The decision whether to undergo genetic testing is often highly personal and is usually prompted by a serious medical concern such as a family history of an inherited disease. Traditionally, such testing has been done in a medical setting by health care professionals, including genetic counsellors, who explain the science and ethics behind testing and help patients interpret the results.
Direct to consumer (DTC) genetic testing allows consumers, with as little effort as mailing a biological sample like saliva, to have their DNA analyzed by companies that promise to tell them if they are at risk for a particular disease.
Proponents suggest that DTC services increase access to genetic testing as well as confidentiality of the results, which can be kept out of an official health record. On the down side, the reliability and significance of the results may not match companies’ claims. Privacy-wise, giving extremely sensitive personal information, such as a DNA sample, to companies that to-date are largely unregulated carries a myriad of risks. In a health care setting, confidentiality of personal information and security of samples are subject to strict controls. On the Internet, it’s another story. How do companies safeguard the sample and test results? Is the information disclosed to any third parties? Some companies make ”de-identified” information available to third parties for research purposes, in which case how reliable is the de-identification? And what happens to personal information if the company is sold or folds?
The debate about DTC genetic testing heated up recently as the U.S. Federal Drug Administration focussed its attention on the increasing availability of such services and whether they need to be regulated. In the U.K., the Human Genetic Rights Commission just published voluntary guidelines for companies selling the tests, including guidance on data protection as well as consent, stating “Informed consent can only be provided when a consumer has received sufficient relevant information about the genetic test to enable them to understand the risks, benefits, limitations and implications (including the implications for purchasing insurance) of the genetic tests.” In the interests of informed consent, the Federal Trade Commission advises consumers to check the privacy policies of online companies to see how they use personal information and whether they share it with marketers.
Here in Canada, in 2008, the Canadian Medical Association’s (CMA) General Council passed a resolution calling for the CMA to develop policy to advise on the development of a national system to oversee, organize and access genetic testing in Canada. In May 2010, the CMA proposed a national Regulatory Framework for Direct-to-Consumer Clinical Genetic Tests as a tool to highlight issues raised by these tests as an advocacy tool.
As well, in a recent study funded by the OPC, researchers at the University of Alberta’s Health Law Institute analysed the privacy policies of 32 DTC genetic testing companies against the fair information principles that underpin Canada’ private sector privacy law, PIPEDA. Of the 32 company websites studied, fewer than half had privacy policies that addressed how biological samples and genetic test results are handled.
The report concludes with a list of privacy-related questions that consumers should consider before buying genetic tests over the Internet. “Consumers who seek answers to the questions – through careful review of company privacy policies and direct contact with companies – will be able to make a more informed choice about sending their personal information and genetic samples to a company.”
Admittedly, satisfying your curiosity about what health challenges may await you is very tempting. However, consumers should be aware that they may be getting more – and less – than they bargained for.