Scholarly article on topic 'Genomic knowledge sharing: A review of the ethical and legal issues'

Genomic knowledge sharing: A review of the ethical and legal issues Academic research paper on "Law"

CC BY-NC-ND
0
0
Share paper
Academic journal
Applied & Translational Genomics
OECD Field of science
Keywords
{"Genomic information" / "“Big data”" / Confidentiality / Discrimination / "Informed consent" / "Duty to warn"}

Abstract of research paper on Law, author of scientific article — Leslie P. Francis

Abstract The importance of genomic information for care of individual patients and for the development of knowledge about treatment efficacy is becoming increasingly apparent. This information is probabilistic and involves the use of large data sets to increase the likelihood of detecting low frequency events. Duties and rights of patients with respect to this information have been much discussed, including informed consent to the use of individual information, privacy and confidentiality, rights to know or not to know, and individual ownership of information about themselves. But this is only one side of the information equation. On the other side of the equation are duties of information holders: malpractice and duties to warn, responsibilities of data stewardship, intellectual property and ownership, reciprocity, and justice. This article argues that if we take duties of patients to share information seriously, we must also consider duties on the part of information holders about how they protect and use information.

Academic research paper on topic "Genomic knowledge sharing: A review of the ethical and legal issues"

Contents lists available at ScienceDirect

Applied & Translational Genomics

journal homepage: www.elsevier.com/locate/atg

Review

Genomic knowledge sharing: A review of the ethical and legal issues

Leslie P. Francis

University of Utah, United States

CrossMark

ARTICLE INFO

Keywords:

Genomic information "Big data" Confidentiality Discrimination Informed consent Duty to warn

ABSTRACT

The importance of genomic information for care of individual patients and for the development of knowledge about treatment efficacy is becoming increasingly apparent. This information is probabilistic and involves the use of large data sets to increase the likelihood of detecting low frequency events. Duties and rights of patients with respect to this information have been much discussed, including informed consent to the use of individual information, privacy and confidentiality, rights to know or not to know, and individual ownership of information about themselves. But this is only one side of the information equation. On the other side of the equation are duties of information holders: malpractice and duties to warn, responsibilities of data stewardship, intellectual property and ownership, reciprocity, and justice. This article argues that if we take duties of patients to share information seriously, we must also consider duties on the part of information holders about how they protect and use information.

© 2014 Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license

(http://creativecommons.org/licenses/by-nc-nd/3.0/).

Contents

1. Genomic information about individuals....................................................................................................122

1.1. Genetic information and identifiability..............................................................................................122

1.2. Informed consent................................................................................................................122

1.3. Privacy and confidentiality........................................................................................................122

1.4. Rights to know and not to know....................................................................................................123

1.5. Data ownership..................................................................................................................123

1.6. Summary........................................................................................................................123

2. Responsibilities of information holders....................................................................................................123

2.1. Malpractice and duties to warn....................................................................................................123

2.2. Data stewardship................................................................................................................124

2.3. Intellectual property..............................................................................................................124

2.4. Reciprocity and justice............................................................................................................125

2.5. Summary........................................................................................................................125

3. Conclusion..............................................................................................................................125

References..................................................................................................................................125

The importance of genomic information for patient care is increasingly apparent (Institute of Medicine, 2012). Genomic information may be helpful in assessing the likelihood and possible extent of therapeutic response, the possibility of treatment side effects, the risks of drug-drug interactions in a particular patient, and the need to monitor for disease prevention, among other factors. Much of the use of genomic information is probabilistic at best—that is, information about a person's genome, when combined with other information, is predictive but not determinative of therapeutic outcomes. And genomic information has

E-mail address: francisl@law.utah.edu.

one feature that at least some other forms of individually identifiable health information do not: information about one individual may also convey at least probabilistic information about their genetic relatives. These features of genomic information raise many legal and ethical issues.

Genomic information is initially information about a particular individual's genetic or epigenetic makeup. Thus understood, it raises problems of informed consent to the use of individual information, privacy and confidentiality, rights to know or not to know, and ownership, among other issues. Many of these issues have been much discussed and are familiar.

http: //dx.doi.org/10.1016/j.atg.2014.09.003

2212-0661/© 2014 Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/3.0/).

