Diagnosing Mental Disorders from Internet Use

By Nathaniel Counts

We live in a time when increasingly our personal information is publicly available on the internet.  This personal information includes our names and phone numbers, things we’ve written and things we’ve done, along with a good deal of information that only exists because we interact with others on the internet – thoughts that we might not have otherwise externalized, or that we certainly would not have saved so that others could read.

If all of this information is publicly available, all of this information can be gathered.  Already advertisers analyze our behaviors to better target products to us.  It is not hard to imagine a not so distant future where the government analyzes this data to determine whether we have a DSM mental disorder.  By looking at the online behaviors of those already diagnosed – the way the syndrome affects their usage patterns, the sites they visit, and how they interact with others online – it is likely that one can find statistically significant usage patterns that can distinguish individuals with a diagnosis from those without.  The available data could then be mined to identify other individuals that exhibit the usage pattern and allow for presumptive diagnosis.

Continue reading

The AOL Babies: Our Healthcare Crisis in a Nut

By Nicolas Terry

Cross-posted from HealthLawProf Blog.
Where does one start with AOL CEO Armstrong’s ridiculous and unfeeling justifications for changes in his company’s 401(k) plan. Cable TV and Twitter came out of the blocks fast with the obvious critiques. And the outrage only increased after novelist Deanna Fei took to Slate to identify her daughter as one of the subjects of Armstrong’s implied criticism. Armstrong has now apologized and reversed his earlier decision.
As the corporate spin doctors contain the damage, Armstrong’s statements likely will recede from memory, although I am still hoping The Onion will memorialize Armstrong’s entry into the healthcare debate (suggested headline, “CEO Discovers Nation’s Healthcare Crisis Caused by 25 Ounce Baby”). But supposing (just supposing) your health law students ask about the story in class this week. What sort of journey can you take them on?

Big Week for Big Data

By Nicolas Terry

For privacy advocates the last week contained something of a gut-check when the UK’s splendidly descriptive Health and Social Care Information Centre announced something of a bonanza for big data companies; the NHS’s care.data program, here, will make anonymized clinical data broadly available to researchers and commercial interests with few limitations, here.

For once, however, the US attitude to the growing big data phenomenon has appeared more robust. Writing on the White House Blog, here, Presidential counselor John Podesta announced he will be leading “a comprehensive review of the way that ‘big data’ will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy.” Results are promised in 90 days.

For health lawyers, however, the most interesting recent development has been the FTC’s denial of LabMD’s motion to dismiss, here. The LabMD complaint involves the data security practices of a clinical testing laboratory. The FTC alleged “unfair . . . acts or practices” under Section 5(a)(1) of the FTC Act. One of LabMD’s arguments for dismissal was that the specific HIPAA and HITECH statutes dealing with the health privacy and security obligations of covered entities blocked the FTC from enforcing its more general authority. According to the FTC:

Nothing in HIPAA, HITECH… reflects a “clear and manifest” intent of Congress to restrict the Commission’s authority over allegedly “unfair” data security practices such as those at issue in this case. LabMD identifies no provision that creates a “clear repugnancy” with the FTC Act, nor any requirement in HIPAA or HITECH that is “clearly incompatible” with LabMD’s obligations under Section 5.

LabMD is an important development. I have argued at length, here, that big data activities outside of HIPAA-protected space have illustrated the gaps in data protection because of the manner in which the US has regulated discrete vertical industries. LabMD suggests that the FTC is prepared to fill in the gaps.

Pit Crews with Computers: Can Health Information Technology Fix Fragmented Care?

I recently posted this draft on SSRN. Feedback much appreciated. Here is the abstract:

Fragmentation and lack of coordination remain as some of the most intractable problems facing health care. Attention has often alighted on the promise of Health care Information Technology not least because IT has had such positive impact on many other personal, professional and industrial domains. For at least two decades the HIT-panacea narrative has been persistent even though the context has shifted. At various times we have been promised that patient safety technologies would solve our medical error problems, electronic transactions would simplify healthcare administration and insurance and clinical data would become interoperable courtesy of electronic medical records. Today the IoM is positioning HIT at the center of its new “continuously learning” health care model that is in large part aimed at solving our fragmentation and lack of coordination problems. While the consensus judgment that HIT can reduce fragmentation and increase coordination has intuitive force the specifics are more complicated. First, the relationship between health care and IT has been both culturally and financially complex. Second, HIT has been overhyped as a solution for all of health care’s woes; it has its own problems. Third, the HIT-fragmentation solution presents a chicken-and-egg problem — can HIT solve health care fragmentation and lack of coordination problems or must health care problems such as episodic care be solved prior to successful deployment of HIT? The article takes a critical look at both health care and HIT with those questions in mind before concluding with some admittedly difficult recommendations designed to break the chicken-and-egg deadlock.

