Home DNA kits are extremely popular now. Bringing DNA and genetic testing to the home market is a huge advance in science and technology, but what are the risks?
Current testing methods allow a researcher with a DNA sample to find out information on ancestry, ethnic origin, medical history, diseases that could be inherited and even skincare and diet recommendations. The kits are a bit pricey but have come down significantly and during the 2017 holiday shopping season, they were a trendy gift for friends and family who were interested in genealogy research.
The companies that offer these tests are private companies, but once they have analyzed a DNA sample sent in by a customer, what happens to that data? That is the question many are asking since the kits became such a hot seller.
Think about the information that can be gleaned from a DNA sample. It's literally a person's entire health fingerprint, but unlike prints, it reveals much more. Companies who test the samples sent in are acquiring huge databases of information. While many Internet users never read the privacy policy on websites, it's a safe bet that people who purchase the at-home genetic testing kits also have not fully investigated the fine print in the agreements the companies post. There are laws that cover privacy for patients and healthcare providers, as well as laws that cover financial records, school records, and medical information. Companies like 23AndMe and Ancestry fall outside the purview of these laws.
Many might think that the information that is provided in these kits is harmless and of no use to hackers, but that isn't the case. Data on possible disease risks, past illnesses, and other medical conditions could do enormous damage in the wrong hands. Currently, the HIPAA statute only protects medical information that is used by doctors and health professionals who treat patients. The Genetic Information Nondiscrimination Act only protects genetic information from being used in a discriminatory way for employment purposes.
While data that's collected on shopping habits, web surfing, and other online activities can be anonymized easily, genetic data is unique to each individual, there is simply no way to mask personally identifiable information. The issue has complications for legal proceedings as well. Recently, a case that had gone cold for decades, that of the Golden State Killer, got hot again when investigators found a match to the suspect's DNA they had from one of the crime scenes on a public genetic data website called GEDMatch. Users of the site usually upload the DNA results they have from having used a home kit and the site is used to find people to whom a user might be related.
While it was never intended to be used for law enforcement, the detectives in the case had the suspects DNA via an authorized process, so they went for it. While they did not find Joseph James DeAngelo in the GEDMatch database, they did come across near matches, which indicated individuals related to him. DeAngelo was arrested in April 2018, largely as a result of the information found via the online DNA kits some of his relatives used.
Check out the video below for more information on how to keep your health information secure.
Sources: Newsday Pacific Standard Magazine The New York Times