Less discussed, by contrast, are the legal and ethical issues raised by the probabilistic nature of much genomic information. Information about an individual's genomic makeup, by itself, rarely yields definitive diagnostic or prognostic information. Cases of the known significance of a single gene—such as the CAG repeats in the HTT gene on chromosome 4 present in Huntington's disease—are rare. Even in such cases, moreover, some of what is known is probabilistic: the number of CAG repeats, for example, is associated with age of disease onset. As genomic medicine is developing today, large data sets establishing correlations between particular genomic features are needed for understanding the possible significance of any individual's genomic characteristics. This probabilistic nature of genetic information raises significant ethical and legal questions on the other side of the information equation: not the patient side, but the information-holder side. These ethical and legal issues, including malpractice and duties to warn, responsibilities of data stewardship, intellectual property and ownership, reciprocity, and justice are much less recognized but no less critical.

1. Genomic information about individuals

As pointed out above, much has been written about the ethical and legal issues raised by genomic information about individuals. This review presents a brief summary of these issues. Although the topics are relatively familiar, understanding them is important both for patient care and for appreciation of the ethical and legal problems on the other side of the information equation. The import of genetic information for individuals gives rise to reciprocal obligations, or so this article contends.

1.1. Genetic information and identifiability

As a preliminary matter, several points about the individual identifiability of genetic information are important to set out. The presence of a particular genetic sequence does not, in the absence of accompanying information, identify an individual. Under the HIPAA privacy rule for the protection of individually identifiable health information, genetic information does not contain any of the first seventeen factors listed for safe harbor de-identification: patient's name, address, telephone number, various dates, Social Security number and other numbers identifying accounts, device serial numbers, photographic images, biometric identifiers, and other similar identifying information (Anon, 2014a). Only the final listed factor for safe harbor de-identification applies directly to genomic information—"any other unique identifying number, characteristic, or code"—in cases in which genetic information is a unique identifying characteristic. By itself, a single nucleotide polymorphism is not unique to a particular individual; however, in combination with other publicly available information about the individual genomic information may permit identification (Gymrek et al., 2013). Such risks of re-identification depend on what other information is publicly available; for example, Gymrek et al. (Gymrek et al., 2013) used information in recreational genetic databases and online search engines such as PeopleFinder to achieve reidentification. Importantly, these strategies can also be used to identify individuals through information from very remote, unknown relatives.

1.2. Informed consent

When individuals provide information about themselves for medical treatment, including for a genetic test, the parameters of informed consent are relatively clear. Individuals can be told what uses of their information are contemplated; standard notices of privacy practices inform patients that their information may be used for treatment, payment, or health care operations. For much information collected in treatment, however, the possibility of future use in research has not been included explicitly in any consent process, thus posing the question of the permissibility of later research use. Because large sets of data may

be necessary to identify the significance of low-frequency genomic variants, this problem can be expected to persist. One work-around has been to permit the research use of information that has been de-identified or that has been stripped of sufficient identifiers to qualify as a HIPAA limited data set (Anon, 2014b).

Re-use of information originally collected in research raises related issues. One recent study concludes that although almost 90% of participants in an NIH-funded genetics research were willing to allow the submission of their data in de-identified form to dbGaP, the database of genotypes and phenotypes at NIH (dbGaP, n. d), over two-thirds of them also wanted the researchers to ask their permission (Ludman et al., 2010).

As discussed above, genomic information may not be sufficiently de-identifiable to facilitate the work-around of stripping out identifiers. To allow the use of identifiable information in research, the Advanced Notice of Proposed Rule-Making (ANPRM) for revisions to current human subjects research protections published by HHS in 2011, would allow general consent to any future use of data in research (Anon, 2011). The ANPRM did, however, also suggests that especially sensitive research such as stem cell research or research about reproduction might require more explicit consent. Genetic information, because of its implications for others, may raise questions about the need for explicit consent. At the same time, it may be difficult to anticipate in advance what uses of genomic information might be desirable or what their risks might be. If so, it will need to be argued that sufficiently broad consent still may be informed consent (Sheehan, 2011).

The NIH Genomic Data Sharing Policy, issued August 27, 2014 (National Institutes of Health, 2014), requires all NIH-funded research generating large-scale human (and non-human) genomic data to be submitted to NIH. Data are to be de-identified in accord with the rules governing research with human subjects and the HIPAA Privacy Rule. For studies initiated, specimens collected, or cell lines created after the effective date of the Policy, NIH expects investigators to obtain consent for subsequent data use and broad data sharing. These consents must explain whether data will be shared through unrestricted or controlled-access repositories. For studies, specimens, or cell lines antedating the Policy, NIH requires investigators to consult with their IRB or relevant privacy board to determine what sharing is consistent with consents and to indicate any required limits when data are submitted to NIH. The Policy's encouragement of consent to broad data sharing can be expected to place additional pressure on the responsibilities of data-holders discussed below.

13. Privacy and confidentiality

Privacy protects individuals from unwarranted access to the person; confidentiality protects information about the person from unwanted use or disclosure. Both have been thought to raise special issues regarding genomic information. That genetic information about one person can be used to infer information about genetic relatives poses the privacy-like concern that information may be gleaned about individuals without direct access to them or even their knowledge. In part because of what may be exaggerated beliefs about its predictive power, genetic information has also been thought to be especially risky. These concerns led to the federal statute giving special protection from discrimination on the basis of genetic information in employment and health insurance, the Genetic Information Non-Discrimination Act (Prince and Berkman, 2012).

Such genetic exceptionalism may be unwarranted, however (Rothstein, 2008). Other health information—such as diagnoses of infectious diseases—may be at least as and potentially more risky and stigmatizing than genetic information. Although genetic information may seem unique in its possible implications for relatives, other health information such as a household member's exposure to toxins may also reveal information about relatives. That there is reason to question genetic exceptionalism, however, does not abate the potential risks to

individuals when genetic information is shared but suggests instead that these risks may be more widespread (Rothstein, 2008).

1.4. Rights to know and not to Iinow

As a principle of bioethics, respect for autonomy means that people may have opt to refuse as well as to consent to medical procedures or treatment, even if this would be unwise. So, individuals may choose not to undergo diagnostic interventions, including genomic sequencing. So-called "incidental" genomic findings—findings revealed by planned techniques for genomic analysis but not the immediate subject of diagnostic concern—present particular challenges for patient choice. The American College of Medical Genetics and Genomics recently issued guidelines for the release of incidental findings in certain cases of clinical significance (ACMG, n. d). Discussing these guidelines, McGuire et al. argue that informed consent requires explanation to patients that genomic sequencing may reveal incidental findings, that the choice of analytical techniques and clinical relevance is a matter of expert clinical judgment, but that "in rare cases" clinicians and appropriately informed patients may decide not to follow recommendations regarding disclosure of incidental findings (McGuire et al., 2013).

Such exercise of autonomy raises ethical questions when it has implications for others. Rhodes (Rhodes, 1998) argued that duties to others require people to allow their genetic information to be shared both with relatives for whom it might have clinical significance and for population studies that might advance medical knowledge. Rhodes' argument is directed towards data that has been or could be obtained in clinical care; the NIH Genomic Data Sharing Policy urges sharing of data gained in research (National Institutes of Health, 2014). Rhodes' argument rests on views about mutual responsibilities: of commitment, of friendship, and of common humanity. If there are such duties of reciprocity on the part of patients, this article contends below, they extend to the other side of the information equation as well.

1.5. Data ownership

Ownership of patient information and tissue samples is a matter for state law. The general view is that patients do not own their information or tissue samples. Alaska, however, provides that DNA samples and the results of DNA tests are the "exclusive property" of the person analyzed (Anon, 2014c). Oregon had a similar statute but it was repealed in 2001 (History of Oregon's Genetic Privacy Law, n. d). The Alaska statute poses an ethical dilemma for genetic testing laboratories: can they continue to use information concerning patients in Alaska to analyze the significance of variants? If they cannot do so, what are their responsibilities to tested patients to inform them of new findings about the significance of variants—for example, that a variant of previously unknown significance has now been identified with disease risks? Arguably good patient care requires providing updated information about new findings of significance, but the fact that Alaska patients' data could not be used to generate the findings suggests that they are free riding (albeit unintentionally) on the use of data from others. Questions of fairness raised here extend not only to other patients providing the benefit of their data but also to laboratories incurring costs of determining when and how it might be appropriate to convey information about new findings of significance. That other patients' data are being used to benefit everyone receiving tests is an important social good but also points to the need to consider ethical responsibilities of the data holder.

1.6. Summary

Concerns about genomic information have resulted in some special legal protections. Nonetheless, the prevailing ethical view is that patients have an obligation to share genomic information with relatives for whom it might be clinically useful. Arguments have also been made for individuals' obligations to allow genomic information, clinical records,

and tissue samples to be included in databases that are needed to improve understanding of the significance of variants. These arguments are accompanied by the values of informed consent and respect for patient autonomy. They also highlight the importance of understanding of the potential risks ofgenetic information. The arguments for sharing information are also complemented, this article contends, by obligations on the information holder's side of the information equation.

2. Responsibilities of information holders

Genomic information is not only information about individuals; it is increasingly sets of "big data" that can be analyzed to develop knowledge about the significance of individual genomic variations. Some of these databases are maintained as resources for the public good. For example, dbGaP, the database of genotypes and phenotypes (dbGaP, n. d), requested NIH-funded researchers to submit data from genome wide association studies. As of August 2014, it had resulted in 924 publications listed in PubMed, many in top-ranked journals (Paltoo et al., 2014). As of January, 2015, the NIH Genomic Data Sharing Policy will be in effect, applying to all NIH-funded research generating large-scale human and non-human genomic data and the use of this data in subsequent research (National Institutes of Health, 2014). The Policy will require investigators to whom it applies to submit data to NIH so that it can be used in subsequent research (National Institutes of Health, 2014) and can be expected to broaden the utility of this data extensively. MutaDATABASE is a collection of genomic sequencing data from a consortium of European, Asian, Australian, and US laboratories (Bale et al., 2011). Many other databases are proprietary: the vast resources of patient clinical information possessed by large health care systems, laboratories offering genetic testing, or health insurers, for example. Other genetic information that may also be used commercially exists outside of the clinical realm, as individuals seek to learn about their ancestry, find relatives, or assess disease risk. That this information lies outside the clinical realm was recently underscored when the Food and Drug Administration issued a warning letter to 23andMe, claiming that the company was marketing a genetic test without obtaining proper market clearance (23andMe, Inc., n. d). Nonetheless 23andMe and other companies continue to collect samples to provide people with information about their likely ancestral origins.

While some legal issues involving information holders are quite well developed, others are not and still others arguably have developed in ways that are problematic from an ethical point of view. These ethical and legal issues, including malpractice and the duty to warn, responsibilities of data stewardship, intellectual property and ownership, reciprocity, and justice are as noted above much less recognized but no less important than the obligations of individuals.

2.1. Malpractice and duties to warn

It is malpractice when providers' failure to meet the standard of care causes harm to their patients. Genomic information is no different in this regard (Downs and Trias, 2012), although as medical knowledge is rapidly evolving what standards of care require may be in flux as well. Most of the litigated cases about genetic information have involved potential parents who were not informed about the availability or results of genetic tests to determine risks of inherited diseases such as cystic fibrosis or TaySachs disease and who then had affected children. A few cases have also considered whether providers have legal duties to warn family members of known genetic disease risks; these cases divide on whether there is such a duty and whether it can be discharged by informing their patients of the importance of sharing the information with their family members. Although the law has not developed a great deal in the area of genetic information, it is surely arguable that health care providers have ethical duties to inform their patients of known genetic risks and to consider with their patients the likely importance of this information to family members.

2.2. Data stewardship

The seminal statement of basic principles of data stewardship was made by the then-US Department of Health Education and Welfare in 1973 (Department of Health, Education, and Welfare, 1973). Records, Computers, and the Rights of Citizens urged transparency and openness, purpose specification, data integrity, and data security as core fair information practices. This report applied to computerized records held in both the public and the private spheres; the federal Privacy Act in which it resulted, however, created legal obligations only for the federal government. Many subsequent data stewardship proposals continue to urge more general application of these principles (NCVHS, 2009). Although discussions of data stewardship have evolved (NCVHS, 2009), these principles remain core. Holders of databases of genomic and phenotypic information have these stewardship responsibilities. This means that there should be no secrecy about data collection and use. It means that purposes of data use should be specified and that deviations from stated purposes are inappropriate without opportunities for consent. Thus it would be unethical to use a database assembled to improve understanding of the significance of genomic variants to improve underwriting of health insurance premiums. The principle of purpose specification also comes into play when data acquired in clinical care are used to advance the commercial interests of health care providers—unless these intended purposes were specified in advance. Data integrity includes protecting data from corruption and employing good practices to assure accuracy. Data security includes protecting data from unintended access or use as well as maintaining the physical security of data.

These principles of data stewardship are ethical principles. Actual legal requirements are far more limited. Most important are the US federal HIPAA Security Rule and Privacy Rule (Anon, 2014d). These requirements are limited to protected health information, however, and do not apply to data collected by recreational genetic companies or other private sector entities outside of the context of health care. Importantly, once data have been de-identified they are no longer subject to HIPAA protection. Also, once data have been transferred from a HIPAA-covered entity to a non-HIPAA covered entity, they are no longer protected under HIPAA. Many of the large genomic databases thus are outside of the sphere of HIPAA protection.

A second framework of legal protection in the US is the Federal Trade Commission Act forbidding unfair or deceptive trade practices (Federal Trade Commission Act, 2014). Stating one purpose for data use and then putting the data to a different use—a data bait and switch—is a deceptive trade practice. It is also an unfair trade practice to subject data to unreasonable risks that consumers could not adequately protect against, as when retailers fail to institute appropriate security measures to protect against credit card theft. Arguably, failure to maintain adequate database security that allowed hackers to access identifiable health information would be an unfair trade practice, even when the data are not HIPAA-protected.

2.3. intellectual property

Entities possessing databases of health information or developing methods for analyzing them may have intellectual property rights in these assets. These rights may be of three kinds: patents, copyrights, or trade secrets. The general justification for intellectual property rights is creating economic incentives for discovery, innovation, and creation; the concern about these rights is that their assertion may deprive others of access to important knowledge or products (Bitton, 2006; Lyndon, 2007; Zufelt and Robert Rehm, 2011). This justificatory balance has been applied to create quite different legal regimes for the different types of intellectual property rights. As the law has developed, however, these regimes are not always well aligned with patients' interests in the development of genomic knowledge that might prove clinically beneficial to them.

US patent law is federal (indeed, constitutionally established); by statute, patents may be obtained on processes, machines, manufactures or compositions of matter that are new. There are exceptions for products or laws of nature, physical phenomena, or abstract ideas; these should be free for all to use. In its recent decision involving Myriad Genetics' patent claims to genes implicated in the development of breast and ovarian cancer (Association for Molecular Pathology and Myriad Genetics, 2013), the United States Supreme Court invalidated patents on naturally occurring genetic sequences but upheld the patentability of created cDNA. The case was unusual because it concerned the very patentability of genetic sequences under Section 1 of the Patent Act. An important feature of patent law is that it grants exclusive rights in exchange for the disclosure of the invention. Thus others interested in research in the area of a patent may know about the intellectual property and seek rights to use it from the patent holder. Awareness of the intellectual property may also be useful to others working in the area to build upon it or otherwise gain from knowledge of its subject matter. Nonetheless, assertion of patent rights can be a significant bar to developing knowledge, if patent-holders refuse to grant licenses or charge prohibitive amounts for these licenses. The NIH Genomic Data Sharing Policy, while recognizing the legitimacy of patent rights, also emphasizes that naturally occurring DNA sequences—including basic sequence data and related information—are not patentable; the Policy also encourages broad use of NIH-funded genomic data and discourages the use of patents to prevent the use of data developed with NIH support (National Institutes of Health, 2014). This encouragement is directed to patent rights, however, and not to other forms of intellectual property that may also become roadblocks to data sharing.

