Fostering public engagement in the ethical and social implications of genetic technologies

Care.data, Genomics, and the Launch of 'Accredited Safe Havens'

  • Published in Blog

The decision to roll-out Care.data and the proposal to launch 'Accredited safe Havens' across the UK, gives compelling reasons to support the EU's strengthening of the data protection regime. 

Following the announcement that Care.data will be rolled-out across England, a further, even more significant development is the proposal to launch ‘accredited safe havens’ (Ash). As a defining moment in the governance of personal information, ‘accredited safe havens’ will render obsolete the need to seek approval from the Secretary of State for Health and, in the case of medical research, by a research ethics committee or the Health Research Authority. This will make personal identifiable information easily accessible without a person’s consent and for purposes ‘other than direct care’. 

Circumventing the legal instruments that have been germane to information governance hitherto, such as the Human Rights Act (1998) and the Common Law Duty of Confidentiality, ‘Safe Havens’ make an already permissive information governance regime even more congenial to Government and private sector interests. An example of an ‘Ash’ is the Health and Social Care Information Centre (HSCIC), through which Care.data will be shared. Although the Department of Health (DoH) has claimed that (Ash) is only intended to provide access to records that have been stripped of personal details, elsewhere the DoH affirm that ‘safe havens’ will provide access to information from personal care records which could be used to identify an individual.

This further weakening of privacy law is discordant with reforms to the EU data protection regime that are currently underway. In effect, the proposed EU regulation will replace the existing Data Protection Directive (1995), and will be directly applicable in member states without the need for implementing legislation. Following a European Parliament vote earlier this year, substantive amendments to EU privacy law are now irreversible. And, as for the direction of travel, it is clear that the rights of data subjects will be strengthened. Article 7 of the proposed regulation is of particular salience: it stipulates that for consent to be valid the data subject must give explicit consent. 

Clearly, there are deep tensions between the expected fortification of EU privacy law and the UK’s agenda, the main focus of which is economic growth. The latter, given the controversies surrounding Care.data, affirms the need for a renewed discussion about the kind of considerations that should hold sway in the domain of information governance. Indeed, the EU is approaching the matter in the right way by attempting to answer this question through democratic means. 

As the EU’s ‘hostile reforms’ require that any disclosure of identifiable information secures a person’s “specific, informed and explicit consent”, its impact would be felt on the well-documented sharing of personal, identifiable medical data. With Bupa, a private insurer, and, once established, the regional ‘accredited safe havens’, the Government has been doing its best to undermine these changes. However, EU data protection reform would also have substantial consequences for Care.data and the 100,000 Genome Project. Indeed, the Secretary of State for Health recently confirmed that Care.data will be linked with the 100,000 whole-sequenced genomes. This fits with the Government's apparent plans to make the UK into a world leader in the biosciences, and, ultimately, integrate personalised medicine into mainstream healthcare.

A Freedom of Information disclosure by the DoH to EthicsandGenetics reveals that, when the 100,000 Genome Project “concludes in 2017, there will be sufficiently robust genomics infrastructure in place to ensure that genomic medicine will be carried out routinely in the NHS.” So the spectre of personalised medicine looks to come sooner. And so too, will the commercialisation of whole-sequenced genomes, connected to Care.data, and their storage on ‘accredited safe havens’. Indeed, as Genomics England will own the 100,000 whole sequenced genomes, and when this data is stored in safe-havens, the public will have little control over the purposes for which such data are used.

The body tasked with providing ethical guidelines in the 100,000 Genome Project, the Ethics Advisory Group, stated that it has the “potential to bring real benefits to individual patients and their families, to the NHS more broadly, and to the UK economy.” Further, NHS England has claimed that the “research opportunities and mainstream use of genomic medicine across the NHS also has a major contribution to make to wealth creation and economic growth in this country.” It seems that, if even the Ethics Advisory Group has the economic benefits of commercialising genetic data as a central concern, we can expect a tug-of-war regarding what kind of considerations should have primacy in the governance of highly sensitive, personal information between the UK and the EU.

As we know, Government, ‘big pharma’ and the higher echelons of the private sector have deeply interwoven interests. And with Google looking to become a player in personalised medicine, and 23andMe, the Google-backed and much-maligned DNA analysis company intent on selling its products in new markets, maybe there is good reason to support, rather than undermine, the EU’s data protection reforms. 

 

Edward Hockings

Read more...

Care.data and exercising our right to democracy

  • Published in Blog

We have until March to opt out of the care.data initiative. The "theoretical risk" that we might be reidentified from our personal data once it is made available to third parties is a compelling reason to opt out. However, this is not the only reason. Care.data is part of a major legislative programme that includes the Clinical Practice Research Datalink (CPRD) and the 100,000 genome project – through which whole-sequenced genomes will be put to commercial use. These major infrastructural developments have been accompanied by radical changes to privacy law that have resulted in a cultural shift in the governance of information.

