Williams v. Athena Motion to Dismiss Hearing—SC Supreme Court May Be Asked to Decide Whether a Diagnostic Laboratory Qualifies as a Healthcare Provider
Foreword by John Conley
Back on May 31, 2016, Contributing Editor Jennifer Wagner wrote a lengthy report on the newly filed case of Williams v. Quest Diagnostics, et al. As Jen recounted, plaintiff Amy Williams sued Athena Diagnostics and its corporate parent, Quest Diagnostics, alleging that Athena negligently misclassified a genetic variant it identified in testing the DNA of her late son. Ms. Williams claims that the misclassification caused the boy’s doctors to prescribe a potentially dangerous course of treatment that ultimately led to his death. The case was originally filed in a South Carolina state court and was then removed to federal court by the defendants, which they were able to do because the parties are citizens of different states.
As Jen also reported, the defendants responded by filing a motion to dismiss the complaint. Their principal argument was that the case is actually a medical malpractice case, rather than an ordinary negligence, and as such is barred by the applicable statute of limitations. Federal Judge Margaret B. Seymour conducted a lengthy hearing on that motion on January 4, 2017. There has been no ruling as yet, nor any timetable for one.
Laurel Coons, a Duke University Ph.D. student, is working on the case with GLR Contributor Robert Cook-Deegan, M.D., formerly of Duke and now of Arizona State University, who has filed an expert affidavit on behalf of Ms. Williams. Laurel attended the hearing, and she and I have reviewed the transcript. Laurel’s report and analysis of what happened follows. I add a few legal comments at the end of Laurel’s post.
Williams v. Athena Motion to Dismiss Hearing—SC Supreme Court May Be Asked to Decide Whether a Diagnostic Laboratory Qualifies as a Healthcare Provider
By Laurel Coons
The South Carolina Supreme Court may be asked to certify whether a diagnostic lab should be classified as a health care provider under state law. South Carolina federal Judge Margaret Seymour appeared to be contemplating this during a January 4 hearing on the defendant’s motion to dismiss in the Williams v. Quest Diagnostics, Inc. lawsuit. The answer will determine whether this lawsuit will move toward a jury trial.
The Complaint – March 2016
Christian Millare was born in August 2005 and beginning at the age of 4 months started having seizures. His doctors treated his seizures with sodium channel inhibitor medications: oxcarbazepine (Trileptal®), carbamazepine (Tegretol®), and lamotrigine (Lamictal®). These are standard treatments for epileptic seizures not caused by Dravet syndrome (SMEI). In January 2007, Christian’s DNA was sent to Athena Diagnostics (a subsidiary of Quest starting in 2011) for a DNA analysis of the SCN1A gene—that is, the detection and diagnosis of any DNA variants within the SCN1A gene. DNA mutations in SCN1A are associated with a spectrum of epilepsy phenotypes, the most severe being Dravet syndrome. For patients with SCN1A mutations, sodium channel inhibitor medications are to be avoided because they exacerbate the seizures. The DNA sequencing of Christian’s DNA took place in May 2007. The results were sent to the ordering physician, John Shoffner, on June 30, 2007. This report indicated that Christian possessed a DNA variant in the SCN1A gene that was classified as a “variant of unknown significance” or VUS (i.e., not specifically known to be either pathogenic or benign). Relying on the information in this report (which did not identify any DNA variants as being pathogenic or warn of any treatments to avoid), Christian’s doctors continued to treat him with increasing doses of multiple sodium channel inhibitor medications. Athena did not issue a copy of the June 2007 report directly to the patient or the patient’s family. Christian’s condition worsened, even as doses of the sodium channel inhibitor medications were increased in attempts to manage his seizures. Christian suffered a severe and ultimately fatal seizure resulting in his death on January 5, 2008.
His mother, Amy Williams, sued Athena and Quest, its parent company, in a South Carolina state court in March 2016. The defendants were able to “remove” the case to the South Carolina federal court because the plaintiff and defendants are citizens of different states. Nonetheless, South Carolina state law will continue to apply.
