Content uploaded by Peter A Chow-White
Author content
All content in this area was uploaded by Peter A Chow-White on Mar 15, 2016
Content may be subject to copyright.
ORIGINAL PAPER
From the bench to the bedside in the big data age: ethics
and practices of consent and privacy for clinical genomics
and personalized medicine
Peter A. Chow-White
1
•Maggie MacAulay
1
•Anita Charters
1
•Paulina Chow
2
Published online: 1 August 2015
Springer Science+Business Media Dordrecht 2015
Abstract Scientists and clinicians are starting to translate
genomic discoveries from research labs to the clinical
setting. In the process, big data genomic technologies are
both a risk to individual privacy and a benefit to person-
alized medicine. There is an opportunity to address the
social and ethical demands of various stakeholders and
shape the adoption of diagnostic genome technologies. We
discuss ethical and practical issues associated with the
networking of genomics by comparing how the European
Union (EU) and North America understand and practice
notions of privacy and consent in research. An overview of
international policy suggests the embedding of genomics
within digital networks and the Internet creates conditions
that challenge the management of privacy and consent in
the age of big data. The risks of re-identification, infor-
mational harms, and data security vulnerabilities are issues
that need to be better addressed in the clinical setting to
reconcile the unpredictable pathway of research and prac-
tice in the networked information society.
Keywords Clinical genomics Big data Internet
Privacy Informed consent Policy Personalized
medicine
Abbreviations
ACMG American College of Medical Genetics and
Genomics
CalGINA California Genetic Information
Nondiscrimination Act (2012)
CLIA US Clinical Laboratory Improvements Act
(1988)
CMA Canadian Medical Association
CMS US Centers for Medicare and Medicaid
Services
DNA Deoxyribonucleic acid
DTC Direct-to-consumer
FDA US Food and Drug Administration
GE
3
LS Genomics and its related Ethical,
Environmental, Economic, Legal, and Social
aspects
GINA US Genetic Information Nondiscrimination
Act (2008)
GWAS Genome-Wide Association Studies
HHS US Department of Health and Human Services
HIPAA US Health Insurance Portability
Accountability Act (1996)
ISP Internet Service Provider
IVD In-vitro diagnostics
LDT Laboratory-developed test
NHS UK National Health Service
NIH US National Institute for Health
PGS 23andMe’s proprietary Personal Genomics
Service
PHG Public Health Genomics (UK)
PIPEDA Canada’s Personal Information Protection and
Electronic Documents Act (2000)
SACHRP US Secretary Advisory Committee on Human
Research Protections
UNESCO United Nations Educational, Scientific and
Cultural Organization
WGS Whole Genome Sequencing
&Peter A. Chow-White
petercw@sfu.ca
1
Simon Fraser University, Vancouver, Canada
2
University of Southern California, Los Angeles, CA, USA
123
Ethics Inf Technol (2015) 17:189–200
DOI 10.1007/s10676-015-9373-x
Background
Genome science is shifting from research labs and bio-
banks to the clinical setting where doctors can use the
information from an individual’s DNA for clinical deci-
sion-making and treatment. Big data such as sequencers
and DNA databases facilitate new insights into the human
genome, enabling scientists to innovate genomic diagnostic
technologies for clinical decision-making. While informa-
tion technologies offer enormous benefits for health care,
they also present new issues and potential risks that chal-
lenge clinicians, scientists, and policy makers to re-con-
sider common practices of clinical work.
One of the main issues scientists faced over the last
decade in genomics is how to preserve privacy in the
digital age. Traditionally, researchers and clinicians have
relied on anonymization and informed consent as well as
using locked storage facilities as important safeguards to
protect the privacy of individuals. Today, digital databases
of genomic information function as an efficient infras-
tructure that brings a corresponding set of big data
opportunities and risks (McEwen et al. 2013). Genomic big
data data is uniquely identifiable and has the potential to
not only reveal information about the present and future
health status of an individual but also her family members,
creating a new category of familial network privacy con-
cern (ACMG Board of Directors 2013). Shifting privacy
norms also complicate this issue, with some data released
to the public (such as the Personal Genomes Project) in the
name of citizen science. These practices build the infras-
tructure for a data environment (Heeney et al. 2010) that
functions as a network of personal, private, and social
information that can be mined by unknown third parties
ranging from scientists to marketers to information com-
panies such as Google (Chow-White and Duster 2011).
The expansion of databases and the Internet as a global
communication network that traverses the borders of any
national jurisdiction has also posed a series of challenges
for conducting ethical genomic research. The era of big
data means that genomic information circulates through
networked communication systems where ensuring
responsible use of the data is difficult and stakeholders
need to revisit protocols regularly. A person’s genome
information can be copied indefinitely and travel through a
multitude of databases and communication contexts on a
global scale. If identifiable genome data is released into
networks, it is very difficult to regain privacy. It is virtually
impossible to recall it, to know who has accessed it and
holding it, and what purposes they are using it for (El
Emam et al. 2011).
This networking of genomic information has also altered
the nature of risk due to potential for physical harm
resulting from involvement in the research process. Risks
are now informational (Kaye et al. 2009). This now
includes the possibility of unauthorized disclosure of dig-
ital data to secondary parties that could facilitate social
harms such as discrimination. Consequently, big data
innovations have made it difficult for researchers to fully
articulate all of the potential risks, benefits, and uses of
genomic data to participants during the consent process
Wjst (2010). The combination of networked communica-
tion and genomic big data has disrupted the ability of
researchers and clinicians to guarantee privacy. Clinicians,
lab technicians, and administrators are going to face the
same challenges, but in a different institutional context. In
anticipation of this expansion of genome science into
clinical genomics, a number of organizations, professional
associations, and government initiatives have made rec-
ommendations for policies and practices to understand the
risks and facilitate the public benefits of whole genome
sequencing (WGS) (Presidential Commission for the Study
of Bioethical Issues 2012; Wright et al. 2011). However,
most stakeholder discussions fail to address the role of the
Internet and information technologies. We aim to address
this shortcoming.
This purpose of this paper is to explore emerging issues
of consent and privacy in personalized medicine where
genomic big data technologies are embedded within the
infrastructure of information technologies (such as the
Internet). Our motivation is scholarly and also practical. As
science and technology studies scholars have shown, when
a new technology moves from a small group of innovators
to another context, in this case a population wide health
care system, and a wider set of stakeholders and users, such
as patients and clinicians, new issues and practices arise
(Hackett et al. 2007). We are working with collaborators
(including scientists and clinicians) on a three-year clinical
genomics project in British Columbia, Canada. In our
GE
3
LS (genomics and its related ethical, environmental,
economic, legal, and social aspects) sub-project, we are
investigating issues in informed consent and privacy in the
clinical setting with a goal of understanding best practices
for clinical genomics in the health care system. We are
trying to understand how to shape the adoption of diag-
nostic genomic technologies to be practically useful while
accommodating the social and ethical demands of various
stakeholders in the clinical context. Understanding how
informed consent and privacy have been negotiated in
different international contexts and bringing the Internet
and digital culture into the center of this discussion is a
starting point for this endeavour. There is a lot at stake for
clinical genomics.