NPT

PRIM&R 2013 Advancing Ethical Research conference report: Who is responsible for the body?

By Lauren A. Taylor, Coordinator for Health and Religion in the Global Context, Harvard Divinity School and co-author of The American Health Care Paradox: Why Spending More Is Getting Us Less(PublicAffairs, 2013).

Who is responsible for the stewardship of the body? What about the body’s tissue? Or its blood? While many people suggest that each individual owns their own bodies, these questions can become considerably more complicated when viewed through the lens of a bio-banking effort. When blood and tissues are “inside” or “part of” our body, it may appear clear, but once removed from the larger whole, the question of ownership can become substantially more challenging. One of Wednesday’s pre-conference programs explored these issues in considerable depth, featuring perspectives from a range of relevant actors.

Continue reading

Disruptive Innovation and the Rise of the Retail Clinic

By Michael Young

The Association of American Medical Colleges (AAMC) projects that by 2025 the United States will face a shortage of 130,600 physicians, representing a near 18-fold increase from the deficit of 7,400 physicians in 2008.  The widening gap between physician supply and demand has grown out of a complex interplay of legal, political, and social factors, including a progressively aging population, Congressionally mandated caps on the number of Medicare-funded residency slots and funding for graduate medical education, and waning interest among medical school graduates in pursuing careers in primary care.

These issues generate unprecedented opportunities for healthcare innovators and entrepreneurs to design solutions that can effectively address widening disparities between healthcare supply and demand, particularly within vulnerable and underserved areas.

Continue reading

Art Caplan on social media and medical privacy

Art Caplan has a new piece at NBCNews.com. In “Is your doctor spying on your tweets? Social media raises medical privacy questions,” Caplan argues:

Presuming doctors, their helpers or your neighbors are going to look, ethical standards or not, shouldn’t patients be told if someone does? I think so. I think the transplant candidate had the right to know that he tweeted himself right out of a shot at a liver transplant. And you need to realize that information you put up on social media sites may wind up being used by your doctor, hospital, psychologist, school nurse or drug counselor.

Right now there are no rules or even suggestions to guide doctor-patient relationships over the Internet. Both now have new ways to look at one another outside the office or exam room. If they are going to continue to trust one another then we need to recalculate existing notions of medical privacy and confidentiality to fit an Internet world where there is not much of either.

For more, check out the full piece.

Is Turkey’s Health Systems Reform as Successful as It Sounds?

In July, the Lancet covered Turkey’s development and implementation of universal health coverage extensively in an article and in supplementary comments. The main article, written by those who are directly involved in the development of the health systems reform (including the former Health Minister), presents a success story. Within Turkey, however, the success of the reform has been disputed. Two points in particular are being repeated by the Turkish Medical Association (TTB), doctors, and journalists: the negative effects of the reform on (1) the quality of health care personnel and (2) privacy.

Continue reading

Ethical Concerns, Conduct and Public Policy for Re-Identification and De-identification Practice: Part 3 (Re-Identification Symposium)

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science of Re-Identification Demonstrations. Background on the symposium is here. You can call up all of the symposium contributions by clicking here. —MM

By Daniel C. Barth-Jones

In Part 1, and Part 2 of this symposium contribution I wrote about a number of re-identification demonstrations and their reporting, both by the popular press and in scientific communications. However, even beyond the ethical considerations that I’ve raised about the accuracy of some of these communications, there are additional ethical, “scientific ethos”, and pragmatic public policy considerations involved in the conduct of re-identification research and de-identification practice that warrant some more thorough discussion and debate.

