Leading the Way in Life Science Technologies

GEN Exclusives

More »


More »
April 01, 2010 (Vol. 30, No. 7)

Cracking Open Genetic Privacy

Common Good Is Best Served by Not Building Walls Around This Deeply Personal Information

  • Click Image To Enlarge +
    Margaret R. McLean, Ph.D.

    I am an altruist by nature, so when a letter from my healthcare provider inquired as to my interest in volunteering for a research project my initial thought was, “Why not?”

    I had participated in clinical trials before—no worries. What did they want? My spit. Why? To sequence my DNA and search for associations between my particular genetic alphabet and my health and lifestyle.

    Important questions began to formulate in my mind. For instance, despite assurances to the contrary, could my genes haunt me in the form of higher life- or health-insurance premiums or could I slip into the ranks of the uninsured? Since my employer pays for my health plan, what right would human resources have to my genetic profile? And, perhaps my biggest worry: would data about “what makes me me” be vulnerable to hackers, creating the possibility of molecular identify theft? I shredded the invitation.

    Did I make a wise decision or did I fall prey to some irrational fear of losing my identity, my privacy? And, would my loss of genetic privacy necessarily have had undesirable or harmful consequences?

    Almost a decade after the Human Genome Project cracked the genetic code, the wall of privacy surrounding genetic information may be developing a few cracks of its own. This is not such a bad thing, perhaps, as it forces us to confront important questions about what constitutes privacy, its value, and whether robust protection of genetic privacy is a promise that cannot—maybe ought not—be kept. Traditional notions of the privacy of medical information are profoundly challenged by genetic tests that reveal things not only about individuals but also about families, something that a family member may or may not already know.

    Privacy—the expectation that access to certain information is limited—appears to be ethically neutral, merely describing a person’s anticipated ability to control access to personal information. When I affix my signature to a document, knowingly giving my employer access to my medical records, there is no ethical breach.

    Privacy gains ethical valence when expectations of control and limits are violated. Even a deeper ethical violation occurs when bootlegged information is used in harmful ways. Concern for this latter abuse powered the passage of the Genetic Information Nondiscrimination Act of 2008 (GINA), which takes full effect in May of this year.

  • GINA

    GINA prohibits discrimination on the basis of genetic information (including both family history and genetic test results) in health insurance coverage and employment, creating tighter restrictions on the collection and use of genetic data than those in place for other types of medical information. Health insurers cannot request or require genetic information as a condition of coverage or use it to determine rates or to discover preexisting conditions.

    Employers cannot hire, fire, promote, or alter terms of employment based on a person’s genetic profile. GINA does not protect privacy per se but protects our interest in insurability and employment by restricting what sorts of decisions can be made on the basis of genetic data. It protects us from harmful discrimination. GINA explicitly exempts life insurance, disability insurance, and long-term care insurance from such restriction.

    GINA considers privacy not so much as an abstract principle, but as a contextualized, lived reality, i.e., genetic information is information of a different sort and ethically warrants a different set of limits. Privacy functions differently in different contexts and should be governed by the values and norms of the context at hand. Healthcare relies on access to information—deeply personal information—to effect successful research and treatment. Protecting privacy in the medical context is not tantamount to building a firewall but involves assuring informed consent, managing expectations, and protecting trust.

Related content