Fair Warning (Jack McEvoy #3)(20)

I next came across a more recent article in Scientific American that carried the headline “Who Is Buying GT23’s DNA?” The article was a sidebar to a larger story that explored the ethical and privacy concerns in the freewheeling world of DNA analysis. The writer of the article had found a source inside GT23 and obtained a list of universities and biotech research facilities that bought DNA data from the company. These ranged from labs at Cambridge University in England to a biologist at MIT to a small private research lab in Irvine, California. The article said that DNA from GT23 participants—the company did not use the word customers—was being used in studies involving the genetics behind a variety of diseases and ailments, including alcoholism, obesity, insomnia, Parkinson’s, asthma, and many others.

The variety of studies that the data from GT23 contributed to and the good that might come from it—not to mention the potential profits to universities, Big Pharma, and companies producing wellness products—were staggering. The article identified a study at UCLA that dealt with appetite satiation and the genetic roots of obesity. A cosmetic company was using GT23 participants to study aging and skin wrinkling. A pharmaceutical company was researching why some people produce more earwax than others, while the lab in Irvine was studying the connection between genes and risky behaviors such as smoking, use of drugs, sex addiction, and even speeding while driving. All these studies aimed at understanding the causes of human maladies and developing drug and behavioral therapies that would treat or cure them.

It all seemed good and it was all profitable—at least to the founders of GT23.

But the main article that ran with the sidebar threw a shadow over all the good news. It reported that regulatory enforcement of the billion-dollar genetic-analytics industry fell to the U.S. Food and Drug Administration, which until recently had taken a complete pass on those responsibilities. The article quoted a recent report from the National Human Genome Research Institute:


Until recent years, FDA chose to apply “enforcement discretion” to the vast majority of genetic tests. FDA can use such discretion when it has the authority to regulate tests but chooses not to.



The article went on to report that the FDA was only now in the process of formulating rules and regulations that would eventually be presented to Congress for adoption. Only then would any kind of enforcement begin.


Due to the rapid growth of direct-to-consumer genomic testing, and FDA’s mounting concern that unregulated tests pose a public health threat, FDA is modifying its approach. To this end, FDA has drafted new guidance to describe how it intends to regulate genetic testing. FDA “guidance” is different from laws and regulation in that it represents only FDA’s “current thinking” on a topic and is not legally binding for FDA or the parties it regulates.



I was stunned. The report concluded that there was virtually no government oversight and regulation in the burgeoning field of genetic analytics. The government was far behind the curve.

I printed a copy of the story for Myron to read and then went to GT23’s website to look for any acknowledgment that the services the company provided and the security it promised were not backed by government regulation. I found none. But I did stumble across a page that outlined how researchers could go about requesting anonymized data and biological samples and the fields of study the company supported:


Cancer

Nutrition

Social Behaviors

Risky Behaviors

Addiction

Insomnia

Autism

Mental Disorders (bipolar disorder, schizophrenia, schizo-affective disorder)



On the website the recipients of data and bio samples were called collaborators. It was all presented in a cheery, change-the-world-for-the-better pitch that I was sure was crafted to allay any potential participant’s concerns about anonymously putting their DNA into the great unknown of genetic analysis and storage.

Another section of the website contained a four-page privacy-and-informed-consent statement that outlined the anonymity guaranteed with the submission of one’s DNA in a GT23 home-sampling kit. This was the boring fine print but I read every word of it. The company promised participants multiple layers of security in the handling of their DNA and required all collaborators to meet the same levels of physical and technical protection of data. No biological sample would be transferred to a collaborator with any participant’s identity attached.

The consent statement clearly said that the low cost to participants for DNA analytics, matching, and health reporting was underwritten by the collaborating companies and labs that paid for the anonymized data. As such, the participant was agreeing to field requests from collaborators funneled through GT23 to maintain anonymity. The requests could range from additional information on personal habits to surveys in the specific field of study or even additional DNA samples. It was then up to the participant to decide whether to respond. Direct participation with collaborators was not required.

After three pages of outlining self-imposed security measures and promises, the last page contained the bottom line:


We cannot guarantee that a breach will never happen.



It was the lead sentence of the last paragraph and was followed by a list of worst-case scenarios that were “highly unlikely.” These ran from collaborator security breaches to the theft or destruction of DNA samples while in transit to labs sponsored by collaborators. There was one line in the disclaimer paragraph I read over and over, trying to understand it: