Why loosening genetic privacy law is a recipe for fear and frustration

Specialists can go on a genetic fishing expedition tracking down potential relatives.

Doctors are supposed to keep patient information confidential unless told otherwise, right? Well, not any longer.

If you’re diagnosed with a genetic disorder, medical specialists are now allowed to contact anyone and everyone they suspect could be your relative. And they don’t need your permission.

Welcome to the brave new world of genetic privacy.

Guidelines & legislation

Privacy in Australia is protected through an uneven and increasingly threadbare patchwork of state, territory and commonwealth laws and guidelines.

At the state level, it’s protected through health-specific privacy law and through common law provisions for confidentiality. This covers the doctor’s duty to protect a patient’s privacy – patient information must be safeguarded and not disclosed without the patient’s consent.

At the national level, broad protection is provided by the Privacy Act 1988, an enactment of the Commonwealth parliament, and is overseen by the privacy commissioner. But the Act can be modified through Public Interest Determinations (PIDs), which are made by the privacy commissioner and not by parliament or the national attorney-general.

This is where the new provisions come into play. The commissioner has issued PID 11 and 11A: Collection and use of contact details of genetic relatives to enable use or disclosure of genetic information, which override the existing provisions for patient privacy. The PIDS are founded on guidelines developed by the National Health & Medical Research Council (NHMRC).

Privacy failure

The PIDs allow a medical specialist to disregard a patient’s request not to provide information about a serious genetic condition to a third party.

Ethics aside, this is of great concern for a number of practical reasons.

If specialists diagnose patients with a genetic disorder, they can legally contact anyone – yes, anyone – they believe may be related to the patient.

The Privacy Commissioner has disregarded criticism that this would allow a specialist to grab a phonebook and contact anyone and everyone with the surname Ng or Smith, on the basis that a Smith or Ng had a particular genetic attribute.

The NHMRC guidelines and PIDs explicitly anticipate that large-scale scattergun contact will take place.

This means that many of the people contacted won’t be genetic relatives and, if they are, won’t have the particular genetic attribute. There may have been name changes, adoption, marriage or other circumstances that preclude them from being genetically linked.

Potential genetic contacts of the patient will receive a letter from the specialist indicating that a potential relative has a serious genetic condition and it’s advisable for them to have a test.

The letter won’t identify the relative, who may of course not actually be related to the recipient. The letter won’t even identify the condition, for which the relatives may or may not be at risk, or outline the test the relatives need to clear themselves.

Recipients will presumably contact their general practitioner, asking to be tested. But since the specialist isn’t authorised to identify the original patient or the patient’s condition, the general practitioners can’t know what’s meant to be tested.

Likewise, pathology laboratories have indicated to me that financial and regulatory requirements prevent them from testing for all genetic conditions.

A recipe for frustration, not better health

The contact exercise therefore needlessly raises concerns that can’t be allayed.

Rather than increase diagnosis and treatment, it will create suspicion and confusion, with recipients wondering which of their relatives has the mysterious and serious condition (since surely reputable specialists wouldn’t make a mistake or cause unnecessary worry).

The PIDs are distinct from existing law that allows practitioners to breach confidentiality in exceptional circumstances, such as when the doctor is aware the patient has HIV and is engaging in unprotected sex with people who are unaware of that status.

Setting aside the absurdity of the exercise, we come to the ethical question: should people with particular genetic attributes – that may or may not eventually result in disability or death, and may or may not be passed to offspring – have a right not to know?

In some cases, people don’t want to know they have a death sentence, particularly one which may cause death in a few months’ time or in thirty years.

Making sense of the PIDs

So, should we be concerned about the specific PIDs and the breach privacy they allow?

From submissions provided to the Commissioner by the NHMRC and the specialist doctor who originally recommended the PIDs (with the encouragement of the Commissioner), it’s clear these provisions wouldn’t be commonly needed – very few patients refuse to share information about their condition with immediate relatives.

Then why introduce the PIDs at all? We might conclude that they’re the result of bureaucratic incapacity within the Privacy Commissioner’s office. Rather than seeking independent advice from a range of sources and fully considering all concerns, the Commissioner seems to have been captured by the interests of a handful of medical specialists.

Scrutiny of the Commissioner’s file, obtained through Freedom of Information, suggests that in making the PIDs, the Commissioner has misunderstood the contact process, has disregarded advice from medical and legal specialists and has uncritically accepted statements by the handful of medical specialists who developed the NHMRC guidelines.

The weakening of medical privacy through the PIDs sets a worrying precedent for future erosion of privacy law.


Share your views below: Should these PIDs be abandoned?

Would you want to know if you had a gene that increased your risk of death, tomorrow or 30 years down the track?

We produce knowledge-based, ethical journalism. Please donate and help us thrive. Tax deductible.