Statement on the use of genetic test results by life and health insurance companies

July 9, 2014

Introduction

Over the past five years, the Office of the Privacy Commissioner (OPC) of Canada has been examining the privacy implications arising from the collection and use of genetic information as one of its four policy priorities.^{Footnote 1} As part of this process, the OPC has monitored developments, commissioned research papers, consulted stakeholders and held expert roundtables in the area of genomics and privacy. Based on this work, the OPC has developed this statement on the use of genetic test results by life and health insurance companies.

Genetic Testing and Insurance in Canada

At this time, there are no laws in Canada that specifically address the use of genetic test results by insurance companies. In contrast, several countries have prohibited, or introduced moratoria on, the use of genetic information by insurance companies.^{Footnote 2}

The Canadian Life and Health Insurance Association’s (CLHIA) Position Statement on genetic testing states that an insurer would not require an applicant for insurance to undergo genetic testing. “However, if genetic testing has been done and the information is available to the applicant for insurance and/or the applicant’s physician, the insurer would request access to that information just as it would for other aspects of the applicant’s health history.”^{Footnote 3} CLHIA’s policy is based on the general principle that “the insurer needs to have all available material information about the applicant’s risk, in order to properly assess that risk.”^{Footnote 4} The policy does not define what constitutes “material information” nor does it differentiate between different types of genetic tests or the purposes for which the testing was done. As a result, there may be uncertainty about when or how genetic test results are being used by insurers.

The absence of any specific prohibition on the use of genetic test results by insurers has raised concerns about genetic discrimination and the fear that potential discrimination might act as a deterrent to genetic testing even when clinically advisable.^{Footnote 5} Such concerns have prompted legislators to propose laws that prohibit organizations from requiring an individual to undergo a genetic test or disclose existing results of a genetic test as a condition of providing goods or services to the individual.^{Footnote 6} This proposed legislation and much of the discussion to date in Canada has looked at the issue from a human rights perspective.^{Footnote 7} The analysis that follows examines the collection and use of genetic test results by insurance companies from a data protection perspective.^{^{Footnote 8}}

The Importance of Purpose Specification

One of the fundamental principles of data protection and privacy laws is the concept of purpose specification and the expectation that personal information should only be used for the purpose for which it was collected.

According to the CLHIA Position Statement on Genetic Testing, “(i)t is extremely important that life and health insurers have access to and be able to utilize all relevant health information in order for the risk classification and underwriting process to function correctly. Information derived from genetic tests is medical information that is potentially relevant to risk classification”.^{Footnote 9}

For their part, however, individuals may undergo genetic testing for many reasons. Sometimes it is for medical purposes. For example, an individual may undergo a well-established genetic test in a clinical setting to find out if they are at risk of developing a condition or disease that runs in their family, to confirm a suspected diagnosis at an early stage or for reproductive planning purposes, i.e., to determine if they are a carrier for a serious genetic condition that could be passed on to a child.^{Footnote 10}

As a result of advances in science and the availability of more powerful computing technologies, genetic testing has become cheaper, faster and more readily available. Today, individuals may undergo testing for reasons other than these well-established clinical purposes.

Individuals may voluntarily undergo genetic testing as part of a health research project to help researchers identify associations among different genes or between genes and environmental factors in order to better understand how, and to what extent, genetic variations contribute to health and disease. Often, these research projects are carried out on very large sample sizes – sometimes millions of research participants. In this context, researchers are not examining the accuracy of specific individual results, but rather, looking for general associations among literally billions of data points. Whether individual results are offered to research participants depends on the research protocol and the preferences of the research participant.^{Footnote 11}

As well, individuals may use direct-to-consumer (DtC) genetic testing companies that market their services directly to consumers, typically via the Internet. Some DtC companies offer tests they claim can identify an increased risk of developing certain conditions. Others claim to provide information about paternity or other biological relationships, ancestry, ethnicity, physical traits or even how one’s genetic make-up affects reaction to foods. Individuals who undergo these types of tests may be motivated by a variety of reasons; the purpose may be legal, genealogical, nutritional or it may simply be out of fun or curiosity.^{Footnote 12} What these companies purport to do with the personal information they collect from consumers varies widely from company to company.^{Footnote 13}

PIPEDA

The Privacy Commissioner of Canada oversees compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA sets out general rules that govern the collection, use and disclosure of personal information, including health and genetic information, by organizations engaged in commercial activity.

