You need a Social Security number to open a bank account or take out a mortgage. If this short string of personally identifying numbers were to fall in the wrong hands, the consequences could be devastating.
A saliva sample provides DNA testing companies with significantly more descriptive and intimate identifying characteristics than a Social Security number — revealing not only your genetic makeup but also that of your relatives and future generations. If you’re considering a DNA test, it’s important to consider if direct-to-consumer genetic testing (DTC-GT) companies are taking appropriate measures to secure your genetic privacy by safeguarding the information stored in your genetic code.
What Is Genetic Testing?
Genetic testing can be used to diagnose disease, predict how you will respond to a particular treatment and even screen embryos for known hereditary illness during in vitro fertilization — a process called preimplantation genetic testing (PGT). However, given the wealth of information a genetic test provides, the assurance of confidentiality and robust cyber security in healthcare are paramount to preventing discrimination in the workplace or the insurance industry.
Does DTC Genetic Testing Protect Your Genetic Privacy?
All physician-ordered genetic tests — like carrier screening — are regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This legislation protects the confidentiality and security of individual health information, requiring national compliance of all healthcare organizations. However, DTC-GT companies are not bound by HIPPA regulations, raising concerns surrounding the transparency of how your genetic information is shared and protected by this self-governing industry.
According to a 2017 study published in Nature, DTC-GT companies failed to meet international guidelines in three major categories: confidentiality, privacy and secondary use of data. Most troubling, the study showed that many companies had conflicting, confusing or nonexistent answers to basic questions, such as how test results would be shared with third parties, the storage and ownership of the data, and rights to profit and commercialization.
Currently, many DTC-GT companies share their customers’ data with researchers for scientific reasons — such as developing medical treatments for incurable diseases. However, the lack of regulatory oversight could lead to other parties, such as insurance companies, using the data to deny coverage to individuals at risk of developing an adult-onset disorder — like Alzheimer’s or Huntington disease. Additionally, according to the Sacramento Bee law enforcement is already using the wealth of freely available genetic data to solve crimes by tracing genealogy.
Cybersecurity in Healthcare
Finally, without stricter cybersecurity protocols DTC-GT leaves consumers vulnerable to hackers, a threat that has already been realized. According to the popular genealogy and DNA testing company MyHeritage‘s website, the email addresses of nearly 100,000 users were involved in data breach that occurred in June 2018.
Discussing your health concerns with your doctor or a genetic counselor to determine if you need a physician ordered genetic test is critical to give you peace of mind and ensure the genetic privacy of yourself and your family.
Dawn Michelle Lipscomb, PhD, is a biophysicist, podcast host, and science writer. While finishing a dual B.S. in Physics and Biology at UT San Antonio, she published research on planetary biosignatures for space exploration at NASA-JPL and designed THz bioeffects experiments for human tissues at the Air Force Research Laboratory. In 2017, she completed her Biophysics doctorate at UC Berkeley by developing a new method for imaging proteins that regulate gene expression using cryo-electron microscopy. Today, she co-hosts a live video podcast series on regenerative medicine and writes articles about groundbreaking research in aging and genetics.