If the promises of clinical genomics for personalized or
precision medicine come to fruition, then genomics will be
190 P. A. Chow-White et al.
123
a disruptive technology Rogers (2003) with wide reaching
impacts on health care delivery. By comparison, the
Internet is also a disruptive technology that has deeply
impacted arguably every social institution and transformed
the way we operate our institutions and organize our daily
lives. The blending of genomics with Internet technologies
has created risk for individuals because of advances in
computer algorithms and sophisticated database linking
technologies that can facilitate re-identification (Kaye et al.
2009; Narayanan and Shmatikov 2006). Clinical genomics
is developing in this new communication context yet is
being governed by laws that were written in a time when
these informational vulnerabilities had not yet surfaced.
The early days of clinical genomics present an oppor-
tunity to shape this new technology as practitioners adopt it
within the health care system and identify new issues and
concerns for safeguarding private genomic information.
Discussions about international policy in genomics have
focused on negotiating privacy and consent in population
biobanks and, primarily, the research setting (Caulfield
et al. 2003). The literature discussing information tech-
nologies within the context of genomics tends to emphasize
the benefits of new information technologies in helping to
maintain contact with patients and preserve the spirit of
informed consent and privacy in a digital form (McGuire
and Beskow 2010). While the Internet can certainly enable
more on-going communication between researchers and
patients, the digitization of DNA information has enabled
more users to access any publicly released genomic data.
Further, public genomic information can be re-analyzed for
purposes that may not be covered in consent forms.
Recently, scholars (Kaye 2012; Greenbaum et al. 2011)
have explored such scenarios, providing examples of cur-
rent technical and policy safeguards in place to preserve
ethical conduct in research while also addressing the limits
of privacy with DNA data in a networked environment.
Our article aims to further this discussion of privacy and
consent against the backdrop of policies in the EU and
North America while addressing emerging issues related to
information technologies and their use in clinical
genomics.
Discussion
Clinical genomics and informed consent
Understanding how genomic research has negotiated issues
related to privacy, consent, and security are important for
establishing best practices for the handling of genomic data
in clinics and hospitals. In the genomic information age,
anonymity and informed consent remain the twin pillars of
ethical research and require careful attention. Here, we
describe some challenges in the research setting that should
inform the implementation of networked genomic tech-
nologies in the clinical context.
Different national definitions: challenges
for informed consent
In the research context, informed consent sets the legal and
ethical standard for all research on human subjects. This
document is the primary conversation between the
researcher and the participant about the nature of the
research, how their information or samples will be man-
aged, and personal information protected. The Internet can
help enhance patient choice and scientific accountability by
enabling symmetrical flows of information and communi-
cation between stakeholders. However, the potential risks
and benefits of genomic research beyond the scope of a
research study have been insufficiently addressed in policy
discussions.
Researchers have suggested that informed consent
forms, for example, ought to go beyond describing phys-
ical harms by also including discussion about the role of
the Internet in managing participant information and the
risks of the release of personal health information (PHI)
through re-identification (Wjst 2010; Homer et al. 2008).
A further risk is samples from one jurisdiction being
digitized and travelling the network to reside in databases
under another jurisdiction, where data definitions may
differ. One challenge for clinical genomics will be rec-
onciling the competing definitions of data that underpin
traditional research. The United Nations Educational,
Scientific and Cultural Organization (UNESCO), for
example, defines data as either identified (contains per-
sonal information), reidentifiable, or de-identified (2003).
The EU defines samples as either anonymous (only in the
case of archaeological samples), unlinked anonymized,
linked anonymized, coded or identified. In the US and
most of Canada, ‘‘anonymous’’ samples are those col-
lected without identifiers, making anonymous the EU
equivalent of unlinked anonymized (Elger and Caplan
2006). Identifiable or coded or traceable samples (equiv-
alent to linked anonymized in the EU) are unidentified for
research purposes, but can be linked back through the use
of an access-restricted code. In the US, the 2003 Health
Insurance Portability and Accountability Act’s (HIPAA)
Privacy Rule classifies data as de-identified either through
the ‘‘Expert Determination’’ method or through the ‘‘Safe
Harbor’’ approach (U.S. Department of Health & Human
Services n.d). While the Privacy Rule does not cover de-
identified data, the Common Rule (see below) covers
coded information as indirectly identifiable data. Clearly,
different regulatory bodies use different standards.
From the bench to the bedside in the big data age: ethics and practices of consent and Privacy…191
123
In the research context, these competing definitions
have implications for informed consent, especially in the
US, where a number of state bodies already regulate
human subjects research. A new risk emerges when
anonymized samples are not classified as human research
subjects even though the samples could potentially be re-
identified. Research of human subjects, for example, is
governed by policies like the HHS Common Rule, while
the regulation of in-vitro diagnostic (IVD) and laboratory-
developed testing (LDT) kits is overseen by the Food and
Drug Administration (FDA) and the Centers for Medicare
and Medicaid Services (CMS) under the Clinical Labo-
ratory Improvements Act (CLIA). The FDA’s definition
of a human subject is stricter than the Common Rule’s and
includes any individuals whose specimens could be traced
to them (U.S. Department of Health and Human Services
2008). In FDA-regulated research, researchers are
required to obtain informed consent before they can use
specimens and waivers are permitted only in research
involving emergency situations. The US Common Rule
does not classify anonymized samples as human subjects
research, which exempts them from the requirements and
procedures around obtaining consent. Similar exceptions
occur in nations such as Germany, Norway, and the
Netherlands (Hongladarom 2011), as the EU Data Pro-
tection Directive 95/46/EC does not protect anonymized
or de-identified data. So what does this mean for the
clinical context?
Clinicians will increasingly turn to both patient genomic
and clinical data for decision-making. Sequencing centers
need the wet samples to produce the digital genomic data,
which has been coded (presumably before being submitted)
so it can be linked back to the patient before being returned
to the clinician. At both points of transfer, from clinician to
sequencing and sequencing back to clinicians, someone or
something has to handle the transaction between organi-
zations and the de-identification and re-identification of the
sample. For example, when a patient with an acute form of
cancer comes into a treatment center, the clinical infor-
mation from her sample becomes part of her medical file.
