How Blockchain Can Protect Your DNA Information
By R Tamara de Silva
2018 has seen many pundits proclaim the death of cryptocurrency and the permanent supremacy of fiat currency. But there is a third currency class that continues to make its ascendency-largely by stealth. This is the currency of data and it now includes your DNA information.
As you read this, most aspects of your private life including your health history, psychological history, sexual orientation, proclivities, what you watch, read, where you travel and exactly how you spend your money, how much money or debt you have, etc., have been bought and sold not only by the obvious suspects like Facebook, Google and Amazon, but thousands of data brokers like Acxiom, you may never have heard of. Acxiom states that is owns 1,500 parts of information on over 200 million Americans. Data is the new currency and its uses are only just beginning to be monetized. One way you may not realize you are being bought and sold, is your genetic data-your very DNA. The solution to this ultimately can from blockchain technologies.
If you are not bothered by sharing every aspect of your personal life already and perhaps think the terms of service agreement that must be signed inorder to use a rewards program or Facebook is worthwhile, you may nonetheless think that the selling of your DNA data is a bridge too far. If your DNA is not exclusively your own, then arguably what is? Where have the boundaries of privacy gone?
Unfortunately, the law has long lagged technology and it has been unable to keep pace with it. The General Data Protection Regulation(GDPR) was adopted in the EU in 2018 and it promises to give Europeans more control over how their data is collected and used by third parties. This is a start but there is no commensurate protection at the federal level in the United States. When it comes to a right of privacy and meaningful ownership and protection of your identity, as defined by your information footprint, the law is still dealing with cell phone towers and wiretaps. The law may catch up one day but the proverbial horse is already out of the barn.
DNA test kits are a booming business for people and even their pets. Critics point out that the science does not in all instances match all the hype and people are susceptible to misunderstanding what the results of a genetic test actually mean, especially when making healthcare decisions based upon it. For example, testing positive or negative for a mutation like BRCA1, as offered by 23andMe does not mean a woman will get breast cancer-it is just one of many other factors that likely should be interpreted under medical supervision and a genetic counselor. Still genetic testing has the allure of telling us about our past and identity in a way that nothing else can.
There are uses of genetic databases that allow for the identification of killers and rapists in a way that the conventional use of DNA by law enforcement run through existing forensic databases cannot. Geneologistics are using long range familial searching to identify suspects who may not be in CODIS or any other forensic database. The opensource genetic database GEDMatch was used in 2018 to catch the Golden State seriel killer, who evaded being identified for 40 years.
There are downsides to consumer genetic testing in terms of security and privacy. For example if you consent to have your genetic information used for research, your information albeit anonymized, is sent to research partners and for-profit research partners. The testing companies are paid by third parties for your data even if you consented to share it for the sake of research-companies like 23andMe will profit from selling it. It is unclear what protections exist if any, to prevent any subsequent reselling of this same data.
Another risk is that when your DNA information is given to a private company, it can be hacked. This happened in 2018 when 92 million consumer accounts were exposed by a hacking of MyHeritage.
There is one protection in existence-the Genetic Information Nondiscrimination Act of 2008 (GINA). GINA proscribes an insurance company or employer discriminating against you based on your DNA evidence. This protection is better than nothing but does nothing to address privacy, nor does it give you a way to delete your DNA information once it is out there. You are also providing it to law enforcement, which can and does request it from the DNA testing companies.
The solution: Blockchain and EHRs
Blockchain has the ability to solve this problem perhaps more artfully than the law by encrypting a person’s electronic health record (EHR) and giving that person exclusive control over it. If a blockchain is used for EHRs, instead of disparate healthcare providers and testing companies storing their own copy of your data, you would grant conditional, time limited access for a pre-determined purpose by giving them your public key. Genetic information and results would be included in this health record and put on a blockchain. Each change to an EHR is auditable and secure. Instead of multiple healthcare providers storing your records across different silos, including the servers of consumer DNA test kit providers, you the patient would grant time limited access to the relevant parts of your health and genetic data-access which would be withdrawn once the purpose for granting it is filled.
This would change the terms of service agreements with current DNA testing companies such that the results of your testing could be far better curated and protected from reselling and subsequent trafficking. From a cybersecurity perspective, having EHRs on a blockchain would eliminate a single point of vulnerability as it would not be possible to hack a single point of data without simultaneously hacking all the other data in the chain’s chronology.
London based, Medicalchain, is working on just this idea. The Mayo Clinic has partnered with Medicalchain to explore possible implementations.
Among the more than 85 companies in the EHR space, many are trying to architect or adopt blockchain solutions to ultimately make the sharing and accessibility of EHRs more efficient and more secure. It makes sense to add genetic information to a person’s EHR and make them the exclusive owner of this information.
Another benefit of bringing blockchain into this issue, is that instead of allowing genetic testing companies to profit from your genetic information, you could choose to monetize it yourself. Having control over your own EHR would mean that you could sell or share parts of it for research, eliminating the middle man and data brokers. Hopefully, their profits could be yours.
The law may be the clumsiest solution to this issue and it may take quite some time to get there. Blockchain could solve it.