subjects are concerned about is, will they be discriminated against if this is in their medical record?”

Just three states — California, Oregon and Vermont — have broad regulations prohibiting the use of genetic information in life, long-term-care and disability insurance.

At least one insurer, the Northwestern Mutual Life Insurance Company, asks potential customers in Massachusetts about genetic testing — and stipulates that refusing to share results could lead to a declined application or an extra premium. Jean Towell, a spokeswoman, says applicants are told “out of fairness” that insurers have the right to decline coverage if any medical information is omitted.

“We think it’s best to have it all spelled out in black and white so buyers can make a well-informed decision,” she said.

At least for now, 12 other companies ask no explicit questions about genetic testing. But when Dr. Green asked company executives why not, he said, “at least one of them has told me, ‘We would do this, but we don’t want to be the first.’ ”

Still, he added, “you can imagine a world where millions of people have this information, and that would reach a tipping point that the insurance companies can no longer ignore.”

Even if most insurers are not asking now, they do seek out medical records and can use genetic test results listed there. By contrast, under the federal law, an employer who asks for an employee’s records must tell the provider to withhold any genetic information.

Robin Bennett, a genetics counselor at the University of Washington, sees patients almost every day who express fears about how their test results might be used.

Some ask, “could we not put it in their medical records,” she said, “but they don’t realize that if we’re going to take action on their information” — such as preventive surgery to lower risk for breast cancer — “it has to be in their records.”

The American Medical Association’s code of ethics states that “it may be necessary” for doctors to maintain a separate file for genetic test results so the information is not sent to insurers. A study published last year by Dr. Robert L. Klitzman, who directs the Masters of Bioethics Program at Columbia University (in which this reporter is a student), found that 4.5 percent of 220 general internists admitted to hiding or disguising genetic information.

“With electronic medical records, it’s not clear what will happen,” he said. “Will it become impossible to hide certain kinds of data? Will there be a way to section some things off? A lot of this is still being worked out.”

But even if such results can be kept private, patients could be penalized. A life insurance broker for Accuquote, an online service that compares insurance policies, said that if an applicant carried a highly predictive marker for a disease like Alzheimer’s and failed to disclose it, that would be “guilt by omission.”

As the cost of sequencing falls, some experts worry that insurers may run their own tests on specimens they collect. Only one state, New Mexico, requires that applicants be informed of such tests.

Fear of discrimination affects research participants as well as patients. Dr. Green said that 23 out of 94 volunteers who walked away from a sequencing study did so because of concerns about insurance.

To recruit subjects who refuse genetic testing, Dr. Steven M. Hersch, a laboratory director at the MassGeneral Institute for Neurodegenerative Disease, designed a study to allow patients at risk for Huntington’s disease to participate in a clinical trial without being told their mutation status.

“Insurance fears play a big role,” he said. These worries, he added, are spreading to a growing community of people aware of predictive testing for hereditary illnesses like Alzheimer’s, breast cancer and colon cancer.

Not everyone is convinced that such discrimination is a major problem.

“There’s this theoretical risk,” said Dr. Leslie G. Biesecker, a chief investigator at the National Human Genome Research Institute, adding that he was not aware of anyone who had faced discrimination after participating in genetic research.

“Participants are more likely to be in serious car crash going to or from the research center,” he said.

But Dr. Klitzman, at Columbia, says genetic discrimination can be subtle.

“Someone may not know exactly why they were turned down,” he said. Or patients who have been discriminated against “may not go public because then they’d be letting everyone know they have X mutation.”

Consumer advocates say comprehensive federal legislation is needed to assure people they can safely participate in genetic research and testing.

“We are already late in the process of addressing this issue through public policy and law,” said Jeremy Gruber, president of the Council for Responsible Genetics . “The question is how soon are we going to realize that we need to act now.”

Insurance industry representatives, by contrast, argue that they may need genetic information to make underwriting decisions.

Barring long-term-care and life insurers from obtaining applicants’ test results “could lead to adverse selection and impact the stability of rates,” the American Academy of Actuaries said in a statement.