The complaint alleges that Athena was negligent and breached the applicable standard of care by (1) failing to provide a genetic confirmation that Christian had Dravet syndrome and (2) failing to adhere to its own DNA variant classification criteria. The alleged negligent misclassification of Christian’s DNA variant originates from the fact that in 2007, Christian’s DNA variant had been reported, studied, and known in a patient with Dravet syndrome. Specifically, a genotype-phenotype association between his variant and Dravet syndrome had been established in two clinical publications, Berkovic et al., 2006, and Harkin et al., 2007. Per Athena’s DNA variant classification criteria as defined in the June 2007 report, the requirement for deeming a variant to be a “known disease-associated mutation” was whether it was reported in the literature to be associated with the disease. Thus, the plaintiff alleges, the existence of Berkovic et al., 2006 and Harkin et al., 2007 made Athena’s classification of Christian’s variant as VUS (i.e., “has not been correlated with clinical presentation and/or pathology in the current literature”) demonstrably false. According to the June 2007 report, “the results of this analysis cannot be definitively interpreted due to the absence of published studies correlating these variant(s) with clinical presentation and/or pathology.”
Christian’s June 2007 report was signed off by Sat Dev Batish, chief director of genetics at Athena, and also an author of the Harkin et al., 2007 publication. According to the complaint, Christian’s DNA variant was cited as an SCN1A DNA mutation that “disrupts the functioning of an assembled ion channel so as to produce an epilepsy phenotype” in a patent for SCN1A testing. This patent originated from the laboratory that produced the Berkovic et al., 2006 and Harkin et al., 2007 publications—the same laboratory that also licensed use of the patent for SCN1A testing to Athena in 2004. Thus, the information used to gain patent rights of SCN1A testing included a citation of Christian’s variant causing an epilepsy phenotype. Finally, the June 2007 report lists a manuscript that was published in 2005 as “pending,” suggesting that Athena’s integration of the biomedical literature into their DNA variant database was at least two years behind.
Hearing on Defendant’s Motion to Dismiss – January 4, 2017
During the oral argument on the defendant’s motion to dismiss held on January 4, 2017, Quest/Athena argued that Williams’s allegations of negligence are in fact allegations of medical malpractice, and, as a result, are time-barred. In South Carolina, plaintiffs have three years to bring a medical malpractice suit against a licensed healthcare provider (who has a direct fiduciary duty to a patient) from the time they discover they were harmed, but they lose the right to sue entirely after six years. This absolute six-year bar is called a statute of repose. Williams’s lawyer, however, argued that her claims allege not medical malpractice but ordinary, common law negligence, which is not subject to the statute of repose. The specific negligence alleged is Athena’s failure to reference (in the June 2007 report) the published studies associating Christian’s specific mutation and SMEI in another patient (Berkovic et al., 2006 and Harkin et al., 2007). Williams further alleges that Athena’s failure to abide by its DNA variant classification criteria, as defined in the June 2007 report, constituted a breach of general laboratory duty, which subsequently led to Christian’s physician failing to discontinue potentially harmful medications. As noted above, Quest/Athena’s own standard for deeming a DNA variant to be pathogenic, or disease-causing, as defined in the June 2007 report, was whether that DNA variant was reported in the literature to be associated with the disease in question.
At the hearing, Williams’s lawyer argued that these are acts of ordinary negligence, with a three-year statute of limitations that didn’t start to run until she discovered the negligence. Williams claims she was unaware of the June 2007 report until September 2014, at which time the June 2007 report was requested and received from Athena. During this 2014 interaction with Quest/Athena, Williams learned that the variant had now been deemed disease-causing and the report would be revised. Quest/Athena subsequently issued a revised report with the new classification of “known disease-associated mutation” on January 30, 2015. Williams contends that she had no opportunity to discover the defendants’ error until she had both the June 2007 and January 2015 reports in hand. Quest/Athena argued that it doesn’t matter whether or not the plaintiff herself knew or did not know about the 2007 report, because “the actual knowledge is imputed to the principal by virtue of [her] agent’s notice”—the agent in this case being the physician, John Shoffner, who ordered the test and received the June 2007 report. Williams also contends that Athena’s failure to notify anyone of the reclassification of Christian’s DNA variant prior to January 30, 2015 was a daily, recurring failure to comply with CLIA regulations, and thus represents a continuous and ongoing injury, each instance allowing for a new claim and thus starting a new clock.
