by Brian Hioe
Photo Credit: Solomon203/WikiCommons/CC BY-SA 4.0
CONCERNS HAVE BEEN raised regarding the use of genetic information for more than 600,000 patients for an Academia Sinica research project. Consequently, this led to criticisms from legislator Huang Kuo-shu in February that this could potentially be a violation of the Human Biobank Management Act. Namely, according to the Human Biobank Management Act, patients must consent to their data being used and be allowed to withdraw use of the data at any given time. Some patients may not have signed off consent on their data being used but had their information included in the database.
In particular, the project is the Taiwan Precision Medicine Initiative. As part of the project, Academia Sinica’s Institute of Biomedical Sciences has access to the genetic information of over 600,000 individuals, to match individuals with suitable medicines in a manner that minimizes resources. But apart from questions raised about consent, there have also been concerns raised about whether data that is used as part of the initiative is sufficiently anonymized.
Huang also raised concerns about this data being leaked for commercial use, or that it falls into the hands of an enemy power, leading to issues regarding national security. One notes that Huang raised concerns about the Academia Sinica project at a time following reports that the entire national household registration information of Taiwan as a whole was available for sale online as part of a leak, which has led to the belief that this information is in Chinese hands. Likewise, there is an ongoing investigation into the leaks of National Health Insurance records online, as a result of wrongdoing by National Health Insurance Administration workers.
Following these scandals, further controversy erupted after a database for the car and vehicle rental service iRent was found to be accessible online without any security. The unsecured information included the names, phone numbers, home addresses, e-mail addresses, driver’s license photos, and partly redacted credit card information of users. Later on, other rental services in Taiwan were found to have similarly unsecured information.
When concerns regarding national security were raised pertaining to the genetic information, probably fears were that this information would end up in Chinese hands. Indeed, it is known that the Chinese government is collecting the genetic information of Tibetans, Uyghurs, and other ethnic minorities, raising concerns about what it may intend to do with this data. Health data is increasingly seen as having commercial use, which also raises questions as to the use of it for research or other purposes.
In past years, there have also been concerns raised by Taiwanese civil society groups regarding Taiwan’s National Health Insurance data. Civil society groups such as the Taiwan Association for Human Rights have filed a lawsuit on constitutional grounds, calling for an opt-out mechanism, seeing as the use of private data may be something that marginalized groups do not wish for. The possibility of anonymized data being re-identified through comparison with other data sets has also been raised.
Concerns regarding genetic information from Taiwanese patients proves similar. Though civil society has criticized the lack of opt-out mechanisms as violating privacy rights and possibly proving dangerous, on the other hand, advocates have argued that with the right mechanisms in place, the use of such information could be valuable for developing health treatments. Taiwan could contribute toward global health and medicine in this way because of the large amount of data that it has on the public or otherwise advanced methods of diagnosis for patients in Taiwan.
Past leaks have contributed to fears about the misuse of this information, however. Recently, Taiwanese legislators have called for the establishment of a data security body in order to address these issues. This could perhaps be under the purview of the recently established Ministry of Digital Affairs. It is to be seen whether there is a broader push for government regulation of data security practices, yet this also raises questions about when data access is granted for research purposes for government-affiliated institutions such as Academia Sinica. Significantly, part of the criticism from civil society groups is that current definitions of the use of information for the public good are too vague and open the path to potential misuse. It is to be seen whether an appropriate balance can be struck between these conflicting imperatives, then.