Questioning the Limits of Genomic Privacy

摘要: To the Editor: Recently, Im et al.1 presented a method that can infer an individual’s participation in study when regression coefficients from quantitative phenotypes are available. They demonstrated era of increasing use high-throughput technologies to integrate multiple-omics data sets, “problem identifiability” necessitates creation robust methods (e.g., annual certification process) facilitate broad dissemination results without compromising a participant’s privacy. In this letter, we would like qualify conclusions et al., and several other commentators,2–5 by illustrating (1) despite perceived ease of reidentification, anonymity (and genomic privacy general, which subsumes identifiability as critical elements informational control) remains valid vital concept (2) models currently exist useful health compromising We think topic addressed et al. is all more given European Union (EU), United States (US), jurisdictions presently reforming their privacy, data, human subjects research protection frameworks. As policymakers, scientists, public grapple with growing deluge concerns about key issue will be examine legal definition “personal data.” The EU’s newly proposed regulation defines personal “any information relating subject.” A subject “identified natural person” (i.e., person whose identity such name, address, or birth date, known) “natural who identified, directly indirectly, means reasonably likely used by... [a]... person.”6 A recent revision regulation’s data” adds “[i]f identification requires a disproportionate amount time, effort, material resources, living shall not considered identifiable.”7 US, according Health Insurance Portability Accountability Act 1996 (HIPAA), “individually identifiable information” identifies individual for “there is a reasonable basis believe it identify individual.”8 Neither nor HIPAA provide definitions “anonymous” “anonymization,” have distinct technical meanings,9 but nationally internationally recognized exist, though they unfortunately continue lack terminological standardization.3 For example, Article 29 Working Party anonymous a... where cannot identified... taking into account used.”10 us, clear recognition utility data. Yet, comes biological DNA parameters, many simply no longer exists because term “identifiable” seemingly now applies everyone every “anonymized” sooner later identified some technology method. This argument overlooks points. First, a biospecimen itself does contain Even if determined certain probability biospecimen originates specific matching different assessing individual.11,12 Furthermore, uncertainty there determining reidentification, become; absent true authenticity, reidentification risks minimal.13 on deidentified anonymized biomedical possible databases voter registration hospital discharge court proceedings accessible, survey showed properly “deidentified” (to say nothing anonymous) extremely difficult achieve practice.14,15 sum, lending unreasonable credibility remote confuses multiple, justifiably separate data,” “data subject,” “anonymous,” leads burdensome “gross overexpansion [privacy] framework.”16 This turn threatens advancement practical concept, curtails beneficial uses reduces incentive anonymize collect data.17 both science law, then, vitally ongoing concern. Remote exceptions form common rule. Data “personal” “anonymized.” Second, similar our objections those treat “personal,” widespread failure accept rapid technological progress being made, particularly genomics population biobanking, simultaneously protect interests promote scientific breakthroughs.18–20 Current practices access agreements already incorporate process propose.21 There ample reasons move past stale dichotomy false choice embrace possibilities emerging technologies, processes, projects. Far potentially harming participants researchers, work within regulatory framework legislation demonstrate how may innumerable benefits. Certainly most pressing concern interface medical participation. Indeed, areas warrant greater focus community, group-based issues where, example, “nontransparent allocation individuals groups based known inferred traits combination thereof raise related ability one’s own interest avoid discrimination.”22 share others advance, use additional characteristics pose challenges interests, need reconceptualized remain relevant 21st century medicine. regarding veritable limit must tempered nuance. It only through acceptance anonymity, evidence conclude risk remote, adoption successful “win-win” situation. Anonymous legally ethically bridged while respecting participants, along society whole.