In late January, President Barack Obama announced what some have called a moonshot.
The $215 million Precision Medicine Initiative seeks to transform the health care system to target therapies to patients according to their unique genetics and environment.
The most ambitious part of the initiative is a proposal to enroll 1 million people in essentially a superstudy. Their genomes will be sequenced, their medical experiences will be chronicled through their electronic health records, and sensors worn by them will track their activities, behaviors and environmental exposures.
Participation in the program would be voluntary, but many are already concerned about the protection of the participants’ privacy. That includes the president.
“We’re going to make sure that protecting patient privacy is built into our efforts from Day One,” Obama said at the program’s announcement. “It’s not going to be an afterthought.”
Privacy is a reasonable concern for an undertaking that’s likely to generate exabytes of data (an exabyte is 1 quintillion bytes) on people’s bodies, behaviors and cellular makeup. And the issues range from protecting people’s identities and information to making sure participants have some level of control or knowledge of where the data generated is going and what it’s being used to study.
The effort complements other emerging for-profit ventures that are using large amounts of genetic data to try to help humans live healthier and likely longer lives.
Google, through its Google X life sciences division, intends to sequence thousands of people’s genomes and collect other physiological information to draw the clearest picture of human health yet and identify biological indicators of future disease. And Human Longevity, co-founded by maverick biologist Craig Venter, built the largest sequencing center in the world with the hope of processing 1 million genomes by 2020. It plans to combine those with data on people’s gut bacteria, health records and more to aid in the development of new therapies to prevent and treat disease.
“This is a bold, audacious kind of idea, but the time has come,” National Institutes of Health Director Francis Collins told “Fault Lines” in March about the government’s effort. “We have the chance to really find out what are the factors that keep people healthy or cause illness to happen and, when it happens, how to manage it.”
Target for cybercrime?
At a hearing about the Precision Medicine Initiative in front of the Senate Health, Education, Labor and Pensions Committee on May 5, Democratic Sen. Patty Murray of Washington state warned of the risks to privacy.
“In the last few months we’ve seen serious security breaches impacting families’ personal health information, and that’s unacceptable,” she said. “We need to be aware that data is being created that cybercriminals will want to exploit, and that means we will need to develop a strategy to protect privacy that meets today’s challenges.”
Collins responded that the White House, the NIH and the Office of the National Coordinator for Health Information Technology were all “deeply serious” about protecting the data of its volunteers.
He told “Fault Lines” that as a first step, he would de-identify the data, or remove any obvious identifiers — like names, addresses, Social Security numbers and dates of birth — from DNA samples and other health information.
But the lack of clear plan beyond that is troubling to some privacy advocates.
“I’ve heard almost nothing from any of the proponents of the Precision Medicine Initiative as to what structures they’re going to construct and put in place to protect this information,” said Jeremy Gruber, the president and executive director of the Council for Responsible Genetics. “I’m sure they’ll make all kinds of promises that they are appreciative of the issue and will address it.”
Details on security for the new effort may be scant, but medical centers all over the country are protecting sensitive information every day, largely successfully, noted Atul Butte. He heads the California Initiative to Advance Precision Medicine, which is starting two pilot research studies as a proof of principle for this approach to medicine.
“You could legitimately argue about how secure you can keep things on the Internet,” he said. “But would cybercriminals go after [genetic data] if there are banks with money storing their data online?”
Collins told “Fault Lines” that the Initiative aims to do the best it can to avoid obvious slip-ups that would leave volunteers’ data exposed.
“You can’t guarantee people that there’s no way that somebody — either accidentally or for nefarious purposes — might figure out who they are,” he said. “There’s no perfect way to deal with privacy in 2015.”
Concerns about data sharing
In the effort to build its cohort of 1 million, the Precision Medicine Initiative is likely to look for collaborators with information to marry into its database. Possible partners include the U.S. Department of Veterans Affairs, which is attempting to partially sequence 1 million veterans for its own research, and the extensive patient files at Kaiser Permanente of Northern California.
“We’re starting to see, very quickly in the last couple of years, particularly with these biobanks, an incredible effort to try to network now,” said Gruber. “So we’ve had the type of privacy protections that we’ve had not because any type of framework was in place to ensure them but simply because of the fact that these databases were separated.”
Sharing data is a key to the efficacy of precision medicine: the more data, the better when trying to find patterns and signals to develop possible treatments. But offering access to a data set can bring up issues of consent, with study participants not knowing what their information is being used for.
Take the case of 23andMe, a company in which Google is a major investor. Founded in 2006, 23andMe offered customers an analysis of their DNA that included assessments of their risk of developing various illnesses. In 2013 the U.S. Food and Drug Administration shut down that service.
In the past year, the company announced deals to share its database of 950,000 partial genome sequences with Pfizer and Genentech, among others, to study diseases. The moves prompted many critics, including Gruber, to accuse the company of misleading its customers by selling their data.
“More than 80 percent of 23andMe customers consent to research,” said a statement that the company provided to “Fault Lines.” “Ultimately, 23andMe customers own their data. Customers can decide to stop participating in research at any time and remove all of their information from our database.”
Hank Greely, a Stanford law professor who studies biomedical ethics, said that 23andMe customers might not have understood what they were agreeing to when they read the company’s consent form.
“It says, ‘I’m willing to let my data be shared for research into disease,’” he said. “It doesn’t say, ‘I’m willing to let you sell my data to Pfizer for $200 million.’”
When asked how he planned to avoid the sort of issues 23andMe had run into, Collins told “Fault Lines” that participants in the Precision Medicine Initiative would be treated as partners in the research and that they would have a say in deciding how much exposure they want their data to have.
He said it’s imperative that the program be flexible enough to accommodate people who will share anything if it will help others, as well as those who might later decide that they would like to limit the exposure their personal data gets.
“It’s going to be up to them to decide what’s an acceptable level of privacy and where are they willing to take risks,” said Collins. “And each individual, ideally, ought to be able to set that bar for themselves. Because we all differ.”
Nikhil Swaminathan, Al Jazeera