Precision medicine, a 21st-century treatment approach made possible by genome sequencing, is in its infancy but growing fast. By taking into account an individual’s genes, lifestyle, and environment, precision medicine offers the prospect of finding individualized therapies that might ultimately cure diseases such as cancer and diabetes. Yet, as with other technological revolutions, precision medicine’s quest for innovation bumps up against a host of legal issues—for patients as well as laboratories and providers of patient care. “Precision medicine intersects with a number of issues of government regulation, patient privacy, provider responsibility, and discrimination. The law hasn’t quite caught up because precision medicine is moving so quickly,” says Sharon Zehe, J.D., an attorney in Mayo Clinic’s Legal Department who supports Mayo Clinic’s Center for Individualized Medicine, the Department of Laboratory Medicine and Pathology, and Mayo Medical Laboratories (MML). Zehe is also Vice President of Business Affairs for MML. Health care companies and providers, patients, and government regulators seek a delicate balance between maintaining patient privacy and gathering and using genetic information to understand disease and to improve treatments. “Ideally, there would be a happy medium where, through patient consent or other mechanisms, we can protect privacy and yet still be able to undertake our research and understand these diseases,” Zehe says. She outlines four principal legal issues raised by precision medicine:
Finding the Balance: Legal Issues Arising from Precision Medicine
1. Government Regulation of Lab TestsAs part of its mission to protect public health, the U.S. Food and Drug Administration (FDA) has issued guidance on regulating laboratory-developed tests (known as LDTs)—in vitro diagnostic tests that are designed, manufactured, and used within a single laboratory. The FDA’s interest stems partly from a blood test offered by a laboratory in the early 2000s to detect ovarian cancer. Amid concerns that the test had not been proven accurate and might cause women to have unnecessary major surgery, the FDA sent a warning letter to the laboratory, which ceased performing the test. Recently, the FDA shifted its approach from devising a regulatory framework to calling for Congressional action. In September 2017, the newly appointed commissioner of the FDA Scott Gottlieb, M.D., said he would like Congress to pass legislation regulating LDTs.* No bill has been introduced yet. However, several months before Dr. Gottlieb's appointment as FDA commissioner, a discussion draft of a bill known as the Diagnostic Accuracy and Innovation Act (DAIA) was released by its sponsors Rep. Larry Bucshon, M.D., (R-Ind.) and Rep. Diana DeGette (D-Col.)** DAIA would:
- Apply the same regulatory principles to test kits developed by manufacturers and to LDTs performed by clinical laboratories.
- Mandate an update to the FDA’s Clinical Laboratory Improvement Amendments (known as CLIA), which require clinical laboratories to be certified by their states and by the Centers for Medicare and Medicaid Services.
- Clarify the roles of the FDA and CLIA in regulating lab tests. The FDA would oversee test development and manufacturing; CLIA would apply to lab operations, and individual states would have jurisdiction over the medical use and interpretation of tests.
“Whatever regulations are adopted, it’s important that the framework ensures continued innovation and patient access to accurate and reliable clinical lab services,” Zehe says.
2. Obligations to InformGenome sequencing sometimes finds mutations whose significance, if any, is unclear. What obligation does a laboratory have to inform patients about a so-called “variance of unknown significance” (or VUS)? If the significance is discovered years or even decades later, is the laboratory obliged to update the patient? Zehe notes that a case making its way through the courts in South Carolina centers on these issues and could change the standard of care for genetic testing. The case, Williams v. Quest/Athena, involves a two-year-old boy who experienced seizures and was diagnosed with epilepsy. His doctor ordered genome sequencing that found a VUS—a genetic mutation known as SCN1A. At the time, SCN1A was coming under suspicion, but wasn’t clearly linked, to Dravet syndrome, a rare but severe seizure disorder that can worsen when treated with certain anti-epilepsy medications. The boy was treated for epilepsy, and he subsequently died. His mother sued, arguing that she should have been informed about the SCN1A variance. For providers of genomic testing, the issue is how to balance negligence standards against regulators’ requirements for validation of test results. “What is a lab’s obligation when it finds a VUS? CLIA requires labs to validate testing and know what a test result means. The FDA is very strict about not making vague statements that some test result might possibly be connected to a disease,” Zehe says.
“Are providers responsible only for what was known at the time the VUS was found? Or will future standards of care require providers to look back—and if so, how far back?”The fact that genome sequencing is generally a once-in-a-lifetime test complicates the picture. “Your sequence doesn’t change,” Zehe says. “If you’re tested when you’re 20, and at the time, no problems are reported, do you go back at age 40 and ask for the sequence to be reinterpreted? Or pay thousands of dollars to have your sequence run again? We need to understand what the laboratory’s obligation is to update a variance of unknown significance.”
3. PrivacyBy definition, precision medicine entails the collection of a raft of personal data, including an individual’s genome, medical history, family history, and lifestyle factors. Mayo Clinic seeks patient consent before obtaining this data and approval from Mayo’s Institutional Review Board for any studies. “We make sure our research participants are protected and that we do everything within the bounds of the law,” Zehe says. But current law doesn’t fully protect patients’ privacy. Under the 1996 Health Insurance Portability and Accountability Act (HIPAA) of 1996, interpretations of genetic data are considered private health information—but the raw sequencing data aren’t. “HIPAA says your fingerprint is individually identifiable, but your genetic sequencing—which is just as unique as your fingerprint—isn’t,” Zehe says. As a result, people can unwittingly hand ownership of their genome data to companies that perform sequencing for such purposes as providing information about ethnic backgrounds. “People think it’s cool to find out about their ancestry, and they probably don’t even read the fine print on the companies’ websites,” Zehe says.
“Genome testing raises privacy issues that patients often don’t understand. And the current law doesn’t fully protect them.”