Patient Support & Advocacy

Protect sensitive individual data at risk from DTC genetic tests

Tanya Albert Henry , Contributing News Writer

At-home kits to test DNA carry more risks than consumers realize. The AMA says it’s time for new privacy standards to govern this burgeoning market.

Take AMA on the Go

Explore new ways to stay on top of breaking news, great discussions and more—all on your tablet or mobile device.

Use of direct-to-consumer (DTC) genetic tests has grown exponentially over the past decade, with an estimated 100 million individuals expected to have undergone the testing by the year’s end, according to an AMA Board of Trustees report adopted at the November 2021 AMA Special Meeting.

And physicians say more needs to be done to ensure there are safeguards in place for people to protect their sensitive information.

“People curious about their ancestry shouldn’t be worried that the data extracted from saliva will be shared,” said Thomas J. Madejski, MD, a geriatrician and AMA trustee. “This can have serious consequences, and again highlights the need to demand privacy for health care records, even seemingly innocuous ones.”

Related Coverage

How physicians should follow up on direct-to-consumer genetic tests

Federal protections in the Genetic Information Nondiscrimination Act of 2008 (GINA) are limited to health insurance and employment, the report notes, leaving consumers in most states without protections for areas such as life, disability, or long-term care insurance.

“In terms of privacy, increasingly it has been recognized that genetic data cannot be de-identified,” the board’s report says. “A DNA profile alone may be adequate to identify most individuals even in the absence of other identifying information, including individuals that have not previously participated in genetic testing.”

“Mail-order tests, while not administered by physicians, are nonetheless health records,” Dr. Madejski added in a statement. “People should be aware of that—and so should regulators.”

To address these concerns, the AMA House of Delegates adopted new policy to:

  • Work with relevant stakeholders to advance laws and regulations that prevent genetic testing entities without explicit, informed, and noncoerced user consent from transferring information about a user such as birthdates and state of residence to third parties which may result in the re-identification of the user based on surname inference.
  • Support privacy standards that would prohibit pharmaceutical companies, biotechnology companies, universities, and all other entities with financial ties to the genetic testing company from sharing identifiable information, including DNA, with other parties without informed consent of the user. An exception would be made for a duly executed court order or when compelled for public health or safety reasons as outlined in existing AMA policy. If a data security or privacy breach occurs with a DTC genetic company or its collaborators, then the company has the responsibility to inform all users and relevant regulatory bodies of the breach and the impact of the unprotected private data on those individuals.

Related Coverage

6 CME courses to help you navigate precision medicine
  • Advocate that research using consumer genomic data derived from saliva or cheek swabs or other human samples should be treated as research on human subjects requiring informed consent with, or similar to, those required by the Health and Human Services Office for Human Research Protection, and recommended an “opt in” option to allow more consumer choice in the consent process.
  • Advocate extending the consumer protections of GINA by adding long-term care, disability insurance, and life insurance to the act, modeled after the laws of other states, such as California.

Read about the other highlights from the November 2021 AMA Special Meeting.