The author of the 2008 law, Representative Louise M. Slaughter, a Democrat from upstate New York, was noncommittal about any changes. “Given the rapid pace of technological innovation, the uncharted waters that we are navigating when it comes to genetic information, and the arduous, 14-year effort to finally pass GINA into law, we must be extremely judicious in our next steps,” she said.

As for Brian S., he and his wife want to have a baby. But because he has decided not to be tested for the fatal neurological disorder, they are considering in vitro fertilization with pre-implantation genetic diagnosis.


That would allow any embryos carrying the dreaded mutation to be silently screened out, keeping him ignorant of his own status — and able to apply for life and long-term-care insurance without fear of being turned down.

Kira Peikoff, NY Times

Please join us April 17th in Berkeley to discuss genetic privacy!


The frightening truth about the security of our healthcare data

Is your healthcare data safe? That’s not something most people think about on a regular basis. We take for granted that our medical records, family histories, insurance coverage and the rest of the data associated with our health is protected carefully by those who create and store it.

But the truth is that we are struggling right now as a society to figure out how to secure digital information–both legally and against the threat of data hacking, theft or loss.

The United States’ recent adoption of new healthcare laws and procedures includes requirements for hospitals and other care providers to digitize medical records. Digitization of health data is cost-effective, efficient and offers a wealth of benefits. Eventually, patients will be able to log in and access their entire medical history in one place, helping them become more informed consumers of healthcare. Some states, like Massachusetts, have already taken major steps in this direction.

But having our healthcare data readily available for positive purposes online means it’s also readily available for those who are interested in exploiting or misusing the information.

Recent technological advances have made medical data both richer and more valuable–and thus more dangerous in the wrong hands.

For example, the mapping of the human genome and resultant medical advances like genetic testing have made it so that patient information will remain highly sensitive even beyond a patient’s lifetime. While Obamacare has made it illegal for U.S. insurers to deny coverage due to preexisting conditions, it’s entirely possible that people could be discriminated against in the hiring process if employers were able to learn about their genetic predispositions. Genetic discrimination is technically illegal in the U.S. and some other countries, but it is very difficult to enforce these regulations and to prevent misuse of data.

Additionally, if our healthcare data isn’t well-protected, biological crime could become a serious problem. Criminals could target patients with specific conditions, leak sensitive information to the press or tamper with medical devices like pacemakers (famously dramatized in a recent season of “Homeland”), for example.

We also need to consider who we are giving our health data to and why. Today it’s not just hospitals or doctors who can access our health data; we readily hand it over to many other organizations. Wearable technologies that measure, transmit and analyze data about our health are on the rise today, and while they offer a host of benefits, they have also opened the door to a whole new set of medical security issues.

Moreover, genetic testing companies like 23andme and other bioinformatics startups collect some of the most personal health information that exists. Before you sign up for a health monitoring app, purchase a fitness tracking device or send in your saliva sample, it’s important to find out how these companies secure their data and what assurances you have that your information will be kept safe and private–both now and in the future.

In both the United States and Europe, there are now strong penalties for loss of customer personal and medical data by companies or organizations. At a minimum, they must comply with HIPAA privacy and security regulations, train all employees on how to protect sensitive information and notify customers — and in some cases local media — of any data breaches. Providers have a strong incentive to prevent breaches, moreover, since they cost an average of $130 to $136 per lost record according to the 2013 Ponemon Data Breach Report.

However, one thing that many people–including lawmakers–may not realize is that medical records do not just need to be protected today. Cyber criminals will soon be able to hack messages that were sent in the past, rendering even years-old data vulnerable. Information could even be intercepted today and then stored until a computing device is available that can decrypt that data. And new computers are being developed today that will render many of the mathematics-based security protocols that we rely on obsolete. All organizations that collect, store or analyze consumer healthcare data need to consider how they will respond to this imminent sea change in data security.

The best way to protect our data is to be honest about where security vulnerabilities lie and to begin implementing failsafe protocols that will protect us against the technology of the future. We also need comprehensive legislation that addresses these concerns and establishes common data protection standards, and we need consumers to educate themselves and make careful decisions about how and when they share their health information. If we don’t take action to protect our healthcare data now, it may soon be too late.

Grégoire Ribordy, GIGAOM