Is your genetic data safe? How to protect your genetic data in the era of phishing scams and data breachesVeronika Litinski, MSc Medicinal Chemistry, MBA
Everyone wants to keep their health information private and secure. It can be concerning to hear news about recent data breaches reported by financial institutions (CapitalOne, Desjardins), health services providers (LifeLabs), and genetic testing companies (Veritas). With the increasing access to affordable genetic testing options for consumers, how can individuals best protect their health information and reduce the risk to their private data? This article discusses important aspects of data privacy and protections that consumers can look for in genetic testing providers.
Genetic tests can provide predictive insights into many domains, such as ancestry (for $100+), inherited predisposition to disease ($700+) or your body’s ability to respond to many common medication treatments ($400+).
Individuals may wish to take a genetic test for many reasons, including health-related purposes. Canada enjoys some of the most progressive and thoughtful privacy legislation. The Canadian Parliament has clearly indicated that Canadians should not have to choose between potential discrimination and taking a genetic test, especially if such a test could improve their health and well-being. If they decide to undergo a genetic test, they should be able to do so without fear that their results will be used against them or compromise their privacy.
Sharing information with 3rd parties, such as genetic testing providers
The Privacy Commissioner of Canada provides a handy checklist of questions you may ask the genetic testing company. In essence, service providers should only ask you for personal information if it is essential to delivering the service.
It is a good idea to ask:
- What personal information will the company collect in addition to your biological sample? Are you satisfied with its explanation regarding how it will process and protect the data?
- With whom does the company propose to share your test results (e.g. researchers, pharmaceutical companies, marketers, patient groups, related or affiliated companies, etc.)? Have you been given the opportunity to consent to this voluntarily and in writing? You are within your rights to refuse such disclosures.
How Pillcheck protects customer privacy
From day one, Privacy by Design has been one of our core principles at GeneYouIn Inc, provider of the Pillcheck pharmacogenetic service. It means that our IT systems were designed from the start to:
- keep different types of data in separate locations for strong protection
- apply strong encryption
- facilitate secure sharing of your results with the healthcare providers based on your consent.
What is identifiable vs. de-identified data?
Identifiable data includes not only your name and contact information but also health information that can be linked back to you as an individual. This could be information about your health status, any healthcare you have received, or payments for healthcare.
Researchers know that sharing genetic and other information that has been stripped of personal identifiers is a powerful tool for clinical medicine and science. This kind of information is called de-identified. It can help accelerate understanding of genetic conditions, improve genetic testing, and advance research that may one day lead to cures for a variety of diseases.
But there are also potentially unintended consequences to widely sharing your raw genetic data — the As, Gs, Ts, and Cs that make up your genetic code. This DNA data includes your unique genetic code, and it also includes your ancestry data, which can point to relatives. You share a lot of your DNA with your parents and siblings, and less with more distant relatives. But by comparing an anonymous DNA sample with identified ones, researchers can triangulate in on a person’s relatives, and then, identify the person themselves. No wonder a popular consumer-oriented genetics company, 23andMe has seen fewer people opting into their DNA analysis, which fuels drug discovery programs for the company and its commercial partners.
Can Pillcheck information be reverse-engineered to be identifiable?
Ancestry tests use genomic arrays with over 600,000 different markers across 20,000 genes. Such broad testing is needed to provide an accurate estimate of your ancestry. Still, it also provides a unique genetic fingerprint for every person tested. Genetic information collected in the course of delivering the Pillcheck service is limited to a defined set of common biomarkers in 20 genes related to drug metabolism – not enough genetic information to be uniquely identifiable.
The rest of your DNA is not analyzed, and the remaining biological sample is destroyed after testing to preserve your privacy. The lab that analyzes the DNA sample has no identifiable information about Pillcheck customers stored in its systems. The lab tracks everything by a de-identified sample ID. All genetic data is anonymized, encrypted and stored separately from your personal data.
An individual’s genetics do not change over time. The Pillcheck report remains pertinent throughout an individual’s lifetime; to be referenced when new medications are prescribed or considered. We aim to provide lifetime value to customers with both up-to-date clinical guidance and an extended number of drugs. Your Pillcheck report is regularly updated to include more medications as new guidelines become available. To ensure traceability, reports have unique identifiers to indicate the version of the database referenced in the report. Updated reports become available to customers via the Pillcheck Portal.
To safeguard our systems, we conduct regular system testing and monitoring.
As with all accounts containing your sensitive health data, remain vigilant of potential attempts to compromise your secure Pillcheck account. Be alert for phishing scams or emails with convincing appearance, purportedly from a legitimate service provider, prompting you to download a fraudulent file or to visit a website, which has been set up to steal your information.
- DO use strong, unique passwords for your Pillcheck account
- Do NOT open attachments: Your Pillcheck report can only be downloaded directly from the Pillcheck Portal after you login.
- Do NOT keep copies of your report on your hard drive. Bookmark the Pillcheck Portal login (portal.pillcheck.net) and access your report online. It is a safer option, and this way, you will always see the most up-to-date version.
- DO contact us directly if you are not sure why you are receiving an email or if its contents appear suspicious, such as:
- You are being directed to a webpage that is not secure (i.e. missing S in the https://)
- A message conveying false urgency or threat of immediate consequences
- A message asking for personal information to be emailed back
- Pharmacogenetic tests can provide essential medical insights into your drug response and improve the safety and efficacy of your medication treatment
- Clinical grade testing assesses only a limited number of genetic markers
- The Pillcheck system is designed to protect your health data
Be vigilant with all online accounts.