Of principal importance is the requirement for consent. Insurance companies must obtain an individual’s consent for the collection and use of his or her genetic test results for insurance underwriting purposes. Typically, they do so through the insurance application process and acceptance of the terms of their insurance policies. In addition to consent, PIPEDA requires organizations to comply with other data protection obligations.

There are three principles in PIPEDA that are particularly relevant in terms of assessing the appropriateness of insurance companies collecting and using genetic test results of applicants. The Consent Principle (Principle 4.3.3) affirms that an organization shall not require an individual to consent to the collection, use, or disclosure of personal information beyond that required for an explicitly specified and legitimate purpose. The Limiting Collection Principle (Principle 4.4) limits collection to only that personal information which is necessary for the purposes identified by the organization. The “reasonable person” provision (subsection 5(3)) limits the collection, use or disclosure of personal information “only for purposes that a reasonable person would consider are appropriate in the circumstances.”

The question the OPC set out to address is whether requesting access to existing genetic test results goes beyond that which is necessary for legitimate business purposes or beyond that which a reasonable person applying for life or health insurance would consider appropriate in the circumstances.

In order to address this question, the OPC has adopted the following well-established four-point test as an analytical framework^{Footnote 14}:

Are the collection and the use of this personal information necessary to achieve a legitimate business purpose?
Is the personal information likely to be effective in achieving that purpose?
Are the collection and the use proportionate to the benefits gained?
Are there less privacy-invasive alternatives?

Necessary?

One way to assess whether genetic test results are necessary to allow life and health insurance companies to assess risks accurately and fairly would be to examine the impact on the industry if it were not allowed to use this information. To help our Office assess this question, we commissioned two papers by experts in actuarial science and economics.^{Footnote 15}

The two papers agree that, at the present time and in the near future, the impact of a ban on the use of genetic test results by the life and health insurance industry would not have a significant impact on insurers or the efficient operation of insurance markets.

In reaching this conclusion, both papers distinguish between complex (or multifactorial) disorders and monogenic (or single-gene) disorders. Both papers conclude that monogenic disorders – diseases caused by a mutation or abnormality in a single gene – are so rare that in an insurance market of reasonable size, the cost impact of any adverse selection^{Footnote 16} (that might result from banning insurance access to genetic test results would be very small.

With respect to multifactorial disorders^{Footnote 17}, both papers conclude that since the genetic contribution to most common complex disorders is small relative to other factors, prohibiting insurers from using results indicating the presence of a genetic marker associated with one of these disorders would not adversely affect the financial viability of insurance markets at this time.

Based on these expert conclusions, therefore, collection and use of existing genetic test results by insurance companies would not appear to be necessary for the legitimate business needs of the industry at the present time.

Effective?

A number of tests for rare monogenic disorders have been clinically established as having high predictive value, but most common diseases are complex in nature. The genetic contribution to the incidence of most multifactorial, complex diseases is still not well understood relative to many other health and environmental factors. As such, most genetic test results in the clinical context are still of relatively low probabilistic value and are therefore not likely be effective for insurance underwriting purposes at this time.

Moreover, the clinical accuracy, validity and utility of DtC tests in the current unregulated market are open to question. Whether DtC companies are even subject to the Canadian Food and Drugs Act and related medical device regulations is not clear. In November 2013, the United States Food and Drug Administration (FDA) ordered 23andMe Inc., a high-profile DtC company, to stop marketing its Personal Genome Service (PGS) until it receives FDA marketing authorization for the device.^{Footnote 18} As a result, 23andMe has stopped providing health-related analyses, although it still provides ancestry-related genetic tests and raw genetic data. The FDA’s order was based on 23andMe’s failure to provide “assurance that the firm has analytically or clinically validated the PGS for its intended uses.”

