Privacy, Security, and Nondiscrimination Best Practices for Direct-to-Consumer (DTC) Genetic Testing Companies

Publication Date:

Nov 9, 2022

Updated:

Nov 9, 2022

https://doi.org/10.25936/va6w-me17

Collection Editor(s):

Rachele Hendricks-Sturrup, DHSc, MSc, MA

Research Director, Real-World Evidence, Duke-Margolis Center for Health Policy

Christine Lu, PhD, MSc

Associate Professor, Harvard Pilgrim Health Care Institute and Harvard Medical School

Introduction

The completion of the Human Genome Project opened new doors for business enterprise. One such activity is direct-to-consumer (DTC) genetic testing, or genetic testing offered on a service-driven basis, without the need for a clinician or other intermediary. DTC genetic testing has been, and continues to be, a burgeoning market and source of genetic data for original research that has produced new insights and discoveries in human ancestry and health. However, the data use practices of DTC genetic testing companies, including when and how they share consumer genetic data with third parties, are controversial. Also concerning is the fact that U.S. laws like the Genetic Information Nondiscrimination Act (GINA), which is intended to protect individuals from genetic discrimination by employers and health insurers, contain critical protection gaps (i.e., they do not apply to life, disability, and long-term care insurers). States are then left to create their own laws to fill those protection gaps, such as, for example, CalGINA in the state of California.

As consumers and the media became increasingly aware of law enforcement requests for consumer genetic testing data, the…

The completion of the Human Genome Project opened new doors for business enterprise. One such activity is direct-to-consumer (DTC) genetic testing, or genetic testing offered on a service-driven basis, without the need for a clinician or other intermediary. DTC genetic testing has been, and continues to be, a burgeoning market and source of genetic data for original research that has produced new insights and discoveries in human ancestry and health. However, the data use practices of DTC genetic testing companies, including when and how they share consumer genetic data with third parties, are controversial. Also concerning is the fact that U.S. laws like the Genetic Information Nondiscrimination Act (GINA), which is intended to protect individuals from genetic discrimination by employers and health insurers, contain critical protection gaps (i.e., they do not apply to life, disability, and long-term care insurers). States are then left to create their own laws to fill those protection gaps, such as, for example, CalGINA in the state of California.

As consumers and the media became increasingly aware of law enforcement requests for consumer genetic testing data, the health care business interests of DTC genetic testing companies, and gaps in existing legal protections like GINA, stakeholders in government, health care, and other sectors sought to develop and/or endorse privacy, security, and nondiscrimination best practices for DTC companies. Several of these companies also convened to develop and endorse privacy best practices.

This collection includes literature that: 1) examines the privacy policies and practices of major DTC genetic testing companies within the USA, UK, and China (only a few studies have systematically assessed privacy policies to date), 2) proposes genetic data governance, privacy, security, and nondiscrimination best practices and policy approaches aimed at avoiding genetic data misuse in a range of settings, including employment, and 3) explores stakeholder perspectives and social practices regarding the use, misuse, commercialization, and sharing of consumer genetic information. It will be useful to audiences seeking to understand the current state of discussions about privacy, security, and nondiscrimination best practices for DTC genetic testing companies operating globally as well as the perspectives and concerns of diverse stakeholders.

Show more

Privacy Policies and Practices of DTC Genetic Testing Companies

Hazel, J. W., & Slobogin, C. (2018). Who knows what, and when: A survey of the privacy policies offered by US direct-to-consumer genetic testing companies. Cornell Journal of Law & Public Policy, 28(1), 35-66.
Carrión Señor, I., Fernández-Alemán, J. L., & Toval, A. (2012). Are personal health records safe? A review of free web-accessible personal health record privacy policies. Journal of Medical Internet Research, 14(4), Article e1904.
Du, L., & Wang, M. (2020). Genetic privacy and data protection: A review of Chinese direct-to-consumer genetic test services. Frontiers in Genetics, 11, Article 416.
McDonald, W. S., Wagner, J. K., Deverka, P. A., Woods, L. A., Peterson, J. F., & Williams, M. S. (2020). Genetic testing and employer-sponsored wellness programs: An overview of current vendors, products, and practices. Molecular Genetics & Genomic Medicine, 8(10), Article e1414.

Stakeholder Perspectives and Social Practices

Clayton, E. W., Halverson, C. M., Sathe, N. A., & Malin, B. A. (2018). A systematic literature review of individuals’ perspectives on privacy and genetic information in the United States. PloS One, 13(10), Article e0204417.
Almeling, R., & Gadarian, S. K. (2014). Public opinion on policy issues in genetics and genomics. Genetics in Medicine, 16(6), 491-494.
Mladucky, J., Baty, B., Botkin, J., & Anderson, R. (2021). Secondary data usage in direct-to-consumer genetic testing: To what extent are customers aware and concerned? Public Health Genomics, 24(3-4), 199-206.
Briscoe, F., Ajunwa, I., Gaddis, A., & McCormick, J. (2020). Evolving public views on the value of one’s DNA and expectations for genomic database governance: Results from a national survey. PloS One, 15(3), Article e0229044.

Practices and Policies for Preventing the Misuse of Genetic Data

National Human Genome Research Institute. (2022, January 6). Genetic discrimination.
Grande, D., Marti, X. L., Feuerstein-Simon, R., Merchant, R. M., Asch, D. A., Lewson, A., & Cannuscio, C. C. (2020). Health policy and privacy challenges associated with digital technology. JAMA Network Open, 3(7), Article e208285.
Hendricks-Sturrup, R. M., & Lu, C. Y. (2019). Direct-to-consumer genetic testing data privacy: Key concerns and recommendations based on consumer perspectives. Journal of Personalized Medicine, 9(2), Article 25.
Joly, Y., Dupras, C., Pinkesz, M., Tovino, S. A., & Rothstein, M. A. (2020). Looking beyond GINA: Policy approaches to address genetic discrimination. Annual Review of Genomics and Human Genetics, 21, 491-507.
Hendricks-Sturrup, R. M., Cerminara, K. L., & Lu, C. Y. (2020). A qualitative study to develop a privacy and nondiscrimination best practice framework for personalized wellness programs. Journal of Personalized Medicine, 10(4), Article 264.
Martinez, C. (2018). Privacy best practices for consumer genetic testing services. Future of Privacy Forum.

Suggested Citation

Hendricks-Sturrup, R., & Lu, C. (2022). Privacy, security, and nondiscrimination best practices for direct-to-consumer (DTC) genetic testing companies. In ELSIhub Collections. Center for ELSI Resources and Analysis (CERA). https://doi.org/10.25936/va6w-me17

About ELSIhub Collections

ELSIhub Collections are essential reading lists on fundamental or emerging topics in ELSI, curated and explained by expert Collection Editors, often paired with ELSI trainees. This series assembles materials from cross-disciplinary literatures to enable quick access to key information.

Privacy, Security, and Nondiscrimination Best Practices for Direct-to-Consumer (DTC) Genetic Testing Companies

Collection Editor(s):

Introduction

Suggested Citation

Share

About ELSIhub Collections

ELSIhub Collections

Newsletter