How the judge decides this matter depends on whether Quest/Athena, a CLIA-certified clinical laboratory and “one of the leading genetics testing laboratories in the world,” is a licensed healthcare provider under South Carolina law. Specifically, can a lab that doesn’t deal directly with a patient have a professional, fiduciary relationship with the patient triggering a malpractice standard? Quest/Athena further explained that they “weren’t permitted to do so [communicate individually with patients],” and that consequently “it would have been completely inappropriate for Athena to communicate directly with any patient.”
At the hearing, Judge Seymour asked both the plaintiff and the defendants whether the question of malpractice versus ordinary negligence should be certified to the South Carolina Supreme Court. Certification is a procedure whereby a federal court may pose an undecided question of state law to a state supreme court. Since South Carolina state law will govern this case, the federal judge would then have to follow the South Carolina Supreme Court’s answer.
a) Initial Report – June 2007: Variant of Unknown Significance
According to the complaint, Williams believes that because a genotype-phenotype association between Christian’s DNA variant and Dravet syndrome had been established in two clinical publications (Berkovic et al., 2006 and Harkin et al., 2007), the June 2007 report should have classified Christian’s mutation as a “known disease-associated mutation” rather than a VUS. The existence of these two clinical publications would apparently satisfy the requirements of a “known disease-associated mutation” per Athena’s own DNA variant classification criteria as defined in the June 2007 report. (The requirement for deeming a variant to be disease-causing was whether it was reported in the literature to be associated with the disease.) Williams further alleges that classifying Christian’s DNA variant as a VUS in 2007 was incorrect per these same DNA variant classification criteria: “Variants of unknown significance are DNA sequence variants that are detected reproducibly, but have not been correlated with clinical presentation and/or pathology in the current literature.”
At the hearing Athena’s lawyer argued that “the patient that is identified (in Berkovic et al., 2006 and Harkin et al., 2007) as having the same genetic mutation” had, in both papers, a de novo” mutation. That is, the mutation was not inherited but instead arose during cell division of egg or sperm or early embryonic development. The defense further contended that parental testing is required to determine whether a mutation is de novo, and thus “within the classification that was in those two published reports because the patients in those reports had a de novo mutation.” According to this argument, Athena has no way to know “whether or not this serious disease is present in this mutation unless we test the parents.” The lawyer’s point was that Athena could not have known whether Christian’s mutation was de novo—and thus the same as the mutation in the published papers—because his parent did not undergo genetic testing. As noted above, however, Williams contends that, because she was unaware of the June 2007 report, she was unaware that testing of the biological parents (de novo determination) was recommended.
Athena’s lawyer pointed to patient #15 on Supplement Table 2 of Harkin et al., 2007 (a female who possessed the same mutation as Christian whose mutation was confirmed to be de novo) to illustrate that a conclusive diagnosis could be reached only by additional parental testing and de novo determination. It is intriguing that the next patient listed (#16), along with thirteen other patients on this table, had the same classification as patient number #15 but de novo status was not determined. According to Harkin et al., 2007, “in cases with missense changes, where DNA from parents is unavailable…the case for pathogenicity rests on circumstantial evidence provided by evolutionary conservation of protein structure.” Further, if parental testing was never done on Christian because his parents were unaware of this recommendation, and de novo determination was required for the DNA variant to be classified as a “known disease-associated mutation,” it is hard to understand how and why his DNA variant was reclassified to a “known disease-association mutation” sometime after the June 2007 report and before September 29, 2014.
b) Revised Report – January 2015: Known Disease-Associated Mutation
During the hearing, Judge Seymour seemed particularly interested in understanding the origin and details of the revised January 2015 report. Although the January 2015 report reclassified Christian’s variant from VUS to disease-causing, it did not list any new references or data supporting that reclassification, it did not list the Berkovic et al., 2006 or Harkin et al., 2007 papers, nor did it identify the date when the reclassification occurred or who corrected the misclassification.
