Cleveland Clinic Pathologist Urges Contract Solution for Return of Genomic Data
The Cleveland Clinic’s Roger Klein responds to my previous GLR post:
The Office of Civil Rights’ interpretation of the requirements of 45 CFR § 164 could pose problems for clinical laboratories and the professionals who practice within them. Although the issue of providing benign variants for a single gene, at least prospectively, would be straightforward, a broad definition of the designated medical record set could result in considerable complexity when one considers large-scale sequencing. Some excluded data can be of variable reliability, may be prospectively filtered by software, or may otherwise be omitted from the patient report because of professional interpretation and judgment. One can legitimately argue that this interpretation and judgment, as reflected in the patient report, should serve as the gateway to the official medical record.
In defining the designated record set, and in attempting to understand the implications of that definition, the regulations need to be analyzed as a whole. HIPAA requires that requested patient information is provided in the “form and format requested,” or in alternate “readable formats” as agreed on by the parties. Therefore, we don’t fully understand where OCR’s guidance could lead. Arguably, however, this plain language within the regulations suggest that they are intended to apply to traditional medical records, rather than, for example, direct delivery of raw next generation sequencing (NGS) files.
It appears that Myriad may be withholding information in order to preserve the commercial value of its internal, test acquired data. I believe this is in conflict with medical ethics and values that many in the molecular pathology community share. Conversely, some, perhaps many, may be uneasy with government potentially reaching so deeply into our medical practices, and in some sense potentially contravening our professional judgments.
Although Myriad does not own a patient’s genes or associated biological relationships, which are natural phenomena, the confines of provided services have historically in many areas of life depended on the terms of contracts between willing parties. Thus Myriad, as a service provider, can reasonably argue that the limits of its service should be established by the contracts between it and the patients it tests.
In the software area there are many examples of market solutions for acquisition and sharing of private data. One can, for example, share private data in exchange for the right to use certain software, or agree to suffer through annoying advertisements in lieu of paying a license fee for the full version of that software. If a test provider refuses to release certain data to the patient or the public, individuals are free to utilize another provider. A company like Myriad could also establish pricing tiers wherein varying levels of data are disclosed based on the preferences of the consumer.
Thus, as the backdrop to the larger issue of the meaning of the HIPAA regulations and broad concerns about the impact on molecular pathology practice, is the question of Myriad’s specific conduct in this instance. Although Myriad’s behavior may violate norms prevalent in the community or medical ethics, is it so egregious, and are the societal concerns about a failure to report benign variants to patients so great, that these considerations justify government intrusion into a contract between freely contracting parties? At its essence, this becomes a question of competing values. Ultimately, the U.S. Department of Health and Human Services is deciding whether Myriad’s business model is legally permissible.
Roger D. Klein, MD JD is Medical Director of Molecular Pathology at Cleveland Clinic, where he oversees genetic and genomic testing. He is a graduate of Yale Law School, and assisted the American Civil Liberties Union in Association for Molecular Pathology v. Myriad Genetics.