I don't share my genome with my doctor because they don't need it (yet; also, EPIC and Apple Health don't really support OAuth to 23andme for grabbing the raw file). I have used 23andme, as well as my entire family, and have opted us all into their research. We make this choice voluntarily and in an informed manner. I am willing to trade genetic privacy (which is tenuous at best, I leave DNA everywhere as a human) for progress. Same reason my genome (as well as a sibling's) is public on Harvard's Personal Genome Project. I have a shelf life, but research lives on.
I don't believe myself to have been duped. I've made concessions based on priorities. Would I prefer this work be done, publicly funded, by the NIH and other non-profit researchers? Absolutely. Am I willing to wait for perfection? Absolutely not. Federal law currently protects your DNA data from employers and insurance companies. If you find that to be insufficient, run for office.
Disclaimer: Interviewed and was offered a role at 23andme a lifetime ago (2011), no other affiliation besides being a satisfied customer.
If you want progress give your genome to your local uni so they can pass it on to researchers, not to a comic book badguy profit seeking pharma giant like GSK who will totally sue the shit out of anyone else who uses it without their go-ahead.
See my comment above where I contributed my DNA to Harvard’s genome project. I approve all requests to use it in partner studies. Not sure what else you’re expecting, but my opinion is that your expectations are unrealistic.
If you don’t like the law, fix the law. If you have evidence a drug company or data provider violated the law, report them to your attorney general.
That's incorrect. HIPAA compliance only requires consent between patient and provider. Provider can choose to share that data with other providers. This is how Google purchased medical records by partnering with Ascension.
If you are covered under 42 CFR Part 2, then it would not be allowed because the patient has to give consent to ALL parties.
> Provider can choose to share that data with other providers
Not without express consent. The default is 0 hops. Same rules applies for banking info.
You want to share with someone else? You have to ask for consent again. A lot of people did unknowingly sign up to have their data shared like you say though, which I think is a regulatory failure more than anything else.
In the US, HIPAA allows your medical data to be shared without your express consent as long as certain conditions are met. Generally, they are that the data must be used to help your provider meet a legitimate medical or business need, and they have to have a contract with the entities they share with that constrains their use of that data.
HIPAA compliance has a lot of ambiguity. You are correct if, say, your employer requested medical records from your doctor. However, any entity that works with your provider that is facilitating its business can still get your data without your consent.
JohnFen's comment is correct. This is why 42 CFR Part 2 was created; HIPAA was too loose with patient data.
