A Traditional Take
Patient privacy and medical record confidentiality are not new ideas in the medical industry. In the US, laws like the Health Insurance Portability and Accountability Act (HIPAA), protect patient privacy. Furthermore, the World Health Organization (WHO) recommends:
Giving people opportunity to see or hear all information about them that will be referred to other professionals
Not transmitting information via common phone, fax, email, or by postcard
Advises against storing information on computers with a common password
Only providing information to patients or relatives that have been granted access to the information
Allowing only individuals briefed in confidentiality to handle data
A Modern View
As genomic sequencing has become more affordable, both partial and full genomic sequencing have become more popular. Services, like 23andMe.com, have emerged that not only provide sequencing results, but also provide genetic analysis and predictions as well as a mechanism for genetic-based social interaction.
Furthermore, privacy in social networks has been notoriously liberal, and sites like Facebook.com are routinely under fire for privacy violations. Genetic data is inherently more sensitive that wall posts or photos, and 23andMe will undoubtedly receive attention and pressure as social features continue to ramp. There are also unintended interactions and consequences with any social network, and 23andMe must be committed to user privacy in favor of network virility.
Behind the Scenes
CREDIT: ALVARO ARTEAGA/ALVAREJO.COM
As costs of sequencing have decreased, but the amount of analysis performed on genomic information has also rapidly increased with the amount of new data. To avoid rising costs, an increasing percentage of both processing and storage has been offloaded to distributed cloud services. The savings and gains are substantial (almost 6 times for data storage); for example, Penn State used cloud service providers to perform analysis on one tenth of the human genome at a cost of $10 in about an hour. This is approximately four times faster than it takes to perform this analysis on site.
Storing genomic data in the cloud also has its advantages. Online storage means that public genome archives like GenBank need to be only stored in one centralized location, rather than replicated on private servers across the globe.
However, cloud services also have their draw backs. Shared machines and virtual instances are inherently less secure than dedicated servers on isolated networks; hackers and security experts have already demonstrated these flaws. Furthermore, cloud providers tend to believe that it is the clientís responsibility to secure their data and programs; these providers do not consider security a top priority, favoring features, performance, and low cost. Sensitive genomic data stored at these shared data storage facilities are certainly less secure than data stored on isolated and/or strongly firewalled servers. These stored data facilities may not meet strict HIPAA standards for privacy and also leave data open to more individuals including those unaware of the importance of confidentiality.
While there is a strong argument for moving computation and storage to the cloud, the technicians that moving these instances need to be aware of the sensitivity of the data and the new risks associated with shared distributed systems. The providerís commitment to privacy must be evaluated, and genome sequencing companies must be sure that cloud-based systems conform to privacy laws like HIPAA.
References and further reading: