Main

The clinical use of genetic/genomic information is becoming an increasingly important aspect of modern health care delivery. At the same time, the increasing role of health information technology platforms in organizing health information has led to the need to review the confidentiality, privacy, and security of electronic information.1,2 Electronic health records (EHRs) provide a useful way to manage complex medical information; as such, EHRs will become established in the future as the means to manage the large and complex datasets that accompany genetic/genomic tests and interpretations. The inclusion of genetic/genomic information in EHRs should inform the determination of disease risk, appropriate drug dosing to avoid adverse events, and the selection of effective treatment.35 However, electronic health information is portable and mobile; the ease with which information can be disseminated through EHRs raises concern about the potential for unauthorized access to and use of this information. A major policy question, then, is whether special protections should be created for genetic/genomic information that is stored in the EHR.

The authors, who are all members of the Personalized Health Care Work Group of the American Health Information Community, created this consensus document to help aid discussions on this important topic. This document was created through a series of meetings, telephone conferences, and email exchanges. The goal was not to unequivocally answer the important and complex question of whether special protections should be created for genetic/genomic information in the EHR, but to provide reflection on some points to consider in developing policy for handling genetic/genomic test information.

GENETIC/GENOMIC INFORMATION AND THE ELECTRONIC HEALTH RECORD

Several laws, including the Americans with Disabilities Act (Public Law 101–336) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA; Public Law 104–191), have been enacted to protect the rights of individuals with regard to the access and use of sensitive personal information and to reform group health insurance, respectively. Regulations such as the Privacy Rule6 and the Security Rule7 have been promulgated pursuant to HIPAA to address issues regarding shared health information. The Privacy Rule was designed to ensure that individuals' health information is properly protected without impeding the information flow necessary to provide high-quality health care. The Security Rule provides standards for the security of electronic personal health information.

The Privacy Rule defines and limits the circumstances in which an individual's protected health information (e.g., information that could identify the individual, such as name, address, or Social Security Number) may be used or disclosed by “covered entities” such as health plans, covered health care providers, or health care clearinghouses. However, the broad networking capabilities enabled by the Internet can potentially extend the sphere of health information transfer beyond covered entities, and a Nationwide Health Information Network may expand the scope of information disclosed to include comprehensive health records from all of the patient's health care providers over the course of the patient's lifetime. This health information can be shared for a variety of “secondary uses,” some of which may violate state law, but may not be subject to coverage afforded by the Federal Privacy Rule.8

Further, as numerous health information databases and electronic record platforms become linked and interoperable, reidentifying individuals whose health information has been “de-identified” according to Privacy Rule standards becomes more plausible. The inclusion of genetic/genomic test information into the EHR increases the possibility that a person can be identified unequivocally on the basis of a few genetic variants.911

A diverse range of groups across the Federal Government are working to address the challenges and develop the policies necessary to facilitate the transition toward a more personalized approach to health care. To provide leadership for policy interventions that will enable the introduction of personalized medicine into commonly-used clinical practice, the U.S. Department of Health and Human Services has recently undertaken its Personalized Health Care Initiative.12 This Initiative has two guiding principles. The first of these is to support research that addresses individual aspects of disease and disease prevention with the ultimate goal of shaping preventive and diagnostic care to match each person's unique genetic characteristics. The second principle is to create an infrastructure for health care data and information exchange that will help researchers establish patterns that identify molecular/genetic “fingerprints” of disease.13 Federal advisory groups such as the Secretary's Advisory Committee on Genetics, Health, and Society,14 the National Committee on Vital and Health Statistics,15 and the American Health Information Community16,17 contribute further by considering issues that relate to the inclusion of genetic/genomic test information into the EHR. This article describes several pertinent topics that should be considered by these initiatives and advisory groups when policy is developed on this issue.

