When Big Data & Infants' Privacy Collide

Healthcare Dives Into Big Data

For decades, hospitals have conducted blood tests on newborns, checking babies for various conditions, treatable and not. Today's less costly tests, genomic research, and technological advances, coupled with differing policies across states, worry some privacy and ethics advocates.

Whereas some states allow parents to opt-in for testing, others have an opt-out approach. Critics argue parents have little to no say in whether this data is collected, where and how long it's stored, and what organizations do with this information. Lower genome testing costs sparked debate about researchers' right to use this information; who should learn of infants' chronic conditions and when; and the type of data government, researchers, payers, or healthcare providers can cull. Other concerns surround the storage and transmission of data that's not de-identified and its potential theft.

"With genetic testing, you always have to find out the results. You need counseling. You deprive the child of genetic privacy forever," said Twila Brase, president and co-founder of the Citizens' Council for Health Freedom. "The only person who should sequence a person is the person."

[Two sides to the same coin. Healthcare Big Data: Blessing And Curse.]

Policies vary by state -- and by legislation.

In May, Minnesota Gov. Mark Dayton signed a law allowing the state to indefinitely store blood spots for future research. Parents can opt out. In New York, parents can decline testing for religious reasons, said the Wadsworth Center, NY Department of Health, which screens the state's newborns for more than 40 inherited metabolic conditions.

Opting out of a process, especially when parents typically receive a pamphlet on DNA collection within 24 hours of birth, is not informed consent, said Brase. In response to a lawsuit, Minnesota in 2011 destroyed all previously collected blood samples. Likewise, in 2009 Texas destroyed more than 5 million samples after plaintiffs successfully argued the state failed to get parental authorization. Parents, fearful their infants' DNA would be stored in perpetuity and potentially used by groups such as law enforcement or insurance companies, argued the collection violated constitutional protections against unlawful search and seizure. After this lawsuit, another family worked with the Texas Civil Rights Project to sue Texas regarding at least 8,800 samples that could not be destroyed because they were in the hands of the federal government for use in a DNA database designed to identify missing persons and solve cold criminal cases. This national database of mitochondrial DNA includes de-identified DNA information, Texas officials told the Texas Tribune at the time.

Some people wanted Texas officials to individually contact parents for retroactive permission to store the data. But that would have been expensive and time consuming.

"The state kept those blood spots, de-identified them, and then stored and used the blood spots for research. People found out about this and were upset because the government kept their infants' DNA without parental consent," Brenda Tso, a healthcare attorney at Khouri Law Firm told InformationWeek. "In reaction to the Texas Department of State Health Services blood spot fiasco, the legislature passed a law requiring that a disclosure statement be given to parents about their infant's blood spots being collected, stored, and used for research. Under the law, parents can request to have the blood spot destroyed. When the infant reaches adulthood, he can also request to have his blood spot destroyed."

As a result, millions of blood spots were destroyed, said Tso, who worked on public health legislation for the Texas House of Representatives in 2011.

Destroying samples after researchers conduct infant tests and allowing parents to opt-in to further testing would promote transparency and trust, privacy advocates have said. This way, healthcare organizations could continue checking babies for inherited diseases while preventing newborns' DNA from further use or inclusion in any database, state or national.

You've done all the right things to defend your organization against cybercrime. Is it time to go on the offensive? Active response must be carefully thought through and even more carefully conducted. This Dark Reading report examines the rising interest in active response and recommends ways to determine whether it's right for your organization. Get the new Identifying And Discouraging Determined Hackers report today (free registration required).