First Do No Harm

Unless we believe that the ends always justify the means, even obtaining useful results for guiding public policy (as was the case with the PGP demonstration attack’s validation of “perfect population register” issues) doesn’t necessarily mean that the conduct of re-identification research is on solid ethical footing. Yaniv Erlich’s admonition in his “A Short Ethical Manifesto for the Privacy Researcher blog post contributed as part of this symposium provides this wise advice: “Do no harm to the individuals in your study. If you can prove your point by a simulation on artificial data – do it.” This is very sound ethical advice in my opinion. I would argue that the re-identification risks for those individuals in the PGP study who had supplied 5-digit Zip Code and full date of birth were already understood to be unacceptably high (if these persons were concerned about being identified) and that no additional research whatsoever was needed to demonstrate this point. However, if additional arguments needed to be made about the precise levels of the risks, this could have been adequately addressed through the use of probability models. I’d also argue that “data intrusion scenario” uncertainty analyses which I discussed in Part 1 of this symposium contribution already accurately predicted the very small re-identification risks found for the sort of journalist and “nosy neighbor” attacks directed at the Washington hospital data. When strong probabilistic arguments can be made regarding potential re-identification risks, there is little possible purpose for undertaking actual re-identifications that can impact specific persons.

Looking more broadly, it seems more reasonably debatable whether the earlier January re-identification attacks by the Erlich lab on the CEPH – Utah Residents with Northern and Western European Ancestry (CEU) participants could have been warranted by virtue of the attack having exposed a previously underappreciated risk. However, I think an argument could likely be made that, given the prior work by Gitschier which had already revealed the re-identification vulnerabilities of CEU participants, the CEU portion of the Science paper also might not have served any additional purpose in directly advancing the science needed for development of good public policy. Without the CEU re-identifications though, it is unclear whether the surname inference paper would have been published (at least by a prominent journal like Science) and it also seems quite unlikely that it would have sustained nearly the level of media attention.

Continue reading

Press and Reporting Considerations for Recent Re-Identification Demonstration Attacks: Part 2 (Re-Identification Symposium)

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science of Re-Identification Demonstrations. Background on the symposium is here. You can call up all of the symposium contributions by clicking here. —MM

Daniel C. Barth-Jones, M.P.H., Ph.D., is a HIV and infectious disease epidemiologist.  His work in the area of statistical disclosure control and implementation under the HIPAA Privacy Rule provisions for de-identification is focused on the importance of properly balancing competing goals of protecting patient privacy and preserving the accuracy of scientific research and statistical analyses conducted with de-identified data. You can follow him on Twitter at @dbarthjones.

Forecast for Re-identification: Media Storms Continue…

In Part 1 of this symposium contribution, I wrote about the re-identification “media storm” started in January by the Erlich lab’s “Y-STR” re-identifications which made use of the relationship between Short Tandem Repeats (STRs) on the Y chromosome and paternally inherited surnames. Within months of that attack, April and June brought additional re-identification media storms; this time surrounding re-identification of Personal Genome Project (PGP) participants and a separate attack matching 40 persons within the Washington State hospital discharge database to news reports. However, as I have written has sometimes been the case with past reporting on other re-identification risks, accurate and legitimate characterization of re-identification risks has, unfortunately, once again been over-shadowed by distortive and exaggerated reporting on some aspects of these re-identification attacks. Unfortunately, a careful review of both the popular press coverage and scientific communications for these recent re-identification demonstrations displays some highly misleading communications, the most egregious of which incorrectly informs more than 112 million persons (more than one third of the U.S. population) that they are at potential risk of re-identification when they would not actually be unique and, therefore, re-identifiable. While each separate reporting concern that I’ve addressed here is important in and of itself, the broader pattern that can be observed for these communications about re-identification demonstrations raises some serious concerns about the impact that such distortive reporting could have on the development of sound and prudent public policy for the use of de-identified data.

