Privacy implications of 23andme
October 17, 2009 7:04 PM Subscribe
What are the privacy implications of ordering the 23andme DNA test?
I am quite interested in ordering a 23andme test. The only thing that is holding me back is a concern that I might be crossing a privacy boundary I will later regret. I've heard a lot of ominous things about 23andme's connection to Google, how it isn't covered by HIPAA, etc.
But on the other hand, as several people pointed out in a previous post of mine, my medical information is already all over the place. Also, given that anyone who can get me to produce a hair/saliva sample can access all my genetic information, it seems futile for me to try to keep this private. Does anyone have a differing assessment of this?
I am quite interested in ordering a 23andme test. The only thing that is holding me back is a concern that I might be crossing a privacy boundary I will later regret. I've heard a lot of ominous things about 23andme's connection to Google, how it isn't covered by HIPAA, etc.
But on the other hand, as several people pointed out in a previous post of mine, my medical information is already all over the place. Also, given that anyone who can get me to produce a hair/saliva sample can access all my genetic information, it seems futile for me to try to keep this private. Does anyone have a differing assessment of this?
Best answer: I can't tell you whether or not to get the test, but I can tell you several things:
- Right now, genetic testing is next to useless for insurance companies, even if they wanted to use the results to stratify applicants into high and low risk pools. We just don't know enough about the genotype-phenotype correlations to really make accurate assessments of how most SNPs will influence your health in the long term (with a very few notable exceptions).
- Even if you were to take your information and post it publicly, you would be afforded some protection by the Genetic Information Nondiscrimination Act (GINA). You can read a decent primer on GINA, or go straight to the GINA information for health-care providers, provided by the HHS. Note that GINA does not cover long-term care insurance, life insurance, and disability insurance.
- Some knowledgeable people believe the risk to be very low. George Church is heading the Personal Genomes Project, where an increasingly large group of individuals will be posting their complete genetic information and health histories online. This is intended to further research, but also show that genetic sequencing is nothing to fear. Others are a bit more cautious than Church and remain convinced that the insurance companies will manage to find a loophole and screw them anyway.
- 23andMe has a high incentive to keep your data private, and I'd expect their system to be at least as secure as say, a bank or brokerage firm, on a technical level. If they want to be a player in the burgeoning medical informatics field (and they do), your data will be well guarded and not used for nefarious purposes.
Personally, I wouldn't be worried about 23andMe, and would jump at the chance to get it done if it were less expensive. I'd still be a little hesitant to make my data completely public, as the PGP is doing.
posted by chrisamiller at 8:49 PM on October 17, 2009 [2 favorites]
- Right now, genetic testing is next to useless for insurance companies, even if they wanted to use the results to stratify applicants into high and low risk pools. We just don't know enough about the genotype-phenotype correlations to really make accurate assessments of how most SNPs will influence your health in the long term (with a very few notable exceptions).
- Even if you were to take your information and post it publicly, you would be afforded some protection by the Genetic Information Nondiscrimination Act (GINA). You can read a decent primer on GINA, or go straight to the GINA information for health-care providers, provided by the HHS. Note that GINA does not cover long-term care insurance, life insurance, and disability insurance.
- Some knowledgeable people believe the risk to be very low. George Church is heading the Personal Genomes Project, where an increasingly large group of individuals will be posting their complete genetic information and health histories online. This is intended to further research, but also show that genetic sequencing is nothing to fear. Others are a bit more cautious than Church and remain convinced that the insurance companies will manage to find a loophole and screw them anyway.
- 23andMe has a high incentive to keep your data private, and I'd expect their system to be at least as secure as say, a bank or brokerage firm, on a technical level. If they want to be a player in the burgeoning medical informatics field (and they do), your data will be well guarded and not used for nefarious purposes.
Personally, I wouldn't be worried about 23andMe, and would jump at the chance to get it done if it were less expensive. I'd still be a little hesitant to make my data completely public, as the PGP is doing.
posted by chrisamiller at 8:49 PM on October 17, 2009 [2 favorites]
This thread is closed to new comments.
Having said all of that, you can use a throw-away email address, a pre-paid VISA and a Mailboxes Etc box to get your kit, and your results are delivered online, so if this really concerns you, you do not need to be personally identifiable in any way.
posted by DarlingBri at 8:47 PM on October 17, 2009