Her blood sample, cheek swab, and/or tumour sample also
goes to a diagnostic genomics center for sequencing. The
centre may be in a different jurisdiction than the clinic and
may have more lenient rules around data use and sharing
than anticipated by the clinic. The sample is de-identified
and assigned a unique code. When the scientists deliver the
sequencing information and analysis back to the clinician,
someone re-identifies the sequence information and links it
to the patient file. While the genome data in the sequencing
center databases may be de-identified, the genome data in
the clinical setting is identified. The best practices for this
transfer of information and management of privacy are not
well known or institutionalized.
Comparison of existing consent models in the digital
age
In the clinical context, the default setting is a broad form of
consent that allows everyone in the patient’s circle of care
to access and manipulate the data. While the language of
clinical consent forms resembles those from the research
setting (Lunshof et al. 2008), scholars have proposed that
consent forms be amended to include issues related to
familial privacy concerns, returning incidental findings,
and data storage techniques, alongside other classic areas
such as scope, benefits, and risks (Ayuso et al. 2013; Royal
College of Physicians et al. 2011). Designing appropriate
consent forms in the clinical context is particularly
important, given that the American College of Medical
Genetics and Genomics (ACMG) released a statement in
March 2013 calling for laboratories to analyze an addi-
tional 56 specified genes and report results back without
patient consent. Much debate ensued after this statement
and the ACMG updated their recommendation to include
an opt-out clause for medically actionable genes at the time
of sample submission. ACMG’s rationale for returning all
56 genes is that the amount of genetic counselling required
would be too great, while any technical measures to filter
out information that the patient may not wish to know
would be too burdensome on laboratories (Wolf et al.
2013). An opt-out of all medically actionable genes offers
an all or nothing approach in regards to those specific
results. In order to explore what alternatives clinicians
could offer to patients, an overview of the research context
provides some options.
The openness, sharing, and transparency of Internet-based
information technologies in both settings offer opportunities
for communication between researchers/clinicians and par-
ticipants/patients, as well as a number of privacy risks. One
benefit to maintaining ongoing communication with partici-
pants concerns the unpredictability of scientific innovation in
terms of consent. The research setting encompasses a variety
of approaches to informed consent called narrow, authoriza-
tion, and broad. Participants consent to a specific study in the
narrow model. They consent to a menu of potential study
types in an authorization model. A broad model allows par-
ticipant samples to be used in a, usually, unlimited number of
specified and unspecified future purposes outside the original
study. As genomic data continues to be used in novel ways,
even the most detailed list of anticipated future uses on a
consent form cannot entirely predict novel uses for biological
samples and data in the future. In this case, researchers can
use the Internet to support more patient-focused models such
as narrow consent by having participants agree to a very
specific set of uses and then re-contacting them in case of new
uses. While critics have pointed out that re-contact can be
expensive, time-consuming, impossible (in the event that the
192 P. A. Chow-White et al.
123
participant moves or is deceased) and can also deter partici-
pation in studies, secure personalized web portals can at
minimum be more cost-effective and save time (Hudson
2011). We believe that similar mechanisms could exist in the
clinical context.
Secure personalized web portals could potentially sup-
port what is known in the research context as authorization
or menu forms of consent (practiced in the U.S. and
Canada) by expanding the process of initial consent to
allow for a variety of options for participants, such as
desired degree of involvement, specified uses of their
biological materials and/or data, and return of results
(Caulfield et al. 2003). The authorization model can also be
flexible enough to accommodate participants who wish to
issue blanket consent, which is a one-time process where
participants agree to unspecified and indefinite future uses
of their samples and data. However, scholars suggest
researchers should never presume blanket consent. In cases
where participants seem genuinely interested in taking this
course, researchers should follow up with genetic coun-
sellors to ensure that participants fully understand the risks
(Saha and Hurlbut 2011). In the clinical context, genetic
counselling is an important part of the consent process to
ensure that patients are competent, informed, and partici-
pate voluntarily. Providing more options to patients (i.e. by
consenting to specific diagnostic texts) and explaining
scenarios where they may not be able to opt-out could
potentially enact these research-based models.
Broad consent is a one-time process where participants
agree to unspecified future uses in situations where the
perceived risk to participants is low. In the research con-
text, this form of consent is practiced or recommended in
most of the EU and UK. Broad consent differs from blanket
consent in that data and samples are only to be used for
specific research areas (Hudson 2011) and might also be
helpful in distinguishing between non-commercial and
commercial research. Information technologies, in theory,
could potentially aid in complying with international
policies governing broad consent by securing the right of
patients to withdraw from studies and request the
destruction of samples whenever they desire (Elger and
Caplan 2006).
Critics have suggested broad consent is too general to
have so much legal weight and defies the spirit of informed
consent. Others have suggested truly autonomous partici-
pants ought to have the right to give broad or blanket
consent to future and unspecified uses if they wish (Caul-
field and Kaye 2009; Bunnik et al. 2011). The technical
systems of information management and participant/re-
searcher communication ought to be flexible enough to
accommodate these wishes. In the US, the proposed
changes to the Common Rule that seek to simplify and
shorten lengthy consent forms appear to be moving in this
direction, as proposed changes would allow for one-time
forms of consent in order to streamline the research process
(US Department of Human and Health Services 2011). It is
noteworthy that none of the proposed changes mention the
Internet.
Clinical genomics and privacy
The gold standard for protecting privacy in public data-
bases is to de-identify genomic data and aggregate it with
other people’s data. This is akin to hiding someone’s per-
sonal genome signature in a DNA haystack, which may be
impossible for a human to find. However, computational
data mining algorithms are very good at finding needles in
haystacks and linking them to needles in other haystacks.
Scholars have shown that re-identification of anonymized
genome data is possible using computer algorithms and
linking information from different databases (Homer et al.
2008). Building better safeguards for genome databases is a
key issue for protecting individual privacy. Identified data
is used to help streamline the research process, advance
knowledge by linking clinically relevant data with demo-
graphic and environmental information about participants,
and help to avoid the use of different samples from the
same individual. In this section, we compare national
approaches to privacy regulation, the role of commercial
databases, open access science, and what this means for
clinical genomics.
Comparing information privacy in national contexts
As research institutions and international consortia pool
resources to advance clinically actionable information
about genomics, it is also necessary to discuss how
anonymization in clinical genomics may require the har-
monization of competing national legal definitions and data
privacy regulations. When genomic information transforms
from samples and specimens into networked data, the rules
and regulations governing privacy require examination.
The majority of nations do not have comprehensive
genomic policies. Yet, they tend to have strict safeguards to
protect the privacy of digital information. In the EU, many
national laws (including the UK) governing data privacy
follow the broad EU Data Protection Directive. These
regulations govern all aspects of data protection, including
health related information. The 1998 U.K. Data Protection
Act defines ‘personal data’ as data ‘‘which relate to a living
individual who can be identified—(a) from those data, or
(b) from those data and other information which is in the
possession of, or is likely to come into the possession of,
the data controller’’ (UK 1998). Like many national poli-
cies, a different set of criteria applies to de-identified data.
