The use of information technology in the healthcare sector has spurred rapid growth in health-related databases. Genomics, bioinformatics and technologies for genetic testing are adding to this growth. In most OECD countries, health data and genetic data are currently treated in the same way as other personal or sensitive data in terms of protection. But how can we effectively protect privacy in these new types of data and in the electronic ways of processing and storing it at the global level? Right now, international debate suggests, we could do better.
Genetic data is generally covered by confidentiality and personal data protection laws, combined in most countries with recourse to over-arching constitutional protection, or human rights legislation. But even this arsenal may not be enough to cover the very specific and detailed information contained in genetic and genomic data. A person¡¦s ¡§genetic fingerprint¡¨ may reveal important information not only about the individual being tested, but also about family members such as a hereditary predisposition to develop breast cancer or Huntington¡¦s disease, which may ultimately have a great impact upon his or her life, including reproductive choices and even life insurance. So privacy and data protection in this area are an important policy issue.
In considering personal data arising from genetic testing there are several elements that could be clarified, notably the definition of personal data in relation to genomics and the distinction between genetic/genomic data and other health data. Other examples would be to clarify the settings, purpose and modalities of collection of genetic/genomic personal data (medical context, specific research, criminal, etc.), as well as the circumstances under which such data could be transferred, shared and passed on for secondary purposes. If a person has consented to donate DNA for a study on obesity, can the same DNA be used subsequently for research on asthma? And then can the information be used for commercial purposes?
Clearly, we have to ensure that data about a person¡¦s genetic make-up remains private. The question is, how? Is ¡§knowing and voluntary¡¨ consent the general condition to have such data collected, stored and used? There is an issue of whether the same consent requirements apply to public health use of the data, public security use of the data or commercial use of the data. And the circumstances, if any, under which one family member has the right to access the genetic information of another family member have to be cleared up too. There is also the whole question of what rights the individual, or even a community, has over data arising from genetic testing once it has been gathered and stored for a particular purpose.
Many research centres and private laboratories are setting up DNA banks of entire populations. There seems to be no agreement as to how long this DNA can be stored and little uniformity as to what type of information should be given to those who donate their DNA. Another critical issue is privacy protection when linking databases and biological samples.
International bodies and professional organisations overwhelmingly agree that protecting the identity of an individual in data collection and storage is a key concern. People may avoid tests or treatment if they fear the results will not be totally confidential. All current guidelines cite the need for ¡§appropriate technical measures¡¨ to protect data, yet little progress has been made in clarifying what the term ¡§appropriate¡¨ should signify and how this goal can be achieved in practice. And there has been little discussion of the possible consequences of making key health data irreversibly anonymous and whether this is truly desirable.
There may be cases where it would be important to identify individuals, for example, if a gene mutation reveals that some individuals might be at risk of life-threatening side effects from a particular drug. We also need clear definitions of what constitutes anonymous data, where the subjects are, in theory at least, permanently unidentifiable; coded data where only those with the key to the code can access information to identify a particular person; and de-identified data where the identity is easier to re-establish.
A 1997 report to the US secretary of health and human services on privacy and health research provides a compelling review of security issues. As this document highlights: ¡§security has many dimensions; the special challenge (in the health sector) is to keep data sequestered and protect its integrity, but at the same time to keep it accessible for authorised users who have legitimate need to use it¡¨.
Over the past decade the OECD has built expertise in privacy and confidentiality issues using a science and rules-based approach. Benchmark principles on data protection were developed by the OECD in 1980 and have been integrated into laws and regulations in many countries.
The OECD also developed in 1992 and 1997 guidelines on security of information systems and cryptography policy, which identifies the basic principles that governments should take into consideration when developing policies on security or cryptography.
But we need to know how the OECD¡¦s ¡§Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data¡¨, ¡§Guidelines for the Security of Information Systems¡¨ and ¡§Guidelines on Cryptography Policy¡¨ could apply in the context of genetic testing.
This would involve exchanging information to identify practices currently available for protecting privacy and ensuring adequate security, and issuing practical guidance (on the basis of this exchange of information) on how to implement the OECD guidelines on privacy, security and cryptography in the context of data arising from genetic testing. All of this has an economic impact, as it may affect the use of informatics for analysing genomic data, the globalisation and commercialisation of research in genomics and subsequent improvements in health.
But there are also social questions. There is growing public concern that in the absence of appropriate safeguards, data arising from genetic testing and related databases may negatively affect human rights and democratic freedom. Lack of public acceptance could impede progress in research and development, and potential improvements in the health of populations around the world.
Developments in genetic research offer the possibility of better prevention and treatment for a host of health problems, but policymakers need to address public concerns about the privacy problem to ensure that the benefits of the new technologies are realised.
• Genetic Testing: Policy Issues for the New Millennium, OECD, 2000.
• Biological Resource Centres: Underpinning the Future of Life Sciences and Biotechnology, OECD, forthcoming.
©OECD Observer No 229, November 2001