Bioinformatics Privacy issues and the Internet collide

by David Orenstein freelance writer

Mix genomics with the Internet and you get bioinformatics—the power to analyze and distribute scientific information with unprecedented speed. That may be exciting for scientists and doctors, but it has laypeople quivering down to their bases.

People are so nervous about the misuse of genetic information that they might not be willing to participate in clinical trials and other studies. But such studies are necessary for fulfilling the scientific and medical potential of the genomics revolution. To achieve the power of bioinformatics, science must assuage the public’s privacy fears.

Arthur Holden thinks he has the answer. Although Mr Holden is a businessman, not a doctor, he has established a great reputation in the genomics world as chairman of the SNP Consortium, a public registry of single-base differences in DNA, and the Mouse Sequencing Consortium. Mr Holden also is CEO of First Genetic Trust, a Chicago company that hopes to be a trusted third party for storing and protecting patients’ genetic information, releasing it only to researchers or doctors with patients’ consent. Mr Holden argues that FGT can protect patient privacy and facilitate medical research.

Mr Holden makes a good case. Like a bank, FGT can store something incredibly precious while making its transfer easy and secure. FGT offers patients Web-based applications that let them make decisions about releasing their information based on informed consent. Behind the Web pages, the data is stored securely. For doctors, the company offers Web-based access to genetic data (pending the patient’s permission) as well as enrollment tools to get patients into potentially helpful trials. Researchers, meanwhile, get access to data they need. FGT even will analyze the data for them. Mr Holden asserts that all the information is handled in full compliance with the alphabet soup of regulations, including HIPAA.

While the company offers users an accessible Web-front end, Mr Holden says, it protects the data with more than one firewall and a complicated encryption scheme. Both the patient’s private key and the encryption itself change frequently in a sequence that only the company can predict. In that way, even if hackers get a key, it works for only a short while.

But Henry Greely, the director of the program in Law, Science, and Technology at Stanford University, refuses to put DNA on a pedestal and is somewhat skeptical of FGT. He suggests that DNA is rightfully viewed as only a part of a patient’s overall medical record. Treating DNA with special care would reinforce the public’s misperception that DNA is magical and special. Instead, he argues, all medical information should be kept secure because it is all related. For example, if I tell you I have Parkinson’s disease, I have told you genetic information even if it wasn’t in genetic terms. Meanwhile, he adds, FGT will not be protecting a patient’s privacy if it gives a researcher scientifically relevant information, such as date of birth, place of birth, gender, and race. At least for small-town places of birth, that information might be enough for a nosy researcher to identify a patient and link him to his genes.

Mr Greely’s overall point is this: No one can guarantee security, no matter how good the technology. No system truly is uncrackable from the outside, and information still could be compromised by an employee on the inside. As much as we’d like to march boldly and proudly into this new era of bioinformatics, neat and quick fixes to the problem its power raises just won’t be available.

David Orenstein is a technology and business writer in Silicon Valley. If you'd like to learn more about a certain computer topic, e-mail him at davealli@home.com.