In the research context, the validity and accuracy of individual test results cannot always be guaranteed.^{Footnote 19} This is particularly the case in the context of very large population-based research studies where the researchers’ purpose is to look for general associations across billions of data points and not for test results for specific individuals per se. In the clinical research context, the whole purpose of the study may be to look for the genetic contribution to disease and find clinically-relevant associations that have not yet been established and are still in the testing phase.

Proportionate?

Individuals undergo genetic testing for a variety of purposes. Individuals may undergo testing as part of a research study, to determine if they are a carrier for a condition for family planning purposes or they may simply be curious about what they can learn from a DtC test. Individuals undergoing genetic testing for reasons completely unrelated to their future health would not necessarily expect that the results will be used for unrelated purposes such as assessing insurance risk.

In addition to looking at the impact of a ban from an economic efficiency perspective, Professor Hoy and Maureen Durnin also look at the impact in terms of societal welfare as a whole. They conclude that even if a ban resulted in a higher price for the many low-risk individuals and a lower price for the fewer higher-risk individuals, the resulting reduction in coverage would not be significant and the ban would improve overall well-being from a distributive justice and equity perspective.

Hoy and Durnin also point out that, given the highly sensitive nature of the information, a ban on insurance use of genetic test results could increase incentives (or at least decrease disincentives) for individuals to seek out clinically relevant information that could help them make important healthcare decisions. Such instrumental benefits of privacy would not only potentially improve an individual’s wellbeing, “it is also possible that the overall health care system could be made more efficient and less costly.”^{Footnote 20}

Less privacy invasive alternatives?

The type of information collected is a particularly relevant factor in determining whether it is appropriate for an organization to collect personal information. Where the personal information being collected is perceived to be of a particularly sensitive nature (such as genetic test results), the need to consider less privacy invasive alternatives is particularly strong.

Insurers already have access to large amounts of health-related information collected through detailed application forms and access to medical records. They already use a number of well-established risk factors including age, sex, medical history, family history, smoking habits, blood pressure and occupation to assess applicants from a risk-based perspective.

In addition, life insurers in some jurisdictions are either prohibited from using or have very limited access to existing genetic test results without any apparent negative consequence for the industry.^{Footnote 21} This suggests that relying on other available information is a viable, and less privacy-invasive, alternative.

Conclusion

Under subsection 5(3) of PIPEDA, an organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances. Subsection 5(3) involves a balancing of interests, consistent with PIPEDA’s overall purpose of balancing an individual's right to privacy with an organization’s commercial need for collecting, using and disclosing personal information. Insurance companies need to collect and use personal information to assess risk – assessing risk is critical to the underwriting process. However, a legitimate need does not give an organization the authority to collect any and all personal information on the grounds that it might be useful or relevant.

Based on our analysis, it is not clear that the collection and use of genetic test results by insurance companies is demonstrably necessary, effective, proportionate or the least intrusive means of achieving the industry’s objectives at this time.

Taking into consideration:

the highly sensitive nature of genetic test results;
the low predictive value of many genetic test results;
that, at the present time, few people hold actuarially significant test results;
the rare occurrence of monogenic disorders;
the unregulated nature of the DtC industry and questions about the accuracy, validity and utility of DtC results;
the public interest in encouraging individuals to voluntarily participate in health research without fear that their test results will be used for unrelated purposes;
the importance of creating an environment in which individuals feel free to undergo medically valuable genetic tests without worrying about the impact on their ability to obtain insurance; and
evidence that restricting insurers’ access to genetic test results would not have a significant adverse impact on the viability of the life and health insurance industry,

we, therefore, urge the life and health insurance industry to expand its voluntary moratorium, that currently calls on its members to refrain from asking applicants to undergo genetic testing, to also refrain from requesting access to existing genetic test results until such time as they can be shown to be demonstrably necessary and effective. Recognizing that the state of medical technology is changing rapidly, this position should be revisited on a periodic basis.

Footnote 1

“Reflections on the Office of the Privacy Commissioner of Canada’s Strategic Priority Issues”, October 2013.

Return to footnote 1

Footnote 2

Yann Joly, Maria Brakera and Michael Le Huynha, “Genetic discrimination in private insurance: global perspectives”, New Genetics and Society, 01/2010, 29: 4, 351 — 368.