Copyright law (also constitutional and federal) protects "creations." Ideas themselves, concepts in the work, or information gathered from elsewhere are not copyrightable, unless there is creation. "Compilations" in the sense of works "formed by the collection and assembling of preexisting materials or of data that are selected, coordinated, or arranged in such a way that the resulting work as a whole constitutes an original work of authorship," (Anon, 2014e) are copyrightable. Mere re-compilations such as telephone book listing numbers are not, however (Feist Publications, Inc. and Rural Telephone Services Co., 1991). Thus compendia of clinical information would not be copyrightable absent some novelty in the method of arrangement, expression, or presentation. In addition, computer programs may be copyright-able as works of authorship, so programs for organizing databases are copyrightable. Analytic methods such as algorithms for detecting disease incidence, however, would need to be considered under patent law. An important difference between copyright and patent law is that applications for copyright registration do not require disclosure of the actual work. So an information holder could seek to register copyright in a database by naming the compilation but would not be required to disclose the data themselves.

Trade secret law is a matter of the commercial laws of the individual states, although there is a great deal of uniformity as most states have adopted provisions of the Uniform Trade Secrets Act. The purpose of trade secrets law is to allow businesses to protect items of economic importance to them. To assert a trade secret, a business must take appropriate steps not to reveal it. Trade secrets do not require invention or creation; they require protection. Increasingly, private sector entities possessing databases are asserting trade secrets protection for them. It is estimated, for example, that Myriad Genetics has a major advantage over other entities offering genetic testing because of the data it has obtained about possible phenotypic significance ofvariants (Cook-Deegan et al., 2013). Particularly problematic features of trade secrets law are the lack of external validation of results and the indefinite time period of protection (Cook-Deegan et al., 2013; Institute of Medicine, 2012). The US Institute of Medicine (Institute of Medicine, 2012) has recommended that all funders of genomic translational research require "investigators to make all data, metadata, prespecified analysis plans, computer code, and fully specified computational procedures publicly available and readily interpretable ..." (Institute of Medicine, 2012, p. 3).

2.4. Reciprocity and justice

As outlined in the first section of this article, individuals who allow their data to be used for the development of genomic knowledge take risks that enable others to benefit. Ethical obligations of reciprocity suggest that they should receive something in return: arguably the appropriate exercise of responsibilities on the part of the information holder discussed in the preceding sections. If information holders fail to protect information appropriately or put information to unanticipated uses, they have failed in their responsibilities as data stewards as discussed above. But reciprocity and justice require more as well.

Information holders of large data sets drawn from clinical information possess a very valuable resource for the development of knowledge about patient care. When people have conferred a benefit on others for the good of the whole, reciprocity suggests they should receive in return the opportunity to benefit from that good. For purposes of this article about information sharing, this means at a minimum that scientific developments obtained from large-scale genomic databases should be publicly available. If genomic databases are used only for private commercial ends, reciprocity in this sense will not be recognized. Reciprocity will also not be recognized if the assertion of intellectual property rights prevents the use of the database for the overall good, and instead turns it only to private gain, as may well be occurring with the developing use of trade secrets law.

In addition, some contemporary approaches to genomic data raise questions of justice. If information gathered from some is put to the benefit of others—particularly to the benefit of those who are more privileged—injustice may result. Because of the expense and comparative unavailability of genomic sequencing for many, the information currently available in at least some databases may be skewed towards the more privileged (Cook-Deegan et al., 2013). This places increased importance on sharing information so that lower frequency events can be detected even in less-well-represented populations. Cook-Deegan et al. make the point powerfully about the extent to which genomic information is skewed globally towards the better-off (Cook-Deegan et al., 2013). Insistence on proprietary rights over genomic information thus may have untoward consequences for justice.

2.5. Summary

Holders of genomic information thus have ethical obligations that mirror the importance of the resource that they possess. These obligations may include avoiding malpractice and considering the use of information to alert others to clear risks, data stewardship, reciprocity, and justice. These ethical obligations are not well served by some aspects of current law, especially in the area of intellectual property.

3. Conclusion

Genomic information is increasingly important to patients and their families. Although this information is not without risks, individuals have

ethical obligations to allow this information to be used for the common good. But they should have the opportunity to know how information is being shared and used and they should be protected against risks of disclosure. Information holders thus have responsibilities of data stewardship. They also have ethical responsibilities to use this valuable resource to the benefit of individuals at risk and for the common good, in a manner that is just.

References

23andMe, Inc., d. 11/22/13, Doc # GEN1300666 http://www.fda.gov/ICECI/Enforcement

Actions/WarningLetters/2013/ucm376296.htm (accessed August 24,2014). ACMG, d. Recommendations for Reporting of Incidental Findings in Clinical Exome and Genome Sequencinghttps://www.acmg.net/docs/ACMG_Releases_Highly-Anticipated_Recommendations_on_Incidental_Findings_in_Clinical_Exome_and_ Genome_Sequencing.pdf (accessed August 24, 2014). 76 Fed. Reg. 44520 (July 26, 2011). 45 CFR §164.514(b)(2)(i) (2014). 45 CFR§ 164.514(e)(1) (2014). AS § 18.13.010 (2014). 45 CFR §§160-164 (2014). 17U.S.C. §101 (2014).

Association for Molecular Pathology v. Myriad Genetics, 569 U.S._(2013).

Bale, Sherri, et al., 2011. MutaDATABASE: a centralized and standardized DNA variation

database. Nat. Biotechnol. 29,117-118. Bitton, Miriam, 2006. A new outlook on the economic dimension of the database

protection debate. IDEA 47, 93-169. Cook-Deegan, Robert, et al., 2013. The next controversy in genetic testing: clinical data as

trade secrets?. Eur. J. Hum. Genet. 21, 585-588. dbGaP, d. https://www.ncbi.nlm.nih.gov/gap (accessed August 24,2014). Department of Health, Education, and Welfare, 1973. Records, Computers, and the Rights

of Citizens. http://epic.org/privacy/hew1973report (accessed August 24,2014). Downs, Trias, 2012. Standard of Care Required Disclosure of Risks of Ovarian Cancer

When Significant Family History of Breast Cancer306 Conn. 81 . Federal Trade Commission Act, 15 USC §§ 41-58 (2014). Feist Publications, Inc. v. Rural Telephone Services Co., 499 U.S. 340 (1991). Gymrek Melissa, et al., 2013. Identifying personal genomes by surname inference. Science 339, 321-324.

History of Oregon's Genetic Privacy Lawhttp://public.health.oregon.gov/DiseasesConditions/

GeneticConditions/Documents/LAW_ORHxPrivacy.pdf (accessed August 24,2014). Institute of Medicine, 2012. Evolution of Translational OMICS: Lessons Learned and the

Path Forward. National Academies Press, Washington, DC. Ludman, Evette, et al., 2010. Glad you asked: participants' opinions of re-consent for

dbGap data submission. J. Empir. Res. Hum. Res. Ethics 5 (3), 9-16. Lyndon, Mary L., 2007. Secrecy and access in an innovation intensive economy: reordering information privileges in environmental, health, and safety law. Univ. Colo. Law Rev. 78,465-531. McGuire, Amy, et al., 2013. Ethics and genomic incidental findings. Science 340 (6136), 1045-1048.

National Institutes of Health, 2014. Final Genomic Data Sharing Policy. http://gds.nih.gov/

PDF/NIH_GDS_Policy.pdf ((Aug. 27). Accessed September 1, 2014). NCVHS, 2009. Health Data Stewardship: What, Why, Who, How: An NCVHS Primer.

http://www.ncvhs.hhs.gov/090930lt.pdf (accessed August 24, 2014). Paltoo, Dina N., et al., 2014. Data use under the NIH GWAS data sharing policy and future

directions. Nat. Genet. 46, 934-938. Prince, Anya, Berkman, Benjamin, 2012. When does an illness begin: genetic discrimination and disease manifestation. J. Law Med. Ethics 40, 655-672. Rhodes, Rosamond, 1998. Genetic links, family ties, and social bonds: rights and responsibilities in the face of genetic knowledge. J. Med. Philos. 23 (1), 10-30. Rothstein, Mark 2008. Is GINA worth the wait? J. Law Med. Ethics 36,174-177. Sheehan, Mark 2011. Can broad consent be informed consent? Public Health Ethics 4 (3), 226-235.

Zufelt, Frederick R., Robert RehmJr., T., 2011. Intellectual property: fueling the health care reform engine. Wake For. J. Bus. Intellect. Prop. Law 11,147-211.