By Mark D. Uehling
June 12, 2002 | Genetic knowledge is about to get personal, opening up new clinical vistas for medical research and legal minefields for privacy activists.
In the United Kingdom, the recently launched Biobank project intends to sign up 500,000 volunteers between the ages of 45 and 69, tap their blood, quiz them about their lifestyles and medical histories, and log the information into a database that will be a mother lode of genetic, genomic, and genealogical information. The project has received initial funding of about $66 million and will be run by the British government and the Wellcome Trust, the country’s largest medical philanthropy.
Michael Dexter, director of the Wellcome Trust, is ready to go. “I, for one, would be willing to become a volunteer and donate my DNA to the study,” he says. “I may not reap the health benefits in my lifetime, but those of us contributing to the project can rest assured that our involvement will provide a better life for our children and grandchildren.”
In Boston, shortly before the Biobank announcement, similar news emerged from Massachusetts General Hospital and Brigham and Women’s Hospital. A new database at the Harvard-Partners Center for Genetics and Genomics (HPCGG) will hold information on about 300,000 patients, including 200,000 DNA samples.
Pass the Mayo
Earlier this spring, the Mayo Clinic in Minnesota unveiled a plan to create a database of medical records from 6 million existing patients, as well as 500,000 new patients who check into the Rochester-based facility every year. “We're very interested in correlating genotypic data to phenotypic data and making novel discoveries that can help our patients,” says Scott A. Beck, administrative project manager at the Mayo Clinic.
All of the databases aim to tease out the connections between three types of knowledge: conventional patient data, such as a routine diagnosis of hepatitis; genetic or genomic data, such as a test for hepatitis; and any new scientific understanding about groups of patients with the same disease, such as the discovery of the same liver gene in mice and humans. Ultimately, doctors could use the databases to discover a new treatment that will work on anyone with a certain set of genetic traits.
The database designers promise to strip varying amounts of biographical details from the data before they are shared with other scientists and to encrypt the data to protect against hackers --- measures intended to safeguard the privacy of patients.
Indeed, each of the new projects is trying to dodge some of the thorny privacy issues that embroiled the first big genetic database, created by deCODE Genetics in Iceland. That company has compiled genealogical and medical data (licensed from the Icelandic government) on virtually the entire populace, helping it to uncover the locations of several interesting disease genes, including those associated with rheumatoid arthritis, osteoporosis, and breast cancer. deCODE has attracted cash from investors and pharmaceutical companies. Roche is paying an estimated $300 million over five years for the rights to a dozen or more disease genes.
But deCODE has attracted more than a few critics at home and abroad, who are lobbying the Icelandic public and medical profession against participating in the databases. So far, some 20,000 Icelanders (about 7 percent of the population) have elected to opt out of the deCODE database.
Perhaps the biggest issue is consent. To wit: If a patient gave consent for a medical test in 1994, is his or her blood, clinical data, or DNA fair game for inclusion in a genetic database? Most hospitals assume it is.
“People get unduly inflamed around consent,” says Randy Mason, chief administrative officer of HPCGG. “We have to put a tremendous amount of effort into the consent issue.” He says the policy with the database at Harvard Partners is the same for any research project or medical treatment: “At any point, patients can opt out.”
For the patients in the HPCGG database, at least initially, that may be the last thing on their minds. Some are members of long-running research studies, such as the Framingham heart trial. Or they are physicians and nurses, and well aware of the fact that 150 people, on average, see a patient’s medical chart during a routine hospital visit, according to the New England Journal of Medicine. These medical professionals understand that privacy is limited.
The HPCGG database may not be comparable to the Icelandic database, which has a wealth of genealogical data going back centuries, but it will contain intimate, long-term, fine-grain detail about the medical histories and living habits of its subjects. “Everything you want to know about them is captured,” Mason says. “It is a gold mine.”
What those subjects may not appreciate, says George Annas, professor of health law at Boston University, is the potential impact on a patient’s relatives and descendants. The author of The Rights of Patients, Annas says that privacy-minded federal laws like the Health Insurance Portability and Accountability Act will not protect anyone, living or dead, whose bodily fluids or family history wind up in a database. “The potential for discrimination is real,” he says. “You need strong privacy protection and anti-discrimination protection. Right now, we have neither.”
Annas continues: “This is very sensitive. It’s even more sensitive than the diseases you have today. It’s about the diseases you have tomorrow.” In Iceland and the U.K., the national health system ensures that anyone with a disease will receive medical care. In the United States, however, genetic databases could effectively become indelible medical rap sheets -- akin to biological credit reports --- that could haunt one’s relatives, children, and grandchildren.
Annas is skeptical of the main reason the database proponents say the public should not be alarmed: the Institutional Review Board, or IRB. In theory, an IRB at Harvard or the Mayo Clinic is supposed to protect the privacy of patients in a database by evaluating all research proposals. But in practice, Annas says, such boards tend to be chummy. The typical IRB “is shot through with conflicts of interest and everybody knows that,” he says. Annas doubts there will be any oversight of any of the new databases unless Congress provides it.
Some Americans spurn the protection of privacy activists and appear eager to participate in the world of medical research. DNA Sciences Inc. of Fremont, Calif., has signed up 13,000 in its Gene Trust Program. The enrollees will voluntarily contribute their blood samples for research purposes. Opting out is possible, but few have done so, the company reports.
In a “bill of rights” for Gene Trust volunteers, DNA Sciences states: “Your personally identifying genetic information will never, under any circumstances, be sold or shared with anyone outside the Gene Trust.”
That begs the question of how useful the scientific information in the database will be. If a genetic database serves as the foundation for a new medical treatment or pharmaceutical product, in the standard workings of the scientific process, some portion of that database’s information is going to be disseminated in the scientific and and regulatory communities. Theoretically anonymous patients in databases could become identifiable.
Whether patients greet their notoriety with acclaim or horror remains to be seen. Twila Brase, president of the Minnesota-based Citizens’ Council on Health Care, worries that genetic databases could someday affect how candidly patients communicate with their doctors: “You want a close-lipped patient?” she asks. “Start telling them they don’t have control of where their data goes.”
Sidebar: Mayo’s Middleware Solution: IBM
The Mayo Clinic patient database project is large, as it has to be for an institution with $3 billion in patient revenues and 44,000 employees. As a partner, the Mayo picked an IT company with equal heft in Rochester, Minn.: IBM. “This project evolved as a collaboration,” says Scott Beck, administrative project manager at the Mayo. “Is there enormous complexity? Yeah.”
Beck notes there are a variety of computer platforms, operating systems, and applications at the medical facility. An example: several different existing databases, including IBM and Oracle software. To knit it all together, IBM and the Mayo have assembled a team of 40 people from both organizations dedicated to building the database.
The mammoth design challenge for the Mayo will be to combine a huge reservoir of patient data --- not to mention the exploding volume of genetic and genomic data --- in a way that leads to new scientific insights. Once the new database is built, the Mayo’s 2,700 staff physicians and scientists will be able to tap decades of information on Mayo patients using some intriguing software.
The key to the puzzle may not be the main database software --- IBM’s DB2 -- but a companion middleware application called DiscoveryLink that expedites the retrieval of information. DiscoveryLink grew from IBM’s realization that, as the Internet blossomed, the categories of information were growing faster than customers’ ability to draw upon them.
“The key data sources are growing too rapidly to warehouse,” says IBM’s Laura Haas, one of the architects of the software. “As we go from genomics to proteomics, it’s going to get a hundred times worse.”
Haas notes that researchers may be forced to retrieve some data from a particular data island manually, or laboriously transfer all the contents of one island to another, larger repository. So DiscoveryLink is designed to extract data from different computer platforms, database formats, and the Internet.
IBM calls its approach a “federated” database and says it is a more practical way forward in a world of varied data sources. DiscoveryLink works with SQL commands and software wrappers, which are written in a non-proprietary format, allowing DB2 to talk to other databases down the hall or across the country without altering the underlying information.
“Federation is essential,” Haas says. “We're never going to a world in which all data is in one warehouse. Our database is the only one that can access all the data out there, including Oracle, Sybase, Microsoft. Nobody else is doing that. What we’re doing is letting the Mayo leverage the investment they already have.”