From the bench to the bedside in the big data age: ethics and practices of consent and Privacy…193
123
In the US, HIPAA defines PHI as directly identifiable
data that includes demographic information, medical his-
tory, insurance information, testing and laboratory results,
Internet Protocol addresses, biometric identifiers (i.e. fin-
gerprints) and other data transmitted or maintained in
electronic media or other mediated forms. The Privacy
Rule covers entities such as health care providers, health
plans, and health care clearinghouses. The 2008 Genetic
Information Nondiscrimination Act (GINA) protects
asymptomatic individuals from employment and insurance
discrimination based on genetic information, with further
discussion in place (especially at the state level) to expand
GINA to cover other privacy-related concerns. Currently,
GINA does not cover those who have been clinically
diagnosed with a disease. At the state level, places such as
California (home to commercial genomic biotech compa-
nies 23andMe, Pathway Genomics, and Illumina) have
enacted new laws such as CalGINA to extend protections
against other forms of discrimination such as housing,
mortgage lending, education, and public accommodations.
Similarly, Germany enacted genomic policy in the 2009
Human Examination Act to protect patients and research
participants from genetic discrimination in areas of insur-
ance and employment.
In Canada, federal laws and statutes, such as the 2000
Personal Information and Electronic Documents Act
(PIPEDA), protect the privacy of personal information.
However, provincial privacy laws in British Columbia
(BC), Alberta, and Ontario supersede federal laws. In BC,
for example, there are different laws that govern privacy in
public and private organizations. Genomic information can
move between a private clinic and a public hospital as part
of a patient’s circle of care. Currently, there is no equiva-
lent to the Human Examination Act or GINA at this time
and little movement at the federal level towards a genomic
policy.
Direct to consumer genomics and commercial
databases
The activities of direct to consumer (DTC) genomic testing
companies are raising new issues and discussions for reg-
ulators. DTCs are not subject to the same legal and ethical
scrutiny as publicly funded and institutionally based
researchers or public health care practitioners. Genomic
information in the Canadian province of British Columbia
held by a DTC would be governed differently than geno-
mic information held by a hospital, for example, because
one is public and the other is private. Global communica-
tion networks and flows of data can bypass local law
altogether. For example, Canadians can buy their genomic
information from an American DTC, which is not governed
by Canadian privacy laws. The US has been discussing
how to regulate DTC companies (Morrison 2011) and
Germany already forbids DTC management of genomic
health information Clark (2009). As of the time of this
writing, countries such as France, Portugal, and Switzer-
land have laws stipulating only medical doctors can
administer genetic tests after offering genetic counselling
and obtaining informed consent. These laws are in line
with the statement set forth by the European Society of
Human Genetics. Countries like Belgium and the United
Kingdom, on the other hand, allow for the provision of
DTC tests that are regulated Borry et al. (2012).
While these discussions take place, patient-consumers
are increasingly volunteering personal information and
data online for results that may be less accurate and secure
(23andMe 2007). The commercialization of research and
public interest in genomics has resulted in the proliferation
of a number of DTC companies, whose privacy policies
vary widely. In 2010, the FDA called the Pathway Geno-
mics product an unapproved medical device causing them
to be removed from Walgreen pharmacies (Genomeweb
2010; Woods 2010). The FDA has also warned other DTC
companies, including the high-profile California-based
genetic-testing company 23andMe (Gutierrez 2010a,b,c,
d,e). Despite ongoing dialogue and 23andMe’s
announcement that it was making efforts to receive FDA
approval in July 2012 (23andMe 2012), there seemed to be
little progress made. The FDA made this clear in their letter
dated November 22, 2013, where they revealed that
23andMe had ceased communication in May and ordered
the DTC company to discontinue selling their unapproved
PGS (Gutierrez 2013). As of December 5, 2013, 23andMe
announced it would comply with the FDA, only providing
users with ancestry-related and raw genetic data in the
meantime (Wojcicki 2013).
Notably, the FDA’s decision emphasizes the harms that
can accompany DTC testing kits themselves, rather than
the informational risks that accompany the networking of
genomic information online. 23andMe’s privacy statement,
for example, stipulates that while consumers can refuse to
have their data used for published scientific research
studies, aggregated user data is treated differently. Like
many other Web 2.0 platforms that offer ‘‘free’’ or low-cost
products and services online, 23andMe reserves the right to
use pooled datasets, which contain genetic and self-re-
ported information for quality control or other R&D
activities, or for sale to third-party commercial (i.e. phar-
maceutical and insurance companies) and non-profit
research partners [23andMe n.d.]. Similarly, developers
and patient-consumers also have the opportunity to access
this kind of data, both through 23andMe’s open API and its
mobile app that makes this information shareable across
platforms. What ultimately happens with this data, whether
it is potentially identifiable at some point in the future, or
194 P. A. Chow-White et al.
123
whether such aggregated datasets are used to inform poli-
cies that can affect citizens and consumers later on,
remains unknown.
Online, traditional processes of informed consent have
shifted to practices that seem to look more like typical
terms of use for information technologies like Facebook
and iTunes. Long form click-through agreements, privacy
policies, and terms of service documents on websites
(Morrison 2011) increasingly resemble blanket consent.
This digital separation and distance between researchers,
practitioners, and patients can create a false sense of
security, and the everydayness of the online environment
can create the impression that joining a genetic study is
trivial and inconsequential. Since computer users are
already accustomed to click-through terms of use agree-
ments, there is little reason to believe participants read and
interpret informed consent forms any differently than
software or social media use agreements. This kind of
practice is being regulated by social norms on the Internet
rather than legal or governmental regulation. In the case of
23andMe, the consent document states, ‘‘Giving consent by
checking the appropriate box below means that you agree
to let 23andMe researchers use your Genetic & Self-Re-
ported Information for 23andMe Research.’’ It also
explains how you can change your consent status in
account settings at any time (23andMe n.d). The Internet
culture of clicking without reading raises challenges for
ensuring research participants and consumers (in the case
of DTC companies) are well informed about the risks and
benefits of study and treatment.
As a still largely unregulated and expansive medium, the
Internet becomes fertile terrain for these social and ethical
grey areas to emerge. These are important issues to con-
sider in the clinical context, as recent changes to HIPAA
laws, for example, stipulate that patient-consumers are
entitled to receive their medical records in digital formats
and are able to publish and share information with autho-
rized third parties (U.S. Department of Health and Human
Services 2013). While the rhetoric of patient empowerment
online is a selling point for proponents of the ‘‘open’’ or
citizen science movement (Scott 2011), the regulatory
challenges that accompany user-generated health infor-
matics represents an emerging area that clinicians and
policymakers alike will need to consider moving forward.