These sweeping changes in privacy law were introduced without consultation, and the risks they entail will be borne by those whose medical records may be accessed without their consent. How did we get to this point? Fourteen years ago, written evidence by SmithKline Beecham to the Select Committee on Health, House of Commons, advanced the view that the “NHS represents a singular but under-utilised resource for population genetics, and healthcare informatics more generally.”

In 2007, further written evidence to the Select Committee on Health, House of Lords, by the Association of the British Pharmaceutical Industry, stated that “there is an international race for benefit and competitive advantage in research where the UK could have a significant Unique Selling Point (USP).” By 2008, a major legislative programme to secure this competitive advantage was well under way. As part of the NHS National IT Programme, electronic medical records were rolled out across England and Wales on an opt-out basis. 

Although parts of the NHS National IT Programme were discontinued, the ambition – to quote from the Plan for Growth 2012 – of “using e-health record data to create a unique position for the UK in health research”remained unchanged. The CPRD, which provides data services to the research and life sciences communities, was established in 2008. And in the summer of 2012, and in response to a Freedom of Information request, the Department of Health confirmed that they are to establish a “central repository for storing genomic and genetic data and relevant phenotypic data from patients”. Further correspondence led to a clear statement of the government’s position with respect to the uses of the whole-sequenced genomes held on the national repository: “We plan to capitalise on the UK’s strengths in genomics. The UK is well placed to play a world-leading role in this next phase of the biomedical revolution.” One of the “purposes of the initiative is to support the growth of UK genomics and bioinformatics companies". 

Later that year, the government announced that the genomes of 100,000 people were to be sequenced over the course of three to five years. Genomics England, launched by the Department of Health in 2013, was to oversee the sequencing of the personal genomes and the creation of a dataset of “whole genome sequences, matched with clinical data … at a scale unique in the world”. 

In addition to these developments, radical changes to information governance, such as Section 251 of the NHS Social Care Act (2006), were introduced. Overriding the common law of confidentiality and Article 8 of the Human Rights Act (2008), Section 251 makes it possible to access people’s medical records without their consent. An equally significant development was the introduction of the Health & Social Care Act 2012, through which patient-identifiable data can be made available, via the NHS Commissioning Board and the HSCIC. So we now have care.data, and the decision we face about whether or not to opt-out.

Focusing initially on rare inherited diseases, the 100,000 Genome Project began the first phase of sequencing in December 2013. The role of the recently established Ethics Advisory Group is to provide the ethical guidance, and it acknowledges that “irreversible de-identification of whole genome sequence cannot be fully guaranteed for technical reasons”. In respect of limiting the kind of research conducted on the repository data, the Ethics Advisory Group claims that “it would be impractical for it to be possible for patients to place restrictions on the research undertaken on the data, for example by limiting it to ‘non-commercial research.’” As the current legal framework provides no determinate guidance regarding what are acceptable uses of whole-sequenced genomes, the ball really is in the Ethics Advisory Group’s court.

Following a request from the Secretary of State for Health, a major independent review of information sharing was launched, called Caldicott2. Through democratic consultation with all relevant stakeholders, Caldicott2 might have provided a timely, non-partisan assessment of the information governance regime. However, prior to the publication of the Caldicott2 recommendations in March 2013, the government’s Strategy for UK Life Sciences 2012 had already made it clear that it would move to “a more progressive regulatory environment”.Caldicott2 was therefore never going to be able to meet its aspirations to give the public a stake in deciding whether or not information would be shared.

As the Caldicott2 report claims that “genetic information should not be treated any differently from other forms of information”, can we expect a laissez-faire approach to whole sequenced genomes?

By choosing to opt out we are making an appeal to our right to democracy. We will soon face a scenario in which medical records will be linked to the whole-sequenced genomes of the population of England and Wales. The sheer scale only augments the associated risks, and when commercialisation appears to be the driving force, we find ourselves in uncharted territory. Therefore, it is more than just opting-out, but rather, taking a stand on what kind of society we want in the future.  

Edward Hockings

The Guardian version of this article can be found here.  

 

Read more...
Subscribe to this RSS feed

EthicsandGenetics Twitter Feed

heikki_saxen
heikki_saxen Tech’s Ethical ‘Dark Side’: Harvard, Stanford and Others Want to Address It nyti.ms/2BSOEJu

Retweeted 1 week ago via Twitter Web Client • 4 retweets

Ethicsand
Ethicsand Primitive human eggs matured in the lab for the first time newscientist.com/article/216067…

2 weeks ago via Twitter Web Client • 2 retweets

Most Popular