Judge Seymour wanted to know why the 2007 report was revised. Athena’s lawyer said that “there was an update to the classification of the mutation in Athena’s database,” and that “as soon as the information became known that it was applicable to this situation, the update was provided to the requesting individual.” Athena’s lawyer further explained,
“the plaintiff’s genetic counselor called Athena in 2014 and asked Athena to re-look up the variant. Athena did so and saw that the variant, the mutation, had been reclassified since then in its database, and based on additional information that was available since June of 2007—remember, this is an incredibly fast-paced field—more than seven years later when the variant was looked up in the database to see how it’s classified. Classifications of variants do change based on new information, and that is what happened here. It’s not a reclassification based on an error. It was just based on new information” [Of note, according to the complaint, Athena was contacted in 2014 to in order to obtain the 2007 report for the first time, not to “re-look up” a variant.]
Athena’s lawyer did not explain what “new information” was obtained between June 2007 and September 2014 that resulted in the reclassification of Christian’s DNA variant (1237T>A, Y413N) from a “variant of unknown significance” to a “known disease-associated mutation.” According to the January 2015 report, “analysis of this individual’s SCN1A gene identified a DNA sequence variant that has been reported in the literature to be associated with SMEI or SMEB, the severe phenotypes associated with SCN1A mutations.”
Event timeline was prepared and presented by Laurel Coons and Robert Cook-Deegan for the Committee on Science, Technology and Law of the National Academies of Science, Engineering and Medicine for their session on Diagnostics Labs and Legal Liability on October 17, 2016.
Afterword by John Conley
I appreciate Laurel’s careful and accurate reporting, and I think her analytical points are all well taken. I’d add just a few points from a legal perspective:
1. Judge Seymour did an excellent job in conducting the hearing. She was very well prepared and had an impressive understanding of the medical and scientific issues. She pressed both sides on their respective vulnerabilities, and both lawyers were sometimes wobbly in responding. That’s not a criticism of them, but a reflection of the fact that—as Laurel points out—both sides face some hard issues. In any event, if the case goes forward from here, all indications are that Judge Seymour is the right judge to manage it, with all its complexities.
2. Don’t try to predict the outcome from the judge’s questions. Judge Seymour was just doing her job, very effectively: forcing both sides to deal squarely with their hardest issues. To me, she seemed absolutely evenhanded in her questioning. I see no basis for predicting how she’s leaning.
3. What happens from here? This is complicated. An initial point to keep in mind is that (under a 1937 U.S. Supreme Court case) the federal judge must apply South Carolina state law—not federal law—to all of the key issues in this case. So, a big part of Judge Seymour’s job here is to determine what South Carolina law says about those issues.
Let’s break down the possibilities:
(a) Judge Seymour decides on her own that the case is or is not a malpractice case and then applies the applicable statute of limitations. If she decides that it is a malpractice case, then the likely outcome is that it will have to be dismissed under the six-year statute of repose that Laurel describes. The plaintiff could then appeal to the U.S. Court of Appeals for the Fourth Circuit, which covers Maryland, Virginia, West Virginia, and North and South Carolina. If Judge Seymour decides it isn’t a malpractice case, she would apply the ordinary negligence statute, which doesn’t have a statute of repose, and the plaintiff might well (although not necessarily) avoid dismissal. If that happens, the parties will begin discovery and the case will begin moving slowly toward trial.
(b) In this scenario, Judge Seymour doesn’t decide the malpractice versus ordinary negligence issue herself, but certifies that question (as Laurel explains) to the South Carolina Supreme Court for an answer. If she does that, and the South Carolina court accepts the question, that would add a minimum of several months to the process. Depending on the South Carolina court’s answer (which Judge Seymour would be bound to follow), the case would unfold as described in paragraph (a).
4. Regardless of which way the decision goes, what will be the legal impact? Surprisingly, perhaps, the strictly legal significance of the case will be limited. A number of scientific and medical people have suggested to me that, because the case is in federal court, it will have national impact. That’s not true, at least from a legal perspective. Again, let’s review the possibilities.
If the South Carolina Supreme Court decides the malpractice versus negligence question (or any other question in the case that may be certified to it), its answer will be binding on all South Carolina state courts, and, indirectly, on other courts, state or federal, that have to decide that same question under South Carolina law (not many, I’d think).