Data-sharing and open access policies: strategic
approaches to risk management
In the research context, publicly available genomic data
has been an important practice and ethos for scientific
innovation and resource sharing. Some form of managed
access data sharing for publicly funded projects seems to
be the norm across the E.U., the U.K., the U.S. (Auray-
Blais and Patenaude 2006) and most of Canada, largely due
to the demand for transparency, disclosure and account-
ability in non-commercial research. The scientific knowl-
edge and discoveries made possible through the
democratization of genomic data have undoubtedly bene-
fited the research community. In clinical genomics, shar-
ing, storing and accessing data between researchers,
between researchers and clinicians, and within the clinical
setting in the safest and most secure manner is a critical
issue. Some of the more common measures include
anonymization, coding, limited and role-based access, click
wrap data-release agreements, firewalls and encryption
(Auray-Blais and Patenaude 2006; Swede et al. 2007).
Some have also proposed a ‘‘phenotype-driven,’’ rather
than data-driven, approach to new information technolo-
gies that use databases as an extension to, rather than as a
replacement of, patient diagnosis and care in the clinics
(Trakadis 2012). We can describe these techniques as
micro approaches to data security because they involve the
day-to-day clinical practices regarding the protection of
patient information. Taking a meso-level approach at the
organizational level that include third-party stakeholders
like data management service companies and Internet
service providers (ISPs), it is also necessary to consider
how the data environment itself can affect levels of security
in data sharing and storage.
In 2011, the Public Health Genomics Foundation (PHG),
a UK-based public-private bioscience cluster, released a
report on the role of WGS in the health care system. The
report examines security breaches associated with large-
scale data storage and transfer and how it is very difficult to
secure sharing of data between numerous individuals who
might need varying levels of access to some or all of the
data for different purposes (Wright et al. 2011). While
some researchers have used cloud computing over the
Internet as a way to help protect privacy while enabling the
secure sharing of data, issues like network bandwidth could
pose a problem. 1000 Genomes Project organizers have
dealt with this specific issue by partnering with the Ama-
zon cloud computing service (who provide network
infrastructure for Web 2.0 companies such as Netflix,
Pinterest and Tumblr) to deal with the cost of storage
capacity and computational power (NIH 2012). Third-party
data management, however, always involves an increased
level of risk to individual privacy, as cloud computing
makes it more difficult for stakeholders to control who
accesses the server. Also, the geographic location of the
server may be under a different regulatory or governance
structure than the location of the research.
As genomic data becomes increasingly information-rich
and identifiable, its secure management and sharing among
authorized end-users in multiple locations (and jurisdic-
tions) has become costly and extremely difficult. As
From the bench to the bedside in the big data age: ethics and practices of consent and Privacy…195
123
computing speeds and storage capacities have increased, so
too have the infrastructure needs of genomic technologies.
Secure data management requires significant investment in
human resources, as personnel must continually update
their knowledge regarding Internet security issues and
translate between clinicians and information technology
specialists. The amount of data storage required for a major
sequencing center has jumped from a petabyte to 5–10
petabytes or more in half a decade. This type of data use
makes transfer over the web very slow and more prone to
crashing, while networked servers themselves are not
impervious to events such as natural disasters, power
outages, loss of data, cyber attacks, and hacking (Cucoranu
et al. 2013). Sometimes it is faster to walk data (on an
external hard drive) from one building to the next in a local
context than transfer the data over the Internet. For
researchers and clinicians, it is important to carefully
weigh these benefits and risks associated with sharing
information across networks.
At the macro level, international policies can help
address some of these security challenges by creating data
security standards aimed across stakeholder groups, such as
clinicians and researchers as well as ISPs and data man-
agement companies. In the EU, for example, there are clear
policies covering the security of data that North American
policy makers do not yet follow. The UK Data Protection
Act (1998) works with the National Health Service (NHS)
to protect data through processes of centralization and
streamlining among various stakeholders. Those who pro-
cess patient identifiable data, for example, must follow the
guidelines of their Information Governance Toolkit and the
protocol of the Care Quality Commission (Wright et al.
2011). Although these current policies do not adequately
account for the networking of clinical genomics online, EU
policy makers are currently engaged in discussion about
these issues (Hall 2012).
Although the US has not yet developed a national data
policy, the issue has been discussed. In the summer of
2011, the US Secretary Advisory Committee on Human
Research Protections (SACHRP) recommended the com-
mittee should consider examining whether or not adopting
a comprehensive data protection scheme like that of the EU
would enhance security and promote harmonization with
international standards (U.S. Department of Health and
Human Services 2008). The report suggested a combina-
tion of a national biobank along with laws and policies for
preventing misuse of data could help reduce the risk of
confidentiality breaches while enabling researcher access
to large volumes of data.
From a clinical perspective, these various levels of data
security measures will directly impact the ways in which
providers interact with patients and information technolo-
gies. As clinical practice increasingly involves genomic
data and as DNA database use expands from the research
context to clinical settings, it will be crucial for policy
makers to develop consistent data security policies at
national and local levels.
Summary
The diffusion of genomic technologies into the clinical
setting requires decision-makers, researchers, and clini-
cians to address the emerging issues of informed consent,
anonymity, and the protection of PHI in an age of rapid
scientific and technical innovation and information tech-
nologies such as the Internet and networked DNA data-
bases. In the big data era, the ubiquity and decentralized
architecture of networked information technologies such as
the Internet and DNA databases make it increasingly dif-
ficult to safeguard privacy with certainty. Rules, regula-
tions and guidelines about these issues vary widely across
international borders, making it difficult to advance science
in the name of the public good while still preserving the
integrity and privacy of research participants.
The risks of re-identification, informational harms, and
data security vulnerabilities are issues that need to be better
addressed in the clinical setting. We make this recom-
mendation based on issues we encountered while collabo-
rating with clinicians on a genome diagnostic test for
cancer. Based on challenges we faced while working with
collaborators on a clinical genomics project that is devel-
oping a genome diagnostic test for cancer, we find similar
issues emerging in this setting. We suggest these issues
stem from digitized genomic data travelling through digital
networks (via the Internet) and being stored in publicly
accessible and commercial cloud databases. Genomics is
embedded within digital networks and the Internet, which
creates conditions that create challenges to the manage-
ment of privacy and consent in the big data age. We have
six recommendations for designing a proactive informed
consent process that addresses risks and benefits of digital
genomic information. We explain our recommendations
and while usinge two publicly-available consent forms,
Genome England’s 100,000 Genomes project (2015a) and
the US-based Pathway Genomics’ hereditary cancer
genetic test (2014) to examine what is currently being
included in forms and where improvements could be made.
First, the consent form should emphasize the unique
nature of digital genomic information and the Internet.
