A recent Wall Street Journal article by Twila Brase suggests that anonymous medical data may not be so anonymous. This piqued my paranoia antenna. Her concern focuses on the new 21st Century Cures Act, which not only significantly increased funding for cancer research and opioid treatment programs, but also created “an ‘information commons’: a government-regulated pool of data accessible to all health researchers, regardless of background, training or motive.” The new law does not give patients any method for opting out of this data-sharing. It specifically prohibits what is called “information blocking” by health care providers, forcing hospitals and doctors to share information with government researchers.
But this is America – I thought anyone could opt-out of anything!
Granted, all of this information is anonymized so in theory no one can figure out that a particular unique kink in some strand of DNA is your unique kink. But as my favorite ESPN sportscaster, Lee Corso, says every weekend: “Not so fast my friend!” Big Data and the analysis of the same may have taught us (and is continuing to teach us) how to reverse the anonymization process. Latanya Sweeny and colleagues at Harvard were able to identify a majority of individuals in the Personal Genome Project by name, using limited demographics. MIT geneticist Yaniv Erlich and undergraduate student Melissa Gymreck were able to identify 50 people whose DNA was available online in free-access databases. Now granted, both of these groups of people are extremely intelligent, likely way smarter than your average computer hacker intent on just stealing and then selling your credit card numbers. Right?
Who would buy this information anyway?
Maybe your employer? Let me introduce you to the Preserving Employee Wellness Programs Act (perhaps appropriately known as PEWPA), an act making its way through the House of Representatives, that will side-step the privacy protections in the Genetic Information Nondiscrimination Act (GINA) by making genetic tests that are part of workplace wellness programs exempt from GINA’s privacy protections (future headline “PEWPA poo-poos GINA?” – sorry, couldn’t resist). While meant to reduce healthcare costs, individual employees could face thousands in healthcare costs if they refuse to share their DNA in company sponsored wellness programs.
So my healthcare may cost me more if I don’t share my private genetic information with my employer even though reassured the data will be stored anonymously? What could possibly go wrong?
If you have never watched the movie “Gattaca”, please turn off your computer right now and go watch it. It provides at least one example of what could possibly go wrong. Then come back and tell me why I should not be just a little paranoid about the way things are heading.