Any decision made by Judge Seymour on this or any other issue in the case won’t be binding on any other court. Any rulings made on appeal by the Fourth Circuit will be binding on all federal courts within the circuit’s five states. But here again, those rulings would apply only in federal cases that happened to be deciding the very same questions under South Carolina law. A final point is that this case is very unlikely to be taken by the U.S. Supreme Court because it does not seem to present a significant question of federal or constitutional law.
This all adds up to minimal significance. Note, however, that I keep stressing that I’m referring to strictly legal significance. It could be highly significant in other respects. First, if Judge Seymour’s rulings on all the issues the case presents seem well reasoned and persuasive, then other courts facing similar issues might choose to follow her. This happens often, with the first case on a novel problem becoming the model for later decisions elsewhere. So, if Judge Seymour ultimately rules on, for example, the respective standards of care for labs, medical geneticists, and primary care physicians in this factual context, judges in later cases will look carefully at her reasoning and may follow it, even though they won’t have to.
In addition, as legislators and regulators think about how to regulate genomic testing, they will be looking for any precedent that might provide guidance. If this case gets past the statute of limitations issue and Judge Seymour issues rulings on substantive issues, lawmakers (or their staffs) will look closely at what she says.
5. This leads to my final point: a message for the medical and scientific communities. Everyone involved in developing a legal framework for genomic testing—judges, legislators at the state and federal levels, and state and federal regulators—is and will be looking for guidance. Help them out! It would be very useful for interested expert bodies—the Association for Molecular Pathology, for instance—to promulgate guidelines for resolving such critical questions as the respective responsibilities of primary care physicians, specialists, and testing labs in situations such as that presented by the Williams case. If you do, I can almost guarantee that the relevant legal constituencies will take your recommendation very seriously. But if judges, legislators, and regulators are left to make it all up on their own, you probably won’t like the outcome. And act now, not later. Plaintiffs’ lawyers are given to herd behavior, so the Williams case may be only the first.
In its July 29, 2016 decision in LabMD, Inc., the Federal Trade Commission clearly signaled its intent to get more involved in the regulation of health privacy. Specifically, the case indicates that the agency intends to go well beyond its traditional role of protecting consumers against deception and to begin scrutinizing the nuts and bolts of companies’ health data security practices.
In most cases, the privacy of individually identifiable health information is protected by HIPAA’s Privacy Rule, which is enforced by the Department of Health and Human Services. But HIPAA covers only data transactions between “covered entities” (providers, health plans, and health care clearinghouses) and their “business associates” (various kinds of service providers). A lot falls through the HIPAA cracks, including the communication of individual patient information between treating physicians and testing laboratories, which is not covered by the HIPAA Privacy Rule. (However, HHS has used HIPAA to determine that patients must be given access to their genetic testing data; see our prior coverage.) This is the crack that the FTC sought to fill in LabMD.
As I noted above, one piece of news in this case is the FTC’s move into the health privacy area. LabMD was in the clinical laboratory business from 2001 until 2014, when it suspended its testing business. However, it has retained its previously collected patient samples and data and continues to provide past test results to providers. Therefore, one lesson to be drawn from the decision is that if you are in the health business but not covered by HIPAA, you cannot assume that you are unregulated—the FTC will be watching, even if no one else is, for as long as you keep individual health data.
Now the FTC is telling you what you have to do. In a series of recent business cases (involving, for example, car dealers and hotels), the FTC has gone beyond posted privacy policies to closely examine just what companies are doing to protect consumers’ personal and financial information. The agency is insisting that privacy and data security practices be reasonable, a loosely defined and evolving standard that seems to focus on industry best practices. The regulatory algorithm is that unreasonable privacy practices=unfair trade practices, and thus violate section 5. (The most comprehensive—albeit somewhat dated—statement of the FTC’s outlook can be found in its 2012 report on consumer privacy.)
This is precisely the approach the FTC took in the LabMD case. Among the data security practices deemed unreasonable were: failing to use an intrusion detection system, neglecting to monitor file integrity or traffic coming across the firewalls, never deleting any data, and not training employees. One consequence of this inattention was that employees installed P2P file-sharing software that exposed thousands of health records to the outside electronic world.
