Sharing of genomic health data for research presents challenges to specific informed consent.
The need for public trust in data sharing has been presented as a complement to securing informed consent, but what specifically is meant by public trust remains unclear.
Institutions ought to be trustworthy, rather than merely trusted.
Offering guarantees of performance does not show trustworthiness; rather, trustworthy institutions show the right kind of character, reflected in their aims, values and governance structures.
Recent years have seen a dramatic increase in the collection, storage and curation of human genomic data for biomedical research. These data sets hold great promise for research into the genetic basis of disease, and represent more diverse populations than have traditionally been accessible in research. Large-scale federated data networks like the proposed Canadian Human Genome Library (CHGL) represent a potential way of providing secure access to these data to researchers beyond select institutions.1 However, the promise of human genomics research has been encumbered by ethical concerns about data sharing. One particular concern is whether it is possible to obtain informed consent to the population-level research that genomic databases like the CHGL are intended to facilitate.
Participants in genome-based research or patients who receive genome or exome sequencing as part of their clinical care may be asked to consent to allow their data — not only genomic data but associated clinical or administrative data stored by an institution — to be made available to future researchers. Because the future uses of these data are unknown at the time of data collection, concern has been raised about whether consent for this future data use is, or can be, informed.
Various alternatives to specific consent have been proposed as a solution to this problem. For example, blanket consent allows health data to be used without any restrictions; broad consent allows health data to be used based on some knowledge about how decisions about the use of data will be made (e.g., a particular kind of governance arrangement), but without giving people specific details about how their data will be used.2 Dynamic consent involves continually updating participant consent with 2-way, ongoing communication between researchers and participants, and meta-consent enables people to express preferences regarding which type of consent they want to give for which type of research.3
Nevertheless, even when participants do give their valid consent to share their genomic data, it will inevitably be on the basis of a degree of uncertainty, as indicated by the authors of the related guidance for policy in their stipulation that participant consent forms should include an explanation that “future health research will be conducted with participants’ data on a range of health outcomes that are unknown at this time”.1 Longstaff and colleagues are surely correct to emphasize the importance of consent. However, ensuring that participants provide clear consent to research is at best complementary to other kinds of protections and controls for how individual data are used. Accordingly, many institutions tasked with the storage, sharing and use of health data have placed substantial emphasis on the ways in which they seek to build public trust in data sharing, including by maintaining data security and protecting participants’ privacy as a complement to informed consent.
What institutions mean when they talk about public trust, however, remains unclear. Philosophers often distinguish between 2 related attitudes that are required when a person is dependent on another under conditions of uncertainty (such as sharing data with future researchers), namely, trust and reliance. Being trustworthy is not the same as being reliable. A key difference between these 2 attitudes is how people may be expected to respond to a failure of each. For example, failures of trust, such as a broken promise, might engender feelings of betrayal, whereas failures of reliance, such as a late arrival of a physician for an appointment, likely would not. Someone who is reliable is merely someone who behaves predictably. Ideally, those in whom people trust will also be trustworthy (that is, trust in them is well grounded) and those who are trustworthy will also be trusted. However, trustworthiness depends on features of the trustworthy person or entity, while trusting depends on features of the person placing their trust. Some people trust very easily, (including when they should not) and others are loath to trust (including when they should). Accordingly, when it comes to institutions collecting, sharing and using health data, it is important to focus on whether these institutions are trustworthy, rather than whether they happen to be trusted or not.
These distinctions between trust, reliance and trustworthiness are largely absent in the health data literature. As a result, it is unclear whether existing strategies for building public trust in data sharing (e.g., enhanced data security, increased monitoring and oversight, more stringent regulations), are intended as evidence of trustworthiness (with the further aim of building trust in data sharing) or reliability (with the further aim of building reliance).
How does an individual or an institution become trustworthy, or show its trustworthiness? Certainly not by being trusted, nor indeed by telling people that they are trustworthy. Offering guarantees of certain behaviour also does not amount to being trustworthy. 4 Trustworthiness, whether of an individual or institution, involves having the right kind of character. The character of an institution seems to be related to its aims, values and culture, as well as the processes and mechanisms of organization and governance. These are the things that, when functioning well, determine how the institution acts. Thus, although we might glean something about an institution’s trustworthiness by examining, for example, the formal processes by which its data access committee makes decisions (e.g., the particular criteria it uses to evaluate applications for access), much of what determines the character of an institution — its aims, values and culture — may not be so specific. Yet these factors are integral to determining its trustworthiness, insofar as they are integral to how an institution implements and carries out its governance processes. For example, the access committee of a database might commit to only sharing data for research that has social value, but how social value is determined may not be explicitly codified.
Although securing informed consent remains an important facet of ethical research, the complexity and uncertainty inherent in current data-driven research means that much of how people’s data are used is outside of their direct control. More sophisticated versions of informed consent can allow participants to maintain a degree of control over their data, but eventually, participants will simply have to decide whether to trust or not. Robust regulations, security and methods of data protection to assure accountability may decrease the scope of what is being trusted (by offering guarantees of performance), but they cannot eliminate fully the need for trust and trustworthiness. Participants ought to be able to make an informed judgment about whether an institution is trustworthy before they trust it with their health data; information on an institution’s values and culture should be considered an essential component needed to ensure the appropriate engagement of patients and other participants in genomics research and in the CHGL.
The author acknowledges support from the Wellcome Trust (no. 203132/Z/16/Z).
This is an Open Access article distributed in accordance with the terms of the Creative Commons Attribution (CC BY-NC-ND 4.0) licence, which permits use, distribution and reproduction in any medium, provided that the original publication is properly cited, the use is noncommercial (i.e., research or educational use), and no modifications or adaptations are made. See: https://creativecommons.org/licenses/by-nc-nd/4.0/