Every child with a tumour in the UK will have the DNA of their cancer sequenced to advance drug research in an attempt to catch up with treatment options in Europe and the US.

The initiative, funded with £1.5 million by the charity Children with Cancer UK, will provide children with screening and treatment which is more effective and less toxic.

The sequencing of tumour DNA will allow doctors to match drugs specifically to the genetic code of the cancer, therefore some children would not need to undergo unnecessary chemotherapy that might be ineffective for their tumours.

This example of precision medicine is not new. Previously, former US President Barack Obama launch the Precision Medicine Initiative in hopes of advancing biomedical discoveries and equip physicians with knowledge to select the best treatments for each patient.

These new initiatives aim to harness technology and genomics to create customised medicine, but in return, they require big data collection such as the medical records and DNA sequences of millions of people to allow prediction of which treatments work best for which patients.

But this comes with a price that is often overlooked in science and medicine - patient privacy.

Not all genomic data are regulated

Precision medicine is largely dependable on the medical histories and genomes of many patients. DNA profiles for example, carry a number of details of the medical background of individuals and even their family members.

There are existing laws to regulate the trade of gene data, which freely allow the exchange of genetic data. But many experts believe that it is not possible to de-identify the genomic data and medical information needed for precision medicine. In other words, for the information to be useful, there is no promise that the data could not be linked back to a patient.

Furthermore, the regulation of gene data only applies to DNA, not microRNAs, which has proven itself sufficient to draw conclusions about a certain patient, such as serious diseases and a general health profile. As such, these short molecules of ribonucleic acid are able to divulge more details about a patient's condition than DNA.

The regulation for DNA is also not as tight as it should be. It currently allows review boards to waive patient consent and allow researchers to label DNA sequences as "de-identified" data, making them void of privacy protection or oversight.

In the US, patient consent is required by doctors to test their blood. However, researchers are allowed to obtain the blood that is no longer needed for a patient's care, sequence the genome afterwards and upload the information on a research database, without the patient's consent or knowledge.

This is due to federal medical privacy and research laws assuming that there is no re-identification risk. But this assumption could have dire consequences.

Impact of medical data cyber attacks will expand in the future

Over the past decade, millions of people have had their medical data compromised by cyber attacks at hospitals, insurers and clinical laboratories. Most recently, the NHS has seen the medical records of 26 million patients being breached at 2,700 practices in the UK.

The impact of these cyberattacks is likely to increase when these records link to the genomic data needed for precision medicine. Unlike a credit card number, genome sequences are unique, permanent and irreplaceable when compromised.

The sequence data is a library of information about health risks, ancestry and sometimes, unexpected parenthood. If insurers have access to such data, it could deduce if a patient was part of a study and pinpoint individual diseases, which could have unwanted consequences.

The most concerning issue is that the electronic health records stored at hospitals and physician practices could include genomic data from patients when gene sequencing becomes common in healthcare.

Informing patients and tighter regulations are needed

With current regulations, patients need not be notified when their medical records are shared for research and researchers are also not held to specific legal requirements to protect the security of genomic and health data they research on.

While ethical guidelines for research recommend the practice of informing patients, especially of the possibility of re-identification through genomic data, patients are usually kept in the dark, unable to demand better security oversight of the privacy risks.

Researchers are also exploring new techniques to encrypt genomes without compromising usability for research, but unless research data security is tightened, patients will always be exposed to unreasonable and unnecessary privacy risks when their data is shared in the quest of precision medicine. MIMS

Read more:
Should pharmacists fully embrace personalised medicine?
Design thinking: an out-of-the-box approach to healthcare solutions
500,000 medically sensitive NHS documents went missing for five years