The online health revolution and your DNA: It's a trust issue

The online health revolution and your DNA: It's a trust issue

Summary: 23andMe, a Web-based service that allows you to understand your DNA, officially launched Monday and for $999 you can order a saliva kit, send your genes to the company and then get a hosted account with all of your genetic information for analysis.23andMe said in a statement it is offering its services in the U.


23andMe, a Web-based service that allows you to understand your DNA, officially launched Monday and for $999 you can order a saliva kit, send your genes to the company and then get a hosted account with all of your genetic information for analysis.

23andMe said in a statement it is offering its services in the U.S. and will allow customers to analyze their genome and compare it to relatives who participate. "We believe this information provides intriguing insights into an individual's genetics, with the goal of expanding the collective knowledge base by enabling active participation in research," said Anne Wojcicki, co-founder of 23andMe. There's a Webcast at 2 p.m. EST today.

The company, which actually launched over the weekend, is garnering a good bit of attention because Wojcicki is Sergey Brin's wife. Google is also an investor in 23andMe. Those facts may get 23andMe some initial press, but the service will carry the day. And I do think 23andMe is onto something big here. Sure, uploading your genetic information to a startup's Web site may creep some people out, but I must admit I'm a lot more curious than I thought I'd be about 23andMe's service.

Here's the process:

  • 23andMe sends individuals a saliva kit containing a barcoded tube for saliva collection. Customers then use the enclosed mailing materials to send their samples to 23andMe's contracted laboratory. The DNA is then extracted and exposed to a microchip-like device made by Illumina, a leading developer of genetic analysis tools, that reads more than half a million points in the individual's genome, including a proprietary set chosen by 23andMe scientists, to produce a detailed genetic profile.
  • Once the analysis has been completed, individuals will be able to use their own private login to access their data via 23andMe's secure website. Using 23andMe's tools, individuals can explore their ancestry, see what genetics research means for them and compare themselves to friends and family members.
  • Ultimately, they will become part of a community that works together to advance the overall understanding of the human genome.

At this juncture, I don't have the $999 lying around just to figure out my gene pool. I'm also not convinced I want to know that much about my DNA. I already know I'm predisposed to be chunky if I don't workout like a madman. There are some cholesterol issues in my family. And I have the gene that means I run slower than molasses running uphill on a cold day. What else is there to know?


Aside from the price and curiosity issue there's another hurdle that really is the linchpin of 23andMe's business and the entire online health information revolution: Trust.

Can you trust the company holding your gene pool, medical records and other critical data?

Consider the following: 23andMe gets my DNA. I'm uploaded to a secure server that's private. I'm the only one with access to my data and I discover all sorts of information about my ancestry, tendencies and some insight to cancer rates in my family. That's worth $999 easy. And then 23andMe becomes such a hit that United Healthcare buys the company. I trusted 23andMe the startup. I don't trust 23andMe, the unit of a health insurance company.

If you think that putting your corporate data in the cloud comes down to trust just imagine the mental hurdles involved with putting your gene pool in someone else's data center. For me, this data security issue is arguably the biggest hurdle for online health records of any sort. Yes, I realize paper is inefficient, but somehow it's comforting.

Microsoft HealthVault launched in October with an impressive lineup of partners. Technically, HealthVault isn't a personal health record, but a way to straddle numerous health records and combine them in one place. Microsoft understands the trust issue and spends a good amount of time talking about privacy. Here's the privacy statement. From an FAQ:

Q: What is Microsoft’s approach to privacy for the HealthVault platform?

A: People willing to try Microsoft’s HealthVault must trust that their data will not be lost or misused by us or anyone else. Microsoft designed and built HealthVault with a strong foundation of security and privacy while consulting with experts inside and outside the company to augment our significant expertise in these areas. HealthVault’s privacy principles show that we’re committed to putting people in control of their health information:

  1. The Microsoft HealthVault record you create is controlled by you.
  2. You decide what information goes into your HealthVault record.
  3. You decide who can see and use your information on a case-by-case basis.
  4. We do not use your health information for commercial purposes unless we ask and you clearly tell us we may.

Q: How can you promise consumers that their data will be safe? What measures have been taken to protect data “in the cloud?”

A: HealthVault was developed using Microsoft’s Security Development Lifecycle, which means security concerns have been factored into every stage of the development process and our work has been subjected to internal and external security testing. HealthVault grants access to partner programs only to the extent a user allows such access. A partner program cannot access a user’s HealthVault record without the permission of a record custodian.

Microsoft’s systems operate with extra precautions. With HealthVault we isolated traffic onto a virtually separate network and located our servers in physically separate, locked cages. All data that moves among our systems is encrypted, including all traffic to and from HealthVault, its users and its partners. Access to HealthVault data by Microsoft employees is tightly controlled and extremely limited to a small group of personnel necessary to perform essential operations.

