Several DNA databases run by the US National Institutes of Health (NIH) in Bethesda, Maryland, the Wellcome Trust in London and the Broad Institute in Cambridge, Massachusetts, were closed to public access last week after researchers showed it is possible to extract the supposedly confidential identities of the patients involved. The databases list the frequencies of small DNA variations called single nucleotide polymorphisms (SNPs) from patient groups.

In the August issue of PLoS Genetics, Nils Homer and his colleagues describe a method to mine individual SNP profiles from complex mixtures, even if the person's DNA is only 0.1% of the total. The method could be useful for ensuring patients are not listed twice when scientists combine data sets, as well as in forensic science.

The NIH has not identified any patient privacy violations, and points out that to identify a particular patient, one would need his or her genetic profile. Researchers will now have to apply for data access at the individual level, as they do for study data.