Exposed is a key word here: there was no evidence of any actual data theft. The FTC found this irrelevant, however. Its decision relied on the rarely cited section 5(n) of the FTC Act, which provides that an act or practice can be held unfair if it “causes or is likely to cause substantial harm to consumers.” So the threat of harm is enough, and the absence of actual harm is no defense.
A couple of other legal issues in the LabMD case are worth mentioning. The first concerns the FTC’s authority to judge the substantive adequacy of privacy practices, as opposed to merely ensuring that companies live up to their privacy policies. A number of FTC targets have challenged this authority, including LabMD, which asked both the FTC itself and two different federal courts to rule that the agency was going too far. Its requests were rejected, as has happened in every other case. The leading case is Wyndham Hotels (2015), where the U.S. Court of Appeals upheld the FTC’s authority to regulate the substance of cybersecurity.
A second point concerns remedies. While the FTC has the power to fine offenders, it did not seek a monetary penalty against LabMD. Instead, it imposed (via injunction) detailed requirements for improved security practices. Prospective targets should not take much comfort from this: he agency can seek fines, and LabMD complained bitterly about the burden imposed by the injunction. One piece of good news for targets is that private parties cannot sue for violations of the FTC Act, although they may have comparable rights under similarly worded state “Little FTC Acts” (e.g., North Carolina’s).
Companies that collect, transfer, store, or use individual health information should keep these points in mind:
• The fact that you’re not a covered entity or business associate under HIPAA does not mean that you’re free from federal regulation—the FTC is aggressively asserting its authority in the interstices of privacy law.
• The FTC clearly believes that in privacy and data security, unreasonable=unfair and is thus illegal.
• Reasonableness is a fluid and evolving concept, likely to be tied to best practices in a given industry.
• To get a more specific idea of what the FTC thinks is and isn’t reasonable in the health context, read the full LabMD decision carefully, paying close attention to the technical details. In designing your own practices, avoid LabMD’s specific pitfalls, and whatever you do, do it better than LabMD did.
• The LabMD decision doesn’t mention this, but the FTC does not have jurisdiction to regulate nonprofits. Someone else—including your state government—will, however, and the FTC’s privacy standards are likely to provide a model for other regulators.
On May 11, 2016, a new federal trade secrets law called the Defend Trade Secrets Act (DTSA) took effect. Its primary impact is to allow the victims of trade secret misappropriation to sue in federal court. It also provides some new civil remedies that exceed what is usually available under state law. The DTSA will be slotted into the U.S. Criminal Code (chapter 90 of Title 18), which already makes industrial espionage and trade secret theft a federal crime. In terms of what companies have to do to comply, the answer is almost nothing—the sole exception being a change in future employee contracts that is discussed below. In this post I’ll describe and analyze the new law and offer some thoughts about its potential impact on the life sciences industry.
Until now, civil trade secret protection has been entirely a matter of state law. The law is very consistent from state to state, as 47 states have enacted the Uniform Trade Secrets Act (UTSA). The exceptions are New York, Massachusetts, and North Carolina, though the North Carolina statute is generally similar to UTSA. Enforcement actions must usually be brought in state court, though federal courts can take jurisdiction if the plaintiff and defendant are citizens of different states. Even then, however, the federal court must apply state law in deciding the case.
Read the rest of this entry »
Back in April, we reported on some new developments in European Union law that have implications for the life sciences industry. One of these developments was in the privacy area—the final approval of the EU’s new General Data Protection Regulation (GDPR). The GDPR will have enormous significance for medical research and practice, since it will govern the collection and use of health data related to EU citizens. This month has brought a complementary and equally significant development, this time dealing with the transfer of personal data—including health data—from the EU to the U.S.
On July 12, 2016, the European Union announced that it had formally adopted the long-awaited EU-U.S. Privacy Shield to permit the transfer of personal data from EU countries to the United States.
Read the rest of this entry »
The last few days have seen two significant news items from Washington. First, the National Institutes of Health have refused—yet again—to exercise their “march-in” rights to grant third-party licenses to a patented drug developed with federal funding. The drug in question is enzalutamide, a prostate cancer treatment marketed under the brand name Xtandi by Japanese pharmaceutical company Astellas Pharma. Xtandi was derived from federally supported research at UCLA. Under such circumstances, NIH has the statutory authority to grant a license to a third party if the grantee or its assignee “has not taken, or is not expected to take within a reasonable time effective steps to achieve practical application of the subject invention.” “Practical application” means that that the invention must be “available to the public on reasonable terms.”