All of our back up data is encrypted, and every stage of its transportation is logged. We also log every time records are created, changed or read, leaving a clear audit trail.

Is that enough to win me over? Probably not yet. And I generally trust Microsoft with my data.

Will Google Health be any different when it lands? I doubt it. I'm well aware that Google scans my Gmail for advertising purposes and nothing bad has happened. I'm also aware that Google claims to do no evil. I trust Google too. But do I want my health data stored on Google? Probably not.

It's a mental hurdle I have--and it's one a lot of other people have. Maybe if HIPAA applied somehow I'd feel better. Today there is a trust issue I assume I'll get over. After all, much of your financial history can be swiped in a crafty phishing attack but it's not like you put your money in the mattress.

But medical information is different. As 23andMe tagline proclaims: Genetics just got personal. That's part of the problem. When you store your medical history, DNA and tendencies for heart disease in someone's cloud trust is everything.

Other 23andMe items worth a read:

Topics: Enterprise Software, CXO, Data Centers, Google, Health, Microsoft, Software, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Can this setup be somehow reversed to improve the trust aspect?

    I am reminded of the notion of everyone having their own "smart card" or other personal storage device, possibly with its own processing power. Instead of yet another large centralized database that would attract hacking of all types (and perhaps the government if they happen to mention homeland or national security), why don't we distribute the most important part (the data) and allow only trusted users access to our card, perhaps even to the point that their "agent program" runs in a little sandbox and can only gain access to the data the owner specifies? A lot harder to hack perhaps? Sorry, I guess my trust level is low and getting lower as I read about these sorts of things...
  • RE: The online health revolution and your DNA: It's a trust issue

    Perhaps technology will finally destroy the mythology that healthcare *should* be the domain of insurance companies.

    Health insurance is the only type of insurance for which filing a claim is a foregone conclusion.
  • RE: The online health revolution and your DNA: It's a trust issue

    A thousand for this?!! What a rip. This might be nice to know info, but I can think of LOTS of other things that are MUCH more important to spend $1K on. Make it affordable....more like $50 for the masses who would be interested.
  • I like this idea...

    But I'll just wait until the price drops to $1.50
  • No way!

    My gene pool belongs to me, i can trust my medical records in the hands of the national health service. No way i will trust anything on a private company, wich, like every other company, will sell their mothers if that means a profit.And there is really no need to know about your DNA unless you??re a eugenics freak and are looking for a suitable mate to breed some pure whatever...
    Amerika always amazes me, even for some stupid ideas.
  • RE: The online health revolution and your DNA: It's a trust issue

    Larry, I think that you have missed a very big point, (or should that be Issue). For years there has been talk in various countries (primarily the UK) about establishing DNA data bases for purposes other than health reasons.

    Whilst you raise the issue of a possible buy-out of the company by a Health Insurance Provider or Health Care Provider (sometime in the future) you say nothing about the possibility of a government taking over the database and using it for other purposes such as profiling etc.

    So, in other words, something that was started as a personal sort of research tool, suddenly the government has the information and, governments being what they are - apologists for the corporate sector, it hands the data over to the insurance companies (something they have wanted for a long time). Can you imagine the impact this would have on insurance premiums (if they decide to insure you at all?).

    Let me be a little paranoid about this. What could DNA be used for (not being a geneticist(?) I don't profess to know all the uses):

    1. personality/character profiling;
    2. health profiling - would you be suseptible to any particular illness(es)?;
    3. suitability for parenthood - ie any damaged chromasones? Any hereditary bad traits?;
    4. possible criminal profiling - you haven't actually committed a crime but statistically you are liable to commit one during your life time - a bit like "thought" crimes;

    These are just a few of the top of the head points.

    Whilst this endeavour appears to be quiet innocent and harmless at the present moment the possibilities of misuse in the future are just too great. (is it too far fetched to think that sometime in the future someone will patent the human gnome and expect to receive royalties from every human being on the planet - after all, no one expends money on research unless there is a monetary reward at the end of that research, do they? What about a government tax on the human genome?)

    "Ultimately, they will become part of a community that works together to advance the overall understanding of the human genome." Now that's real scary - no privacy at all. And to what purpose?
  • Rich People Will Buy It

    Rich people will buy into this. Who knows, maybe a bit later on they can grow clones and if something happens like a accident causing a missing limb they can use their clone.
    Hang on a minute, didn't they make a film based on this with Ewan McGregor called The Island...
  • RE: The online health revolution and your DNA: It's a trust issue

    Let's project forward a few years. To participate in society in most of the developed world, any information about you that is worth anything will need to be stored electronically and be accessible online. Whom will you trust to keep that information accurate, accessible yet secure? How will you protect yourself from mergers and aquisitions where your data is being acquired by an unknown company?

    More thoughts on this matter here:
  • RE: The online health revolution and your DNA: It's a trust issue

    Well if they compile a data base, it will provide a list of who has been back bitting and tush kissing who