DEFINING GENETIC/GENOMIC TEST INFORMATION

A growing number of different methods of clinical analyses of gene-based information are captured by the broad definition of a “genetic/genomic” test, and this discussion is intended to incorporate both “genetic” and “genomic” test information. A wide variety of genetic and genomic information and analyses can be derived from testing in humans, including but not limited to targeted diagnostics (e.g., BRCA1/2 tests that evaluate single genes or polymorphisms in at-risk populations), population-based screening tests for specific gene-related disorders (i.e., newborn screens), and large-scale platforms (e.g., microarray DNA technologies that evaluate multiple genes or polymorphisms). Tests considered to be “genetic/genomic” include analyses of human DNA, RNA, and chromosomes to detect heritable or acquired disease-related genotypes, mutations, phenotypes, or karyotypes for clinical purposes and analyses of human proteins and metabolites used predominantly to detect inborn errors of metabolism, heritable genotypes, or mutations for clinical purposes. Tests used primarily for other purposes but that may contribute to diagnosing a genetic/genomic disease (e.g., blood smear, certain serum chemistries) are not covered by this definition.18

CHARACTERISTICS OF GENETIC/GENOMIC TEST INFORMATION THAT SHOULD BE CONSIDERED WHEN DETERMINING AN APPROPRIATE LEVEL OF PROTECTION

The inclusion of genetic/genomic test information in the EHR has raised issues regarding “genetic exceptionalism”; i.e., whether the information should be treated differently from other health information for purposes of data access and permissible use.1921 Genetic/genomic test information exhibits several characteristics that should be considered when determining the appropriate level of protection. It is important to note that any one of the characteristics listed below may not be unique to genetic/genomic information (i.e., exceptional) versus other health information. For example, low-density lipoprotein cholesterol level is predictive, and gender is generally considered immutable. However, these characteristics are relevant to consider holistically when determining appropriate protection of genetic/genomic test information. It should also be noted that this list is not intended to be interpreted as exhaustive or as prioritized; all characteristics should be considered, and importance may vary based on the context of discussion.

Uniqueness

Excepting identical twins, each individual has a unique genetic/genomic code. Therefore, independently collected samples can be matched with relatively high confidence on the basis of a small number of genetic variants.10 Consolidated databases of genetic/genomic information could potentially be mined for individual identification purposes. Moreover, as scientific understanding of the relationship between genotype and phenotype increases, genetic/genomic information may be used more accurately to predict an individual's physical characteristics from his/her DNA sequence information.11

Predictive capability

Some genetic/genomic tests can predict the likelihood of developing a given disease or the response to a specific drug. The complex interrelationships within an individual's genome and how it reacts to environmental conditions ultimately defines what may actually occur. The predictive nature of genetics is a critical yet complex consideration for developing policy regarding genetic/genomic test information. For example, while this information can inform preemptive action, it may also be used to discriminate based on predisposition. In addition, genetic/genomic test results could be used in the absence of other corroborating clinical signs or symptoms to inform health care management decisions.

Immutability

Genetic information is also immutable; an individual's germline/inherited information does not change throughout life. (Some cells in the body may have an alteration in DNA after conception, such as those introduced during DNA replication, for example. These mutations, referred to as somatic mutations, may cause cancer or other diseases. Inherited DNA does not otherwise change, and these somatic mutations can not be inherited or passed on). As such, public disclosure of personal genetic/genomic test information could create long-lasting and unpredictable effects, given unforeseen technological and interpretive advances.

Requirement of testing

Many genetic markers, particularly those for disease predisposition and drug response, cannot be ascertained in the normal course of clinical care; they must be derived from a genetic/genomic test. Although manifestations of some diseases (e.g., Huntington disease) imply the presence of certain genetic mutations, testing is usually required to inform an individual of a specific mutation that predisposes him or her to a specific condition.

Historical misuse

Genetic information has been misused to promote eugenics initiatives,22 discriminate in insurance and the workplace, and obtain information about individuals' medical histories.23 As genetic research and medical applications advance, the ability to associate genetic predisposition for disease to factors such as gender, self-identified race, or population group will likely increase. Although population-based research informs epidemiologic inquiry, concerns abound that genetic/genomic test information could be used inappropriately to stereotype or stigmatize individuals.