Return to footnote 2

Footnote 3

CLHIA Position Statement on Genetic Testing

Return to footnote 3

Footnote 4

Ibid.

Return to footnote 4

Footnote 5

M. Otlowski, S. Taylor and Y Bombard, “Genetic Discrimination: International Perspectives”, Annual Review of Genomics and Human Genetics, 2012, 13:433-54.

Return to footnote 5

Footnote 6

See, S-201, An Act to Prohibit and Prevent Genetic Discrimination, introduced in the Senate in October 2013. Somewhat similar legislation has been introduced in the Ontario legislature.

Return to footnote 6

Footnote 7

For example, the proposed Bill discussed above proposes to add “genetic characteristics” to the Canadian Human Rights Act.

Return to footnote 7

Footnote 8

The National Human Genome Research Institute defines genetic tests as tests that “look for alterations in a person’s genes or changes in the level or structure of key proteins coded for by specific genes.” We use the term genetic test broadly to include genetic analyses and genome sequencing. However, this analysis does not extend to all genetic information, for example, information derived from family histories.

Return to footnote 8

Footnote 9

Based on an informal survey of Canadian life and health insurers, Canadian insurers expect to receive all existing test results, regardless of the purpose for which an individual was tested.

Return to footnote 9

Footnote 10

“The Predictive Value of Genetic Information: A Conversation with Dr. Steve Scherer, Director, the Centre for Applied Genomics, the Hospital for Sick Children and Professor of Medicine, University of Toronto”.

Return to footnote 10

Footnote 11

The return of research results is a challenging ethical issue. See, for example, Bartha Maria Knoppers, Mylène Deschènes, Ma’n H Zawati and Anne Marie Tassè, “Population studies: return of research results and incidental findings Policy Statement” European Journal of Human Genetics (2013) 21, 245-247.

Return to footnote 11

Footnote 12

Jane Kaye, “The regulation of direct-to-consumer genetic tests”, Human Molecular Genetics, Volume 17, Issue R2, pp., R180-R183.

Return to footnote 12

Footnote 13

See, University of Alberta Health Law Institute, “Analysis of Privacy Policies and Practices of Direct-to-Consumer Genetic Testing Companies: Private Sector Databanks and Privacy Protection Norms”, 2010.

Return to footnote 13

Footnote 14

Eastmond v. Canadian Pacific Railway, 2004 FC 852 at para 127.

Return to footnote 14

Footnote 15

Professor Angus Macdonald, “The Actuarial Relevance of Genetic Information in the Life and Health Insurance Context”, and Professor Michael Hoy and Maureen Durnin, “The Potential Economic Impact of a Ban on the Use of Genetic Information for Life and Health Insurance”.

Return to footnote 15

Footnote 16

A phenomenon that occurs when individuals base their purchasing decisions on information unknown to the insurer or on information that the insurer may know but is not able to reflect fully into the premium being charged.

Return to footnote 16

Footnote 17

Disorders or diseases caused by a combination of inherited variations in genes, often acting together with lifestyle, diet, environmental and other factors. Most diseases, including heart disease, diabetes, and most cancers are multifactorial.

Return to footnote 17

Footnote 18

Warning letter to 23andMe, Inc.

Return to footnote 18

Footnote 19

See Yann Joly, Hilary Burton, Bartha Maria Knoppers, Ida Ngueng Feze, Tom Dent, Nora Pashayan, Susmita Chowdhury, William Foulkes, Alison Hall, Pavel Hamet, Nick Kirwan, Angus Macdonald, Jacques Simard and Ine Van Hoyweghen, “Life insurance: genomic stratification and risk classification”, European Journal of Human Genetics (2013), 1–5.

Return to footnote 19

Footnote 20

Hoy and Durnin, op cit.

Return to footnote 20

Footnote 21

For example, in the United Kingdom, insurers have agreed not to use predictive genetic test results for life insurance policies under £500,000 or critical illness policies under £300,000. Above these amounts, insurers only use test results for Huntington’s disease when selling life insurance.

Return to footnote 21

Date modified:: 2014-07-09

Language selection

Search and menus

Search