Participant and patient documents such as consent forms
and education manuals should include information and
language about the potential digital pathways of partici-
pant’s genomic information and the associated informa-
tional risks. Language should make it clear that clinical
genomics generates digital information, which differs from
196 P. A. Chow-White et al.
123
a traditional understanding of the biological sample and
can create new issues and challenges for maintaining pri-
vacy. The Genome England consent form (2015a) did not
address this issue. The information sheet mentions how
sequenced data is sent electronically for analysis (p. 3) and
is available worldwide (p. 8) but does not explain the
digital nature of genomics. Similarly, Pathway Genomics’
form (2014) speaks of securely storing personal informa-
tion, test results, specimens and isolated DNA as if they
exist only on paper and as wet samples (p. 2). Its only
reference to the digital occurs in the context of explaining
to patients the procedures associated with withdrawing
consent: specimens, user accounts, medical information
and test results can be stored into a secure, offline storage
area with limited access (ibid.). What is interesting, how-
ever, is that the company’s Privacy Statement (2010)does
make explicit the digital nature of genomics and the
security measures employed. As consumers, users brows-
ing the website therefore receive the kind of information
they could be receiving on a consent form.
Second, the consent form should respect clinical
research participant/patient preferences and the right not to
know incidental findings. It should convey the scope of
potential incidental findings and engage in a shared deci-
sion-making process with the patient about what types of
results may be returned. Further, it should acknowledge the
potential to generate genomic incidental findings and the
possibility of discovering findings that are presently
unknown. The Genome England participant consent form
(for patients with cancer or suspected cancer) does include
the option to receive secondary findings (2015a). These
secondary findings are a limited list of medical conditions
that may change over time. Anything outside the main or
secondary findings are considered incidental and are not
fed back to the patient’s clinical team. This would satisfy
our second recommendation. Pathway Genomics’ consent
form, on the other hand, deals with this by narrowing its
parameters to hereditary mutations and variants only.
Because it does not address incidental findings, the right
not to know is implied. However, it also makes explicit that
what Pathway ‘‘includes in its reports is determined at
Pathway’s discretion’’ (p. 1). Does this signal the possi-
bility that incidental findings could be returned? This could
be clarified.
Third, the consent form should contain language/dis-
claimer that privacy is not absolutely guaranteed. The
unstableness of digital networks and uncertainty of geno-
mic information creates the conditions of privacy without
guarantees. The consent form should provide details of data
release and sharing, including potential public databases
where data could be disseminated and explain the potential
of re-identification of anonymized data. This should
include explaining the digital nature of clinical genomic
data and how this could impact issues of privacy and
intellectual property. The Genome England consent form
stresses patient data will be treated as confidential and only
accessible in a form that protects patients’ identity. How-
ever, it also states samples may be sent outside the UK for
processing and analysis and that future uses are unknown.
The wording does not imply any possibility of re-identifi-
cation or potential risks to privacy. However, the Genome
England information sheet (2015b) did state a future risk
could be linking information back to the patient (p.10).
Pathway Genomics’ consent form informs patients that
while ‘‘privacy cannot be guaranteed’’, it has established
‘‘reasonable safeguards to protect it’’ (p. 2). While it could
more clearly communicate the whys and hows, it could also
clarify what they mean when they explain ‘‘personal
information and test results are confidential’’ (p. 2). The
ambiguity surrounding the clinical practice of confiden-
tiality is further muddled in the following section, ‘‘Med-
ical Research Purposes’’, as it states that specimens in this
case will be assigned a unique identifier. While clinical
samples require some identifying information to return
results back to individual patients, identification in the
medical context is used to help researchers perform anal-
yses without accidentally using the same sample twice. A
brief distinction between the two could be helpful for
supporting patient and participant decision-making in these
contexts.
Fourth, the consent form should describe data manage-
ment and the potential for future third party users, such as
researchers, healthcare teams, and commercial organiza-
tions. This should include where and for how long both
biological and digital samples will be stored, as well as the
fact that some uses of genomic information may not be
presently known. It could also provide a few different
scenarios of how data could be disseminated, whether in
the form of academic publishing, technical reports, or
databases. If clinical samples are also used for medical
research purposes funded by groups promoting Open
Access initiatives, for example, then forms also ought to
communicate the possibility that such data can also end up
publicly-accessible. The Genome England consent form
did an excellent job explaining this point. It explained who
would have access and how medical records would be
combined with sequencing data. It explicitly stated who
would have access and how they would access the con-
trolled database. While they do not mention database
management explicitly, Pathway Genomics (2014) identi-
fies a few different scenarios where non-Pathway actors
may have access to the data. For example, patients may opt
out of having their data used for medical research studies
and publications (p. 1). The form also explains to patients
that PHI (including test results) can be disclosed to insur-
ers, Medicate or other third-party payers, although they
From the bench to the bedside in the big data age: ethics and practices of consent and Privacy…197
123
mention that it is also possible to opt out of this autho-
rization. Further, it identifies the possibility of genetic
discrimination (i.e. through employers and insurers) as well
as the risk that individuals and organizations with legal
access to one’s permanent medical record may see results.
Fifth, the consent form should explain limitations to
withdrawing patient/participant data from databases and
that the participants cannot always withdraw. The form
should explain that digital data is potentially indestructible
especially once it is disseminated in public databases and
subsequently used by third parties. The Genome England
form did not explicitly state this but it did point out how it
is impossible to remove data from previously conducted
research. Near the end of its informed consent form,
Pathway Genomics states that CLIA regulations prohibit
the destruction of medical records. However, it also states
that a written request and patient instructions will enable
the company to destroy the patient’s DNA specimen, delete
a user account and move all medical information into a
‘‘secure, offline storage area with limited access’’ (p. 2).
They explain that this will remove them from the Pathway
Genomics system and make it impossible for a healthcare
professional to seek information in this way. However, they
do not explain how long this may take and perhaps should
communicate the possibility that information may be
retrievable between deletion cycles.
Finally, the consent form should explain the social
network nature of genomic information and explain the
implications of familial issues, such as the return of test
results to families of deceased, the disclosure of results to
‘at risk family members’ and/or other relevant parties, as
well as the possibility of needs of family overriding
objections of patients/participants. DNA is a unique iden-
tifier and a familial network identifier. The Genome Eng-
land form states how this information may be beneficial to
the family but does not explain potential issues. Pathway
Genomics’ form (2014) does take familial relations into
account, perhaps because the test is related to hereditary
cancer. Familial relationships are acknowledged as both a
risk and as a limitation, as patients are informed that a
detected mutation or variant could warrant testing for
immediate family members (p. 1). While it reassures
patients that such a result does not necessarily mean that all
family members have inherited the same mutation or
variant, it recommends genetic counselling to help patients
and their family members ‘‘prepare for varying and com-
plicated outcomes’’ (p. 2). Given that some family mem-
bers may or may not wish to know their familial risk, the
form also explains that counsellors could help patients
assess the ‘‘pros and cons’’ of consulting with them pre-
and post-test (p. 2). This is based on the recognition that
genomic testing can sometimes render visible ‘‘family
secrets, such as paternity, adoptions, or other difficult
issues’’ (p. 2). Thus, making it clear that the hereditary
context of genomic testing may bring unanticipated con-
sequences for patients and their family members is an
important consideration.
