Victims' families cheered when California police tracked the alleged Golden State Killer using data from a commercial DNA company. But an Alabama scientist warns the "Wild West environment" around that DNA testing needs oversight.
Dr. Thomas May, a researcher at the HudsonAlpha Institute for Biotechnology in Huntsville, breaks down the issue in a new "Perspective" piece in the New England Journal of Medicine. May is also a research professor at Washington State University in Vancouver.
The Golden State Killer suspect did not submit a DNA sample for testing, May writes in the article. Police sent genetic data from a crime scene to an unidentified company and "had it matched to relatives," he writes, "then followed the family tree to the person who was eventually arrested."
That couldn't happen with DNA collected in a medical setting, May says. The Health Insurance Portability and Accountability Act (HIPPA) and the Common Rule governing human-subject research require laboratories "to protect health-related information." DNA testing isn't health care, he writes, but it comes from health technologies and "presents privacy risks similar to those associated with health-related genetic screening."
If concerns about possible misuse of DNA information aren't addressed, May writes, genomic medicine may be stalled. And minority populations "with a history of being treated oppressively by law enforcement ... may hesitate to have their DNA included in data bases or participate in genomic research."
May said DNA testing to discover "geographic ancestry" is different - and less risky to privacy - than testing to match DNA "to specific related people." He gave the example of a company that offers free testing to adoptees to find birth relatives. May agrees adoptees have a right to basic birth records and heritage information. "Yet there are myriad reasons why birth parents may not wish to have their identity revealed," he writes, adding, "our approach to assisting adoptees will have to grant birth parents' desires due respect and carefully address the pyschosocial ramifications of revealing their identities."
HIPPA-level privacy protection would "cripple" the DNA testing industry, May writes, but some protection should be possible. "Regulatory oversight is needed to ensure the privacy of genetic information, determine who should be allowed to submit someone else's sample for testing and for what purposes, and guide the drawing of inferences from DNA results and the relaying of information to persons other than the DNA source...," May says.