Reporting Fail (and after-Fails)

University of Arizona law professor Jane Yakowitz Bambauer was the first to call out the distortive “reporting fail” for the PGP “re-identifications” in her blog post on the Harvard Law School Info/Law website. Bambauer pointed out that a Forbes article (written by Adam Tanner, a fellow at Harvard University’s Department of Government, and colleague of the re-identification scientist) covering the PGP re-identification demonstration was misleading with regard to a number of aspects of the actual research report released by Harvard’s Data Privacy Lab. The PGP re-identification study attempted to re-identify 579 persons in the PGP study by linking their “quasi-identifiers” {5-digit Zip Code, date of birth and gender} to both voter registration lists and an online public records database. The Forbes article led with the statement that “more than 40% of a sample of anonymous participants” had been re-identified. (This dubious claim was also repeated in subsequent reporting by the same author in spite of Bambauer’s “call out” of the inaccuracy explained below.) However, the mischaracterization of this data as “anonymous” really should not have fooled anyone beyond the most casual readers. In fact, approximately 80 individuals among the 579 were “re-identified” only because they had their actual names included within file names of the publically available PGP data. Some two dozen additional persons had their names embedded within the PGP file names, but were also “re-identifiable” by matching to voter and online public records data. Bambauer points out that the inclusion of the named individuals was “not relevant to an assessment of re-identification risk because the participants were not de-identified,” and quite correctly adds that “Including these participants in the re-identification number inflates both the re-identification risk and the accuracy rate.

As one observer humorously tweeted after reading Bambauer’s blog piece,

It’s like claiming you “reidentified” people from their high school yearbook”.

Continue reading

Dov Fox on Genetics and “The End of Family Secrets”

Bill of Health blogger Dov Fox was featured in a recent National Geographic article on genetics and genealogy.

Dov Fox, an assistant professor of law at the University of San Diego who specializes in genetic and bioethical issues, told me that it’s only a matter of time before genetic genealogy leads to lawsuits regarding fidelity, paternity, and inheritance. But it’s unclear, for now, how the law will handle those cases.

Here in the U.S., there aren’t any federal privacy statutes that would apply, Fox says. The U.S. Genetic Information Nondiscrimination Act (GINA), passed in 2008, says that health insurers and employers cannot use an individual’s genetic information to deny medical coverage or to make employment decisions. But genetic genealogy doesn’t have anything to do with medical risks. That means lawyers will have to get creative in how they present their cases.

“What happens often with advances in science and technology is that we try to shoehorn new advances into ill-fitting existing statutes,” Fox says. So genetic genealogy cases might hinge upon laws originally written for blackmail, libel, or even peeping Tom violations.

For more, read the full article here.

Big Data Proxies and Health Privacy Exceptionalism

By Nicolas Terry

I have posted Big Data Proxies and Health Privacy Exceptionalism. The article argues that, while “small data” rules protect conventional health care data (doing so exceptionally, if not exceptionally well), big data facilitates the creation of health data proxies that are relatively unprotected. As a result, the carefully constructed, appropriate, and necessary model of health data privacy will be eroded. Proxy data created outside the traditional space protected by extant health privacy models will end exceptionalism, reducing data protection to the very low levels applied to most other types of data. The article examines big data and its relationship with health care, including the data pools in play, and pays particular attention to three types of big data that lead to health proxies: “laundered” HIPAA data, patient-curated data, and medically-inflected data. It then reexamines health privacy exceptionalism across legislative and regulatory domains seeking to understand its level of “stickiness” when faced with big data. Finally the article examines some of the claims for big data in the health care space, taking the position that while increased data liquidity and big data processing may be good for health care they are less likely to benefit health privacy.

Of Data Challenges

Cross-posted from the HealthLawProfs blog.

Challenges designed to spur innovative uses of data are springing up frequently. These are contests, sponsored by a mix of government agencies, industry, foundations, a variety of not-for-profit groups, or even individuals. They offer prize money or other incentives for people or teams to come up with solutions to a wide range of problems. In addition to grand prizes, they often offer many smaller prizes or networking opportunities. The latest such challenge to come to my attention was announced August 19 by the Knight Foundation: $2 million for answers to the question “how can we harnass data and information for the health of communities?” Companion prizes, of up to $200,000, are also being offered by the Robert Wood Johnson Foundation and the California Healthcare Foundation.