Variability in public knowledge and perspectives

There is wide variability in individual understanding about the role of genetics in health and disease, personal sensitivity regarding genetic/genomic test information, and feelings about genetics (e.g., ontological considerations based on genetic reductionism).

Impact on family

Genetic/genomic test information also has the potential to impact an individual's family members, as germline mutations (i.e., mutations contained in the sperm or egg that may be passed to offspring) may reveal information about medical risks to blood-relatives. Thus, an individual's decision to undergo a genetic/genomic test could reveal information that suggests risk to relations regarding the potential development of a chronic or debilitating disorder.

Temporality

Societal perspectives and the ability to interpret genetic/genomic test information will likely evolve over time, as will policies regarding the use of such information in health care decision-making. For example, a contemporary test that sequences a specific gene may yield insight into the risk of developing a particular disease. However, in time this sequence information may prove informative regarding different conditions and/or therapeutic responses. Given the exponential growth of the field of molecular diagnostics, the scope and ability to interpret test results will evolve rapidly. In parallel, increasing public awareness about the potential application of genetic/genomic information to health care decisions will influence perspectives regarding how to oversee this information.

Ubiquity and ease of procurement

Genetic material is easy to procure. DNA can be obtained from saliva, blood, hair, and other tissues that are deposited on a surface. Thus, an individual's genomic information can be readily obtained without his/her knowledge or permission.

The characteristics discussed here must be considered holistically when informing policy on the use of genetic/genomic test information in patient health records. Although a single characteristic may not support an argument for or against treating genetic/genomic test information as “exceptional,” the combined effect of these characteristics may influence matters of potential exceptionalism. An integrated framework should therefore be used to assess the full impact of policy alternatives.

POTENTIAL GENETIC EXCEPTIONALISM IN DATA ACCESS

This section addresses the issue of potential exceptionalism regarding access to genetic/genomic test information (e.g., the right to view the data) in the EHR. This discussion takes the view that if there is to be a system of limited access to certain sensitive data in the EHR, then genetic/genomic test information should be subject to the same limitations, at least for the immediate future. This will encourage genetic/genomic testing where it is medically indicated. It will necessarily require, however, discussions of the definition of “sensitive” information (e.g., any information that the patient views as sensitive or only certain data categories such as genetic/genomic information), technical implementation issues, transition processes to ensure adoption and adherence, adherence verification processes and penalties for potential noncompliance, and enabling patient control while ensuring that medical practitioners have appropriate access to needed information.

Genetic information generally does not require more protection than other information that patients may view as sensitive (e.g., HIV status, mental health, or drug abuse). Over time, social norms may evolve so that mental health or HIV status is no longer viewed as sensitive, and perspectives regarding genetic/genomic test information may likewise evolve. The issue therefore becomes one of policy regarding access to sensitive health information. Although some states have provisions that protect access to specific types of data in the EHR, and there are some narrowly tailored federal statutes that address this issue (e.g., in the context of substance abuse treatment records),24 there is currently no comprehensive Federal legislation that limits access to sensitive health data. Any efforts directed toward selective access to genetic/genomic test information should be combined with those for other sensitive data, creating a consistent policy that applies to all sensitive health information.

Data masking or controlled access provides a means for patients to control disclosure of select information within the EHR.11 Although genetic/genomic information is not intended to be treated uniquely with regard to data access policies, it should be considered as sensitive if the option for data masking of sensitive information becomes policy. Many countries that are establishing EHR systems, including the United Kingdom, Canada, Netherlands, and Denmark, are using or developing electronic methods for masking certain elements to prevent health care providers' access to certain types of sensitive information. Controlled access benefits the patient by empowering him or her to designate which health care providers have access to the masked information.25 However, masking information may negatively impact patient care. Withholding important information from physicians could interfere with accurate diagnosis and may lead to bad treatment decisions. Therefore, it is important that the provider at least know that some information has been masked so that he or she can request the information for a medically-relevant reason.

