Since at-home, direct-to-consumer DNA testing kits are still relatively new, fall somewhere in the murky area between the commercial and healthcare sectors and are not subject to HIPAA-protected physician approval, they can pose major risks to the privacy of users' most personal health information.
Until stricter laws are put in place to regulate how consumer genomics companies use and share data, they are largely at will to distribute it to third parties such as insurance companies, law enforcement, pharmaceutical companies and more. Mailing in a cheek swab is registered as consent for 23andMe, Ancestry.com and their competitors to share a customer's DNA results with a whole host of third parties.
Here, according to The New York Times, are tips for protecting at-home test data both before and after submitting DNA for testing.
1. Choose a major company: James Hazel, PhD, a postdoctoral fellow at the Center for Genetic Privacy and Identity in Community Settings, told NYT that larger, well-known companies like 23andMe, Ancestry.com and MyHeritage are more likely to have comprehensive privacy policies that hold them accountable for users' data privacy than smaller, newer firms.
2. Read the fine print: Before signing up for a DNA testing service, read the privacy policy and user agreements to learn how and in what form data will be shared. For reference, "de-identified aggregate data" cannot be traced back to an individual, while "de-identified individual-level data" theoretically can. Additionally, the agreements may ask for permission to store DNA samples for future testing or to connect long-lost relatives with matching DNA, two deeply personal options that should be considered before giving consent.
3. Know how to revoke DNA test data: All of the major DNA testing companies offer customers the option to delete their data and test results from the company's database. Users should familiarize themselves with those processes, but keep in mind that some identifying data may still be kept on record and that deleting data from the testing companies will not necessarily revoke it from the third parties with whom it has already been shared.
More articles about health IT:
Carilion Clinic developing virtual toolset to improve opioid addiction care
AMA updates recommendations for medical AI usage
'We did what a hospital does every day' — How Hancock Regional responded to a ransomware attack