Such challenges are also a favorite of the Obama administration. From promoting Obamacare among younger Americans (over 100 prizes of up to $30,000)–now entered by Karl Rove’s Crossroads group–to arms control and identification of sewer overflows, the federal government has gone in for challenges big time. Check out challenge.gov to see the impressive list. Use of information and technological innovation feature prominently in the challenges, but there is also a challenge for “innovative communications strategies to target individuals who experience high levels of involuntary breaks (“churn”) in health insurance coverage” (from SAMHSA), a challenge to design posters to educate kids about concussions (from CDC), a challenge to develop a robot that can retrieve samples (from NASA), and a challenge to use technology for atrocity prevention (from USAID and Humanity United). All in all, some 285 challenges sponsored by the federal government are currently active, although for some the submission period has closed. Continue reading

Good News for HIV Prevention Policy: Syringe Access Update

By Scott Burris

In documenting how often public health law research does influence legislation, I’ve used syringe exchange programs as an example of evidence NOT guiding policy.  Despite the consensus in health research that increasing access to sterile syringes has helped reduce HIV, state drug paraphernalia laws, and pharmacy regulations remain a barrier, as does the lack of strong and stable funding for the programs that are working.  The case was just made again in an article in the Annals of Health Law. Rachel Hulkower and Leslie Wolf retell the story of the federal funding ban, going over the evidence yet again, and argue that state inaction would best be overcome with money: replacing the federal ban with a positive endorsement and real funding.  (As long as we are in an optimistic mood, I would add strings – no HIV funding for states that don’t remove legal barriers to syringe access.  This would balance the scales a bit for Congress’ past sin in requiring state recipients of HIV funds to provide for criminalization of exposure and transmission.)

But today I type to tell a happier story. This summer, the state of Nevada passed a statute authorizing syringe exchange and pharmacy sales.  There are now 16 jurisdictions whose laws explicitly authorize syringe exchange programs (CA, CO, CT, DC, DE, HI, MA, MD, ME, NJ, NM, NV, NY, RI, VT, WA) and the number of states that require a prescription for retail purchase without exception has dwindled to ONE (Chris Christie’s New Jersey – Delaware, the other hold out, changed its law this year.)  But the important thing is not the next halting steps in this slow trend, but the quality of Nevada’s legal contribution.  This is going to get a little bit wonky in parts, but let me just take you on a quick tour of this marvelous statute, which drew from a model created several years ago by the Canadian HIV/AIDS Legal Network.

Continue reading

Dov Fox on the Future of Genetic Privacy

Bill of Health contributor Dov Fox has a new op-ed at the Huffington Post on “junk” DNA and the future of genetic privacy in the aftermath of the Supreme Court’s ruling, in Maryland v. King, that police may collect DNA from people under arrest. Fox argues,

The next great controversy over forensic DNA won’t have anything to do with whether police can test “junk” DNA from people whose identity they already know. It will be about whether police can look “more broadly” at the “other stuff” that genetic information can reveal from people who aren’t yet known to them. That our DNA could serve as an eyewitness has powerful implications, beyond individual privacy, for the pervasive role of race in the investigation of crime.

Read the full piece here.

Art Caplan on the NIH’s Agreement Regarding Control of Henrietta Lacks’ Cells

Art Caplan has a new opinion piece up at nbcnews.com on the longstanding controversy over the use of the cells of Henrietta Lacks, a poor African American woman who died of cervical cancer in 1951, for research that has generated billions of dollars through scientific research over more than six decades. This research was conducted without Lacks’ or her family’s consent. According to a new NIH agreement with the Lacks family:

Lack’s genome data will be accessible only to those who apply for and are granted permission. And two representatives of the Lacks family will serve on the NIH group responsible for reviewing biomedical researchers’ applications for controlled access to HeLa cells. Additionally, any researcher who uses that data will be asked to include an acknowledgement to the Lacks family in their publications.

The new understanding between the NIH and the Lacks family does not include any financial compensation for the family. The Lacks family hasn’t, and won’t, see a dime of the profits that came from the findings generated by HeLa cells. But this is a moral and ethical victory for a family long excluded from any acknowledgment and involvement in genetic research their matriarch made possible.

Read the full article here.