Data masking could also be an important tool to protect elements of patient privacy in required disclosure requests. At least 25 million times per year, individuals are compelled to sign authorizations to release their health records as a condition of employment, life insurance, or other application processes.26 In a controlled-access environment of selective fields, it will require that electronic methods for contextual access criteria be devised and adopted that mask sensitive information that is deemed irrelevant to the purpose of the request. Otherwise, some individuals may be dissuaded from undergoing genetic/genomic testing and seeking medical consultation that may be of great importance to their health management.

In addition to concerns that a patient may choose to mask data that are significant to his/her health care providers or other medical professionals, pragmatic considerations regarding the technical implementation and management of the authorization process must be addressed. For these reasons, there is currently no consensus regarding whether sensitive information should be permitted to be masked in the EHR. The debate on this issue should be one aspect of a broader discussion that encompasses all potentially sensitive information, including but not limited to genetic/genomic test information.

POTENTIAL GENETIC EXCEPTIONALISM IN PERMISSIBLE DATA USE

Genetic/genomic test information may also be exceptional with respect to permissible use (regardless of the right to access). Specific considerations should be made for protections: (1) against the misuse of genetic/genomic test data (e.g., discrimination), and (2) regarding the use of such data for research purposes (e.g., proper disclosure of the risk of personal identification and the need to prohibit data mining and aggregating techniques designed specifically to circumvent individual privacy protection).

When considering whether genetic/genomic test information can be used to discriminate in health insurance and employment decisions, the following characteristics of the information are most notable: it is predictive, immutable, historically misused, and normally requires testing to be carried out. A predisposition to develop a disease is distinct from the manifestation of a condition, yet the fear of discrimination has discouraged individuals from obtaining medically relevant and cost-effective predictive genetic/genomic tests. For these reasons, state and federal policies have been enacted to prevent discrimination based on genetic information.27,28

Large-scale genome analysis platforms have generated a wealth of data in the last 20 years, providing researchers with a greater quantity of genetic/genomic information than has been available at any point in history. However, given that an individual's genetic marker profile is as unique as his/her fingerprint, appropriate informed consent practices should be required for researchers to obtain genetic/genomic test information. Genetic/genomic information is exceptional relative to other sensitive medical information in this regard; it is possible that one inconsequential sequence with attached identity could be used to link identity to genetic information that the individual does not wish to disclose. Proper disclosure and informed consent can make individuals aware of this reidentification possibility before granting access.29 In the future, centralized databases that assimilate large volumes of clinical and genome sequence information may require additional protections, as data mining techniques that can assemble information about a specific individual can theoretically be used to circumvent privacy and confidentiality protections. Although an individual's medical genetic information may not in itself exhibit exceptional characteristics, given the ability to identify an individual using a limited number of markers, HIPAA privacy policies should be clarified to ensure that they protect genetic/genomic test information appropriately.

CONCLUSION

The inclusion of genetic/genomic information in the EHR will greatly impact personalized health care by informing disease risk determination, appropriate drug dosing, and the selection of effective treatment or preventive action. To realize the full potential of personalized medicine, however, policies must be implemented to protect the confidentiality, privacy, and security of genetic/genomic test information appropriately with regard to access and use. Genetic/genomic information features a series of attributes that must be carefully considered in the aggregate with regard to policy development. Genetic/genomic data should be afforded the same provisions as other sensitive health information with regard to potential restricted access in the EHR. Protection against potential discrimination based on genetic/genomic information must be ensured, and proper disclosures must also be made for the use of such data for research purposes. Attention to the issues raised by these discussions will help policy developers and health care professionals ensure that confidentiality, privacy, and security are appropriately maintained for genetic/genomic information contained in the EHR.