Posted by: AllinHIT
Genetic PHI, gPHI, Human Genome Project, Privacy and security
Hospitals, business associates, covered entities and the rest of us in the industry are quite aware of the record-breaking year of PHI breaches, with the HIPAA security rule defining what constitutes a “breach.”
What might not be so familiar is the breach vulnerability of a special kind of PHI: Genetic PHI, which I will subsequently refer to as gPHI. As a layman, I will define gPHI as a patient’s genetic map containing genetic markers and chromosomes which define who you are. Truly, it’s your DNA!
DNA and genetic information are vital for researchers. New, more effective drugs and personalized medicine are all possible by understanding both one’s DNA and DNA group (African American, Indian, Anglo, etc.). Projects like the Human Genome Project and the 1000 Genomes Project were highly successful and will lead to many of the aforementioned advances.
We all know about the many genealogy websites (e.g. Ancestry.com) that provide tools to research lineage and family history. As reported by The Wall Street Journal on Jan. 18, researchers were able to identify participants in genetic studies – when they were supposed to be anonymous! With no malice at heart, the researches wanted to display the vulnerability of gPHI using public genealogy websites. If a public website contains Y chromosome data and the surname of males, then those chromosomes can be easily matched with participants in the studies. I repeat, this feat only requires knowing one male chromosome and a surname. What’s more, researches can use those little bits of information to find relatives.
The good news, bad news about this? The good news: this gPHI “breach” can only be performed by researches with special skills. The bad news: there are a plethora of these sites for researchers, easing the opportunity for gPHI breaches.
What makes gPHI so special and necessitates a new frontier of protection? This data can be used to determine disease predispositions, family history, and, if accessed by insurers, employers, sperm banks, and others, to discriminate! In 2007, this fact was not overlooked by the Honorable Louise Slaughter, U.S. House representative from New York. She introduced the Genetic Information Nondiscriminatory Act (GINA), which was signed into law in 2008 . GINA provides federal protection from discrimination in health insurance and employment based on one’s genetic map.
So GINA does provide some protection, and that is great. However, it does not stop researchers from genetic matching in order to identify donors.
Considering some of the sites containing this information is public, it complicates the task of protecting gPHI. David Altshuler, co-chair of the 1000 Genome Project, warned his participants and donors in 2008 that he would take all the necessary precautions to keep them anonymous. But with new technological advances, it very well be possible one day to identify them. I think that day has arrived!
Read more about genetic analysis.