Science, Art, Policy, and the Importance of Good Science Communication

Although I promised that I was done commenting on the artist-cum-policy wonk who claims to make 3-D “masks” of unknown individuals from their discarded DNA, Matthew Herper of Forbes has taken the criticisms of her (and the media covering her project) articulated by me and others directly to the artist. I confess that her response does not make me feel any better. Even if you’re “only” engaging in art, it seems to me that when that art has an obvious science policy message — indeed, one that you invite — you have some obligation to be clear about how “speculative,” as she puts it, your art is. But when you decide to move from the world of art into the world of science, and to start leading policy discussions based on your speculative art and working with forensic examiners? Then you really have a strong duty to be very clear about what your work can and cannot do. That means, among other things, taking care when talking with the media, and correcting the media if they get it wrong.

Yesterday, the Social Science Genetic Association Consortium, an international consortium that pools and conducts social science research on existing genome-wide association study (GWAS) data, and on whose Advisory Board I sit, published (online ahead of print) the results of its first study in Science. That paper — “GWAS of 126,559 Individuals Identifies Genetic Variants Associated with Educational Attainment” (plus supplemental data) — like much human genetics research, has the potential to be misinterpreted in the lay, policy, and even science worlds. That’s why, in addition to taking care to accurately describe the results in the paper itself, including announcing the small effect sizes of the replicated SNPs in the abstract, being willing to talk to the media (many scientists are not), and engaging in increasingly important “post-publication peer review” conversations on Twitter (yes, really) and elsewhere — we put together this FAQ of what the study does — and, just as important, does not — show. So far, our efforts have been rewarded with responsible journalism that helps keep the study’s limits in the foreground. Perhaps the DNA artist should consider issuing a similar FAQ with her speculative art.

Public Policy Considerations for Recent Re-Identification Demonstration Attacks on Genomic Data Sets: Part 1 (Re-Identification Symposium)

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science and Re-Identification Demonstrations. We’ll have more contributions throughout the week. Background on the symposium is here. You can call up all of the symposium contributions by clicking here. —MM

Daniel C. Barth-Jones, M.P.H., Ph.D., is a HIV and Infectious Disease Epidemiologist.  His work in the area of statistical disclosure control and implementation under the HIPAA Privacy Rule provisions for de-identification is focused on the importance of properly balancing competing goals of protecting patient privacy and preserving the accuracy of scientific research and statistical analyses conducted with de-identified data. You can follow him on Twitter at @dbarthjones.

Re-identification Rain-makers

The media’s “re-identification rain-makers” have been hard at work in 2013 ceremoniously drumming up the latest anxiety-inducing media storms. In January, a new re-identification attack providing “surname inferences” from genomic data was unveiled and the popular press and bloggers thundered, rattled and raged with headlines ranging from the more staid and trusted voices of major newspapers (like the Wall Street Journal’s: “A Little Digging Unmasks DNA Donor Names. Experts Identify People by Matching Y-Chromosome Markers to Genealogy Sites, Obits; Researchers’ Privacy Promises ‘Empty’”) to near “the-sky-is-falling” hysteria in the blogosphere where headlines screamed: “Your Biggest Genetic Secrets Can Now Be Hacked, Stolen, and Used for Target Marketing” and “DNA hack could make medical privacy impossible”. (Now, we all know that editors will sometimes write sensational headlines in order to draw in readers, but I have to just say “Please, Editors… Take a deep breath and maybe a Xanax”.)

The more complicated reality is that, while this recent re-identification demonstration provided some important warning signals for future potential health privacy concerns, it was not likely to have been implemented by anyone other than an academic re-identification scientist; nor would it have been nearly so successful if it had not carefully selected targets who were particularly susceptible for re-identification.

As I’ve written elsewhere, from a public policy standpoint, it is essential that the re-identification scientists and the media accurately communicate re-identification risk research; because public opinion should, and does, play an important role in setting priorities for policy-makers. There is no “free lunch”. Considerable costs come with incorrectly evaluating the true risks of re-identification, because de-identification practice importantly impacts the scientific accuracy and quality of the healthcare decisions made based on research using de-identified data. Properly balancing disclosure risks and statistical accuracy is crucial because some popular de-identification methods can unnecessarily, and often undetectably, degrade the accuracy of de-identified data for multivariate statistical analyses. Poorly conducted de-identification may fail to protect privacy, and the overuse of de-identification methods in cases where they do not produce meaningful privacy protections can quickly lead to undetected and life threatening distortions in research and produce damaging health policy decisions.

