NEW YORK — The American Civil Liberties Union filed a complaint today with the Department of Health and Human Services against Myriad Genetics for its refusal to provide patients with their own genetic information, as required by law.
The complaint was filed on behalf of four people who underwent genetic testing with Myriad to determine their hereditary risk and treatment options for breast, ovarian, and bladder cancers. The patients requested that Myriad provide their full genetic records, including genetic variants that Myriad identified as benign but did not list in their test reports. The company refused, stating the patients were not entitled to that information.
After hearing of the impending legal action, late Wednesday afternoon Myriad provided previously withheld data to the four patients, but the patients are proceeding with the complaint because Myriad is still in violation of the Health Insurance Portability and Accountability Act, also known as HIPAA.
“We are thrilled that Myriad took a step in the right direction and provided our clients with the genetic data they sought,” said Sandra Park, senior staff attorney with the ACLU. “But it’s not enough to provide genetic information only to the patients listed in our complaint. Myriad needs to recognize that HIPAA protects all of its patients’ rights to access their complete genomic information.”
The complaint, the first-of-its-kind to be filed with HHS, alleges that Myriad refuses to comply with HIPAA, which requires laboratories to provide patients with their own health information, including genetic data, within 30 days. The complaint also alleges that Myriad refuses to acknowledge that genetic data is part of the “designated record set,” and that all genetic testing labs are required to provide the data when a patient requests it.
In letters sent to the ACLU’s clients late Wednesday afternoon, Myriad stated that it was releasing the information “voluntarily” and did not rescind its previous statement that it did not consider the information part of the “designated record set.” The letters also said, “[Y]ou might find this information helpful as you discuss your medical information with your healthcare provider,” admitting that the information should fall under HIPAA.
“I appreciate that Myriad has provided additional data to me, but I believe that it must give access to all patients who ask for their genetic information,” said Ken Deutsch of Massachusetts, one of the patients who filed the complaint who was diagnosed with metastatic bladder cancer two years ago. “As a cancer patient, I am outraged that a lab could stop me or anyone else from seeing our own genetic information and sharing it with the scientific community.”
In 2013, the Supreme Court unanimously struck down Myriad’s gene patents in a lawsuit filed by the ACLU on behalf of 20 scientific professional organizations, geneticists, genetic counselors, women’s health and breast cancer advocacy groups, and patients.
Before losing the Supreme Court case, Myriad controlled patents on the BRCA1 and BRCA2 genes, which are associated with elevated risks for breast, ovarian, prostate, and other cancers. The company used its patents to prevent any other labs from conducting genetic tests on patients’ samples to look for mutations to the BRCA genes and stopped sharing the data it collected from patients with public research databases.
Following the ruling, