23andMe Advances Its Goal of Creating Commercialized Database from Consumer Genetic Testing

On January 12, 23andMe announced an agreement with Pfizer to provide the drug company with access to anonymous, aggregated information from consumers who bought 23andMe’s test over the past seven years to learn about their own genetic history.  This furthers 23andMe’s plan to become a repository for human genetic makeup and to turn data gathered from its $99 saliva tests sold to consumers into a large information sharing deals with drug companies.  However, the creation and use of this database raises potential privacy concerns.

About two-thirds of 23andMe’s 800,000 customers have agreed to let their test data be used for research.  23andMe collects deeply personal information which includes the customer’s genome, the information provided when registering for the site such as name and email, sex, date of birth, credit card number, and the results of any health or behavior-related quizzes on their site.  When consumers who bought the kit return to 23andMe’s website for results, they are prompted to answer more questions about themselves.  The company claims that the additional information can help researches make more connections about people’s characteristics and their health.

While 23andMe is not a covered entity subject to the Health Insurance Accountability and Portability Act (HIPAA) it has put in place certain privacy protections.   The company outlines their privacy obligations in a detailed privacy policy and only sells information from those customers who have given their consent to do so through a consent form.  The company removes customer names when selling data.  Customers of 23andMe give their consent by checking on a box and it is unclear if customers fully understand the repercussions of doing so.  Additionally, if companies such as 23andMe are able to make selling this information possible there are concerns that authorization for the customer’s names could be included on consent forms and then be included in future data sets in order to provide a better product to companies.

It is unclear how this type of data collection will be used in the future.  However, it will be important to ensure that consumer privacy is not eroded when the focus of the company shifts from providing genetic testing services to customers into providing large companies with databases of consumer information.

Leave a comment

Filed under Health Information Privacy, Privacy and Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s