The Genetic Data Gold Rush: Balancing Privacy and Health Outcomes

Using data to go faster is good for any business. But in pharma it means the ability to safely develop effective treatments faster, and at lower costs, which can drive better health outcomes for patients and create a sizable competitive advantage. However, the desire to accelerate business should not take precedence over trust and the responsibility to keep people’s most personal data safe and prevent costly breaches. 

Shortly after GSK announced a partnership with 23andMe and an R&D focus on data analytics, 23andMe announced it was also limiting third-party developer access to its genomic data starting September 6.

This should come as no surprise given the recent Facebook and Equifax fallout over the management of personal data. On the other hand, with over 5 million customers, the 23andMe genetic data could hold the keys to finding qualified trial participants and improving many health outcomes.

As pharmaceutical executives look to real world data and social determinants of health to aid in translational research, closing the gap from traditional clinical trials to real world efficacy, there are three foundational pillars to build from.

1. Trust and transparency

Drug companies that are extracting real world data need to be proactive in disclosing what they are doing with personal data, who they are sharing the data with, potential benefits and if it is being monetized. For example, in the 23andMe and GSK partnership announcement they focused on specifically what the data will be used for and included an entire section on how it will be protected.

When people lose trust, it’s usually because they find out their data is being used in ways they didn’t know about or, as in Facebook’s case, their data is liberally shared with third party developers. With GDPR, people now must consent to how their data is being shared, putting ownership back with the individual. Even so, consumers may just click “yes” to get on with their lives without fully understanding what they are consenting to. To avoid a public fallout like Facebook, it’s in companies’ best interest to develop and communicate clear guidelines on genetic data usage.

23andMe, in collaboration with The Future of Privacy Forum and other leading consumer genetic and personal genomic testing companies recently released the

Privacy Best Practices for Consumer Genetic Testing Services

. It’s a solid checklist on the road to building and maintaining consumer trust as long as these companies can adhere to the policies they enact – which relates to the next two pillars.

2. Granular data management

IOT, wearables, and even social media can hold valuable data for everything from drug trials to pharmacovigilance. In order to query for critical, new insights, it’s not enough to just find the data – companies must be able to integrate and manage it at its most granular level.

By setting up an IT framework that includes an operational data hub, companies can better govern, track and use data for advanced applications like machine learning and AI by freeing it from silos and creating a single version of the truth. 

Within the operational data hub, app controls around APIs and database capabilities such as element-level redaction and role-based access controls ensure organizations can share the right views of their data with the right audiences and maintain a principle of least privilege in order to prevent leakage, violation of policy and perhaps most importantly, a breach of trust.

For instance, if scientists want to look at genetic data as it relates to health habits, but don’t need to know whose data it is, they should only have access to the information and resources necessary to do the job.

These controls can also limit damage from insider threats and stolen laptops, but there’s more that can and should be done.

3. Security

Genetic data is at the core of identity and its unauthorized exposure is the ultimate breach. It’s easy to change a credit card number or password, but you can’t change your DNA (at least not yet). Genetic companies that fall victim to a breach are likely to lose consumer trust and participation, putting them at a competitive disadvantage. It’s not surprising that 75% of healthcare breaches are financially motivated.

As companies dig deeper into data, hackers are going deeper too, looking for new ways to compromise security and gain access to the most valuable data they can find in the easiest way possible. While there’s limited use currently for stolen genetic DNA, hackers could simply threaten to expose the private information with the hope of securing a ransom to avoid public backlash. Others speculate that everyone from insurers to police departments have reasons to poach data without consumer consent. Employees can also be a security concern. Healthcare is the only industry where the threat from inside is greater than that from outside, according to the Verizon 2018 Data Breach Investigations Report.

Pharmaceutical executives have to make sure they are staying one step ahead, which requires a clear understanding of what state-of-the-art cybersecurity is and how this applies to their data.

Compartment security and data auditing, encryption, as well as strict access controls and the strongest level of authentication that works with the organization’s existing IT infrastructure are all key to data security.

Of course, the easiest way to keep data secure is to not share it. That’s also the quickest way to sink an investment like GSK has made in 23andMe, and kill the tremendous potential impact on health outcomes. Fortunately, with the right data platform, tools and policies in place, companies can responsibly extract more value from these new and unique and datasets, gain competitive advantage and, most importantly benefit the very people who are willing to share their data to improve health outcomes.

Bill Fox is Chief Strategist, Global Healthcare, Life Sciences and Insurance at MarkLogic.