We recognize that there are a number of issues with
informed consent and our recommendations are not aimed
at solving all of them. Some may question whether or not
informed consent is a viable instrument. This is a good and
important question but outside the scope of this article. Our
recommendations are aimed at revision to the instrument
rather than replacing it. We are specifically targeting an
area of patient education and understanding about the
potential risks of digital information. While consent forms
adequately convey the physical risks of genetic testing,
they also ought to communicate that the networking of
genomic data is an emergent socio-technical process that
brings with it uncertainties and certain vulnerabilities.
While the aim of this is not to frighten or discourage
patients from participating in clinical trials, increasing their
understanding of how the networking of genomics shape its
terms and conditions is an important way to enhance
informed decision-making and improve research and
practice in the age of big data.
References
23andMe. (2007, November 19). 23andMe launches web-based
service empowering individuals to access and understand their
own genetic information.http://mediacenter.23andme.com/
press-releases/23andme-launches-web-based-service-empowering-
individuals-to-access-and-understand-their-own-genetic-informa
tion. Accessed September 10, 2014.
23andMe. (2012, July 30). 23andMe takes first step toward FDA clearance.
http://mediacenter.23andme.com/press-releases/23andme-takes-first-
step-toward-fda-clearance/. Accessed September 10, 2014.
23andMe. (n.d.). Consent document.https://www.23andme.com/en-
ca/about/consent/. Accessed July 8, 2015.
23andMe. (n.d.). Privacy statement—23andMe.https://www.
23andme.com/legal/privacy/. Accessed September 10, 2014.
ACMG Board of Directors. (2013). Points to consider for informed
consent for genome/exome sequencing. Genetics in Medicine,
15, 748–749.
Auray-Blais, C., & Patenaude, J. (2006). A biobank management
model applicable to biomedical research. BMC Medical Ethics,
7, E4.
Ayuso, C., Milla
´n, J. M., Manchen
˜o, M., & Dal-Re
´, R. (2013).
Informed consent for whole-genome sequencing studies in the
clinical setting. Proposed recommendations on essential content
and process. European Journal of Human Genetics, 21,
1054–1059.
Borry, P., van Hellemondt, R. E., Sprumont, D., Jales, C. F. D., Rial-
Sebbag, E., Spranger, T. M., et al. (2012). Legislation on direct-
to-consumer genetic testing in seven European countries.
European Journal of Human Genetics, 20, 715–721.
Bunnik, E., Schermer, M., & Janssens, A. C. (2011). Personal genome
testing: Test characteristics to clarify the discourse on ethical,
legal and societal issues. BMC Medical Ethics, 12, 11.
198 P. A. Chow-White et al.
123
Caulfield, T., & Kaye, J. (2009). Broad consent in biobanking:
Reflections on seemingly insurmountable dilemmas. Medical
Law International, 10, 85–100.
Caulfield, T., Upshur, R., & Daar, A. (2003). DNA databanks and
consent: A suggested policy option involving an authorization
model. BMC Medical Ethics, 4,1.
Chow-White, P. A., & Duster, T. (2011). Do health and forensic DNA
databases increase racial disparities? PLoS Medicine, 8(10),
e1001100.
Clark, D. (2009). Genetic exceptionalism and paternalism themes in
new German legislation. Genomics law report.http://www.
genomicslawreport.com/index.php/2009/09/02/genetic-exception
alism-and-paternalism-themes-in-new-german-legislation/. Acces-
sed September 10, 2014.
Cucoranu, I., Parwani, A., West, A., Romero-Lauro, G., Nauman, K.,
Carter, A., et al. (2013). Privacy and security of patient data in the
pathology laboratory. Journal of Pathology Informatics, 4(1), 4–4.
El Emam, K., Jonker, E., & Fineberg, A. (2011). The case for de-
identifying personal health information. Ottawa: CHEO
Research Institute.
Elger, B. S., & Caplan, A. L. (2006). Consent and anonymization in
research involving biobanks: Differing terms and norms present
serious barriers to an international framework. EMBO Reports,
7, 661–666.
Genomeweb. (2010, May 11). Walgreens to sell pathway genomics’
sample collection kit.http://www.genomeweb.com/dxpgx/wal
greens-sell-pathway-genomics-sample-collection-kit. Accessed
September 10, 2014.
Genomics England. (2015a). Participant consent form—For patients
with cancer (or suspected cancer).http://www.genomicseng
land.co.uk/?wpdmdl=5284. Accessed July 8, 2015.
Genomics England.(2015b). Information sheet—For adult patients
with cancer (or suspected cancer).http://www.genomicseng
land.co.uk/?wpdmdl=5280. Accessed July 8, 2015.
Greenbaum, D., Sboner, A., Mu, X. J., & Gerstein, M. (2011).
Genomics and privacy: Implications of the new reality of closed
data for the field. PLoS Computational Biology, 7, 1–6.
Gutierrez, A. (2010a). Letter to 23andMe concerning 23andMe
personal genome service. http://www.fda.gov/downloads/Medi
calDevices/ResourcesforYou/Industry/UCM215240.pdf. Acces-
sed September 10, 2014.
Gutierrez, A. (2010b). Letter to deCode genetics concerning
deCODEme complete scan.http://www.fda.gov/downloads/Med
icalDevices/ResourcesforYou/Industry/UCM215241.pdf. Acces-
sed September 10, 2014
Gutierrez, A. (2010c). Letter to illumina concerning illumina infinium
HumanHap550 Array.http://www.fda.gov/downloads/medicalde
vices/resourcesforyou/industry/ucm215242.pdf. Accessed Septem-
ber 10, 2014
Gutierrez, A. (2010d). Letter to navigenics concerning navigen-
ics health compass.http://www.fda.gov/downloads/Medical
Devices/ResourcesforYou/Industry/UCM215243.pdf. Accessed
September 10, 2014
Gutierrez, A. (2010e). Letter to Knome, Inc. concerning Knome-
COMPLETE.http://www.fda.gov/downloads/medicaldevices/
resourcesforyou/industry/ucm215239.pdf. Accessed September
10, 2014
Gutierrez, A. (2013). Warning letter.http://www.fda.gov/iceci/enforce
mentactions/warningletters/2013/ucm376296.htm. Accessed Septem-
ber 10, 2014
Hackett, E. J., Amsterdamska, O., Lynch, M. E., & Wajcman, J.
(2007). Handbook of science and technology studies (3rd ed.).