Read the rest of this entry »
The Cleveland Clinic’s Roger Klein responds to my previous GLR post:
The Office of Civil Rights’ interpretation of the requirements of 45 CFR § 164 could pose problems for clinical laboratories and the professionals who practice within them. Although the issue of providing benign variants for a single gene, at least prospectively, would be straightforward, a broad definition of the designated medical record set could result in considerable complexity when one considers large-scale sequencing. Some excluded data can be of variable reliability, may be prospectively filtered by software, or may otherwise be omitted from the patient report because of professional interpretation and judgment. One can legitimately argue that this interpretation and judgment, as reflected in the patient report, should serve as the gateway to the official medical record.
Read the rest of this entry »
UNC’s Karen Weck responds to my previous GLR post:
I agree in principle that patients have the right to access their genomic data; however, in practice it is much more complicated (as things often are). Giving a patient his/her raw sequencing data would be meaningless – it is the interpretation of the clinical significance of sequence data that is important when reporting results. This latter requires the expertise of molecular genetic laboratorians and clinical geneticists. We do not return all genomic sequence variants to individuals in exome sequencing, for example when we determine that they are unlikely to be contributory to their disease or medical health. It is important to those of us doing this that we retain the ability to use our professional judgement to determine what should be reported to patients as medically relevant, primarily so as not to dilute important medical information with irrelevant information.
Karen E. Weck, MD
Professor of Pathology & Laboratory Medicine and Genetics
Director, Molecular Genetics
University of North Carolina at Chapel Hill
Just about everyone interested enough in genomics and the law to read this post will know that the American Civil Liberties Union waged a long and ultimately successful legal campaign to invalidate Myriad Genetics’ patent claims to isolated BRCA genes, mutations of which are linked to breast and ovarian cancer. Now the ACLU has launched a second front, this time attacking Myriad’s post-patent business model of maintaining its vast and unique database of genotype-phenotype associations as a trade secret. GLR reported on that evolving strategy two years ago.
The new ACLU attack has, thus far, received modest attention in the scientific press, and some of what has been reported is inaccurate. In this post I will briefly review what has actually happened and then try to sort out fact from fiction in the reportage. The bottom line is that the federal government has not created new stealth regulations dealing with the disclosure of genomic data to patients. It has, however, used the practice of governance-by-guidance to make significant new policy, which is problematic enough in its own right.
Read the rest of this entry »
The last several months have seen several developments in European privacy and intellectual property that have significant implications for life sciences interests—both commercial and academic—in this country. Here is a brief review:
1. Final Approval of Pending EU General Data Protection Regulation
On April 14, 2016, the Parliament of the European Union gave final approval to the long-discussed GDPR. It will replace the current regime of country-by-country laws under the 1995 Data Protection Directive. Whereas an EU Directive requires implementation by individual EU member states, the GDPR is a Regulation (much like a federal law in this country) that will take immediate effect in all EU countries in the spring of 2018.
Read the rest of this entry »
Over the last five or so years my law practice has focused increasingly on privacy law, both domestic and international. In hindsight, this was a predictable outcome: as an intellectual property lawyer, many of my clients do business on the Internet or are engaged in scientific research and development, with many of the latter in the health care area. These are the very kinds of people who need to worry about privacy—of their customers, users, patients, and subjects. As they started on focusing on privacy concerns, these clients turned to their IP lawyers for help, and my Robinson Bradshaw colleagues and I have tried to stay ahead of their needs.
As a consequence of my growing privacy practice, I am regularly called on to give overviews to other lawyers as well as non-lawyers in the scientific and business communities. I thought it might be useful to devote a GLR post to a privacy law summary targeted at readers who conduct medical and other scientific research. Privacy law is a transnational mess, so this will be a bit longer than I’d like—my apologies, and please don’t shoot the messenger—but I’ll try to cut through the legal jargon.
Read the rest of this entry »