So, what is the realistic magnitude of re-identification risk posed by the “Y-STR” surname inference re-identification attack methods developed by Yaniv Erlich’s lab? Should *everyone* really be fearful that this “DNA Hack” has now made their “medical privacy impossible”? Continue reading

An Open Letter From a Genomic Altruist to a Genomic Extrovert (Re-Identification Symposium)

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science of Re-Identification Demonstrations. You can call up all of the symposium contributions here. We’ll continue to post contributions throughout the week. —MM

Dear Misha:

In your open letter to me, you write:

No one is asking you to be silent, blasé or happy about being cloned (your clone, however, tells me she is “totally psyched”).

First things first: I have an ever-growing list of things I wish I had done differently in life, so let me know when my clone has learned how to read, and I’ll send it on over; perhaps her path in life will be sufficiently similar to mine that she’ll benefit from at least a few items on the list.

Moving on to substance, here’s the thing: some people did say that PGP participants have no right to complain about being re-identified (and, by logical extension, about any of the other risks we assumed, including the risk of being cloned). It was my intention, in that post, to articulate and respond to three arguments that I’ve encountered, each of which suggests that re-identification demonstrations raise few or no ethical issues, at least in certain cases. To review, those arguments are:

  1. Participants who are warned by data holders of the risk of re-identification thereby consent to be re-identified by third parties.
  2. Participants who agree to provide data in an open access format for anyone to do with it whatever they like thereby gave blanket consent that necessarily included consent to using their data (combined with other data) to re-identify them.
  3. Re-identification is benign in the hands of scholars, as opposed to commercial or criminal actors.

I feel confident in rejecting the first and third arguments. (As you’ll see from the comments I left on your post, however, I struggled, and continue to struggle, with how to respond to the second argument; Madeleine also has some great thoughts.) Note, however, two things. First, none of my responses to these arguments was meant to suggest that I or anyone else had been “sold a bill of goods” by the PGP. I’m sorry that I must have written my post in such a way that it leant itself to that interpretation. All I intended to say was that, in acknowledging the PGP’s warning that re-identification by third parties is possible, participants did not give third parties permission to re-identify them. I was addressing the relationship between re-identification researchers and data providers more than that between data providers and data holders.

Second, even as to re-identification researchers, it doesn’t follow from my rejection of these three arguments that re-identification demonstrations are necessarily unethical, even when conducted without participant consent. Exploring that question is the aim, in part, of my next post. What I tried to do in the first post was clear some brush and push back against the idea that under the PGP model — a model that I think we both would like to see expand — participants have given permission to be re-identified, “end of [ethical] story.” Continue reading

DNA Art

According to an article in the NYT, an artist has collected DNA samples from litter on sidewalks, such as chewing gum and cigarette butts, and used those samples to extract and sequence DNA that she then used to make computer models of their owners’ faces. She then printed 3-D masks that she is showing at her upcoming exhibit called Stranger Visions. The artist hopes her exhibit will spark a dialogue over genetic surveillance.

The NYT article explains that

[w]hile staring at the wall of her therapist’s office, the artist Heather Dewey-Hagborg noticed a strand of hair stuck in a hanging print. Walking home, she noticed that the subways and sidewalks were littered with genetic material on things like chewing gum and cigarette butts, some still moist with saliva. Curious about what she could learn, Ms. Dewey-Hagborg began to extract and sequence DNA from these discarded materials. Then — and here it gets a little eerie — she began to make computer models of their owners’ faces, using genetic clues to print 3-D masks that she concedes “might look more like a possible cousin than a spitting image.” Hanging these portraits along with the original samples, she says, is “a provocation designed to spur a cultural dialogue about genetic surveillance.” After the June exhibitions, Ms. Dewey-Hagborg will show her work early next year at the New York Public Library. She has also collaborated on a tongue-in-cheek project called DNA spoofing, which purports to offer ordinary people some techniques to avoid detection by scrambling their genetic material.

Talk and exhibition at Genspace in Brooklyn on June 13. Exhibition at QF Gallery in East Hampton, N.Y., opens June 29.

[Cross-posted from HealthLawProf Blog]