Cambridge: MIT Press.
Hall, A. (2012, March 16). Proposed EU data protection reform and
public health genomics. PHG foundation.http://www.phgfounda
tion.org/blog/11462/. Accessed September 10, 2014.
Heeney, C., Hawkins, N., de Vries, J., Boddington, P., & Kaye, J.
(2010). Assessing the privacy risks of data sharing in genomics.
Public Health Genomics, 14, 17–25.
Homer, N., Szelinger, S., Redman, M., Duggan, D., Tembe, W.,
Muehling, J., et al. (2008). Resolving individuals contributing
trace amounts of DNA to highly complex mixtures using high-
density SNP genotyping microarrays. PLoS Genetics, 4,
e1000167.
Hongladarom, S. (2011). Genomics and bioethics interdisciplinary
perspectives, technologies, and advancements. Hershey: Medical
Information Science Reference.
Hudson, K. L. (2011). Genomics, health care, and society. New
England Journal of Medicine, 365, 1033–1041.
Kaye, J. (2012). The tension between data sharing and the protection
of privacy in genomics research. Annual Review of Genomics
and Human Genetics, 13, 415–431.
Kaye, J., Heeney, C., Hawkins, N., de Vries, J., & Boddington, P.
(2009). Data sharing in genomics — re-shaping scientific
practice. Nature Reviews Genetics, 10, 331–335.
Lunshof, J. E., Chadwick, R., Vorhaus, D. B., & Church, G. M.
(2008). From genetic privacy to open consent. Nature Reviews
Genetics, 9, 406–411.
McEwen, J. E., Boyer, J. T., & Sun, K. Y. (2013). Evolving
approaches to the ethical management of genomic data. Trends
in Genetics, 29, 375–382.
McGuire, A. L., & Beskow, L. M. (2010). Informed consent in
genomics and genetic research. Annual Review of Genomics and
Human Genetics, 11, 361–381.
Morrison, A. (2011). A research revolution: Genetic testing con-
sumers become research (and privacy) guinea pigs. J. on
Telecomm. and High Tech. L., 9.
Narayanan, A., Shmatikov, V. (2006). How to break anonymity of the
netflix prize dataset.http://arxiv.org/abs/cs/0610105. Accessed
September 10, 2014.
NIH. (2012). 1000 genomes project data available on Amazon cloud.
http://www.nih.gov/news/health/mar2012/nhgri-29.htm. Acces-
sed September 10, 2014.
Scott, H. (2011, June 23). When people share their genome on
Facebook. The 23andMe Blog.http://blog.23andme.com/
23andme-and-you/when-people-share-their-genome-on-facebook/.
Accessed September 10, 2014.
Pathway Genomics. (2014). Patient informed consent for genetic
testing related to hereditary cancer—USA and Canada.https://
www.pathway.com/wp-content/uploads/Cancer-Patient-
Informed-Consent.pdf. Accessed 7, July 2015.
Pathway Genomics. (2010). Privacy statement.https://www.pathway.
com/privacy-statement/. Accessed July 8, 2015.
Wright C., Burton H., Hall, A., Moorthie, S., Bocci, G.S., Sanderson,
S., et al. (2011) Next steps in the sequence. The implications of
whole genome data sequencing for health in the UK. Cambridge,
UK: PHG Foundation. http://www.phgfoundation.org/reports/
10364/. Accessed Sept 10, 2014.
Presidential Commission for the Study of Bioethical Issues (2012,
October). Privacy and progress in whole genome sequencing.
http://bioethics.gov/cms/node/764.AccessedSeptember10,2014.
Rogers, E. M. (2003). Diffusion of innovations. New York: Free
Press.
Royal College of Physicians, Royal College of Pathologists and
British Society for Human Genetics. (2011). Consent and
confidentiality in clinical genetic practice: Guidance on genetic
testing and sharing genetic information, 2nd ed. Report of the
Joint Committee on Medical Genetics. London: RCP, RCPath.
http://www.bsgm.org.uk/media/678746/consent_and_confidenti
ality_2011.pdf. Accessed July 8, 2015.
Saha, K., & Hurlbut, J. B. (2011). Research ethics: Treat donors as
partners in biobank research. Nature, 478, 312–313.
From the bench to the bedside in the big data age: ethics and practices of consent and Privacy…199
123
Swede, H., Stone, C. L., & Norwood, A. R. (2007). National
population-based biobanks for genetic research. Genetics in
Medicine, 9, 141–149.
Trakadis, Y. (2012). Patient-controlled encrypted genomic data: An
approach to advance clinical genomics. BMC Medical Genomics,
5, 31.
UK. (1998). Data protection act.http://www.legislation.gov.uk/
ukpga/1998/29/contents. Accessed September 10, 2014
US Department of Health and Human Services. (2008). Realizing the
potential of pharmacogenetics: Opportunities and challenges.
http://osp.od.nih.gov/sites/default/files/SACGHS_PGx_report.
pdf. Accessed September 10, 2014.
US Department of Health and Human Services. (2011, July 26).
Human subjects research protections: Enhancing protections for
research subjects and reducing burden, delay, and ambiguity for
investigators. federal register, vol. 76, issue 143.http://www.
gpo.gov/fdsys/pkg/FR-2011-07-26/html/2011-18792.htm.Acces-
sed September 10, 2014.
US Department of Health and Human Services. (2013, January 25).
Modifications to the HIPAA privacy, security, enforcement, and
breach notification rules under the health information technol-
ogy for economic and clinical health act and the genetic
information nondiscrimination act; other modifications to the
HIPAA rules. Federal register, vol.78 no. 17. http://www.gpo.
gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf. Accessed
September 10, 2014.
US Department of Health and Human Services. (n.d). Guidance
regarding methods for de-identification of protected health
information in accordance with the health insurance portability
and accountability act (HIPAA) privacy rule.http://www.hhs.
gov/ocr/privacy/hipaa/understanding/coveredentities/De-identifi
cation/guidance.html#standard. Accessed September 10, 2014.
Wjst, M. (2010). Caught you: Threats to confidentiality due to the
public release of large-scale genetic data sets. BMC Medical
Ethics, 11, 21.
Wojcicki, A. (2013, December 5). 23andMe provides an update
regarding FDA’s review.http://blog.23andme.com/news/
23andme-provides-an-update-regarding-fdas-review/. Accessed
September 10, 2014.
Wolf, S. M., Annas, G. J., & Elias, S. (2013). Patient autonomy and
incidental findings in clinical genomics. Science, 340,
1049–1050.
Woods, J. (2010, March 10). Letter to pathway genomics corporation
concerning the pathway genomics genetic health report.http://
www.fda.gov/MedicalDevices/ResourcesforYou/Industry/
ucm211866.htm. Accessed July 8, 2015.
200 P. A. Chow-White et al.
123
