Many DTC Genetic Testing Firms Fail to Disclose Info on Privacy, Confidentiality, Research Use

GenomeWeb – Direct-to-consumer genetic testing firms are often not completetly upfront about how they keep their customers' information confidential and private and how they might use their data in research, according to a new analysis by a team at the University of Wisconsin-Milwaukee.

For their study, published yesterday in Genetics in Medicine, the researchers, led by Linnea Laestadius at the university's Joseph J. Zilber School of Public Health, gathered best practices for DTC genetic testing services regarding the disclosure of confidentiality, privacy, and secondary-use procedures from guidelines of several organizations and studied how well companies adhered to them.

They looked at the websites of 30 DTC genetic testing companies that offer their services to customers in the US, judging the information they provided against recommendations from the American College of Medical Genetics and Genomics, the American Society of Clinical Oncology, the American Society of Human Genetics, the European Academies Science Advisory Council, the European Society of Human Genetics, the Human Genetics Commission, and the Nuffield Council on Bioethics.

Of the firms included in the study, 15 offered ancestry testing, 12 provided testing for health or nutrition purposes, and three a combination of both. Twenty-four companies sold their services directly to consumers, while five required a physician to place the order. One company had an unclear policy about ordering its test.

For their analysis, the researchers looked at companies' privacy policies and terms-of-service documents, which all but one had available in one form or another.

They found that only 20 percent, or six firms, discussed risks related to the disclosure of results to third parties, such as insurers or employers, usually mentioning the Genetic Information Nondiscrimination Act (GINA).

More than 90 percent of companies, a total of 28, provided some information related to confidentiality but differed in how much detail they offered. A little more than half, or 17 firms, described how they store biological samples, and 70 percent (21 firms) how they store genetic data. Only 13 percent (four companies) talked about how long they store data, and almost half (14 firms) promised that data could or would eventually be destroyed.

Almost all service providers (28 firms) addressed the sharing of results with third parties, but again, few offered specifics. A little over 40 percent (13 firms) noted what would happen to data if the company was sold or went bankrupt, and only two firms said what would happen to samples in such a case. More than 80 percent (25 firms) mentioned that they may be compelled to disclose data to law enforcement without customers' consent.

With regard to research use, 30 percent (nine companies) stated that they plan to use customer data to conduct health-related research, and 40 percent (12 firms) said they want to use data for non-health-related research, such as ancestry studies. Four companies explicitly said they would not use any customer data for research.  A total of eight companies did not mention potential secondary use of customers' data anywhere on their websites.

Of the nine companies that said they would use customer data for health research, only six mentioned additional consent for this, and only two disclosed the specific purpose of the research. Four addressed whether customers would have rights to commercial products or patents resulting from research, noting that they don't. Five of the companies stated a policy regarding withdrawal from health-related research, one of which said that "once given, consent cannot be revoked." Not a single company said how long genetic data would be stored for use in research. 

The Wisconsin team concluded that customers "continue to face a challenging task if they attempt to determine exactly how long their samples and data will be kept and what their ultimate fates will be."

While most DTC genomics firms now offer privacy policy and terms-of-service documents — an improvement from an earlier study — they still often comply poorly with international guidelines on providing information on confidentiality, privacy, and secondary data use, they wrote. Also, the documents are often written at a higher-than-recommended reading level.

In particular, many firms are still weak on disclosing privacy risks, the researchers said, failing to mention, for example, that GINA does not cover genetic discrimination by life, disability, or long-term care insurance carriers.

Overall, "the weaknesses pose a concern not only for consumers but also to the genetic research community because poor practices may jeopardize public trust in genetic research," the authors wrote.

News Image
Action
Statute