I think most relatively informed observers realize that, once genetic and other health data is collected, digitized and made mobile, there is no law that will keep it out of the hands of governments (and, in the US, corporations). It is simply an irresistible tempation.
If there's anyone so naive as to think otherwise, they ought to consider the story of the Swedish biobank:
Medicine's new central bankers | Economist.com
Similarly, the Karolinska Institute in Stockholm, which already runs one of the world's oldest university-based biobanks, plans to follow 500,000 Swedes for 30 years to gain new insights into depression, cancer and heart disease...
... The Swedish government, which created one of the world's first national biobanks in 1975—it now has at least a blood sample from all of its citizens—used a loophole to gain access to the biobank a couple of years ago, in order to track down a killer.
It was not, admittedly, a run-of-the-mill murder case. Anna Lindh, Sweden's popular foreign minister, was murdered in September 2003 at a department store. Although Lindh's murder was captured on closed-circuit television, it was ultimately a DNA match from the murder weapon, a knife, that provided the basis on which the leading suspect, Mijailo Mijailovic, a 25-year-old Swedish Serb, was convicted. The DNA sample used to place Mr Mijailovic at the scene came from the country's national biobank, which—unlike many of the research biobanks now being established—is not anonymous.
Mr Mijailovic's conviction was later overturned on the basis that he suffers from a psychiatric disorder, but damage to the claim of confidentiality made by Sweden's biobank was done nevertheless. “This must never happen again,” says Jan-Eric Litton of the Karolinska Institute biobank. “This is not and should not be the purpose of a biobank—the only purpose, and it is my great hope that all nations abide by and clarify this, is to understand disease and find ways to address it in all of its forms. Biobanks are the future—they are a unique opportunity if we manage them correctly.”
“While bioethical and regulatory worries about biobanks abound, lack of agreement on standards could prove to be a more immediate impediment.”
But while limiting the use of biobanks to medical research sounds like a simple solution, grey areas abound. In January, Swedish lawmakers temporarily changed the law to allow access to the biobank in order to identify bodies of Swedish citizens killed in the Asian tsunami. That is arguably a non-medical use, but one that is harder to argue against: the samples were used to identify children, for whom dental records did not exist. As a biobank meeting held in Stockholm last May, and a follow-up meeting in Washington, DC, last month made clear, there is still no agreement about how to keep probing officials citing national security or other serious concerns out of the biobank vaults.
Sweden has strong privacy laws and traditions, but convicting an assassin was sufficient to sweep them away. This was an almost trivial temptation; imagine if the issue were identification of a suspected terrorist treated for smallpox ...
I think the Swedes should have resisted in the Lindh case, but I'd have made the same call in the Tsunami affair. The smallpox terrorist? Well, it depends. I do wish Bush were not in power.
The point? We shouldn't fool ourselves. If the data is collected it will be used. The rule should be only to collect data that is truly valuable, and to allow citizens to opt out of data collection. (Of course even anonymous data can be used to trace people with a bit of cleverness.) Everyone must understand that this data will be used and abused; if one wishes to avoid that then don't collect the data in the first place.
Incidentally, I have mixed feelings about the interoperability standards for health records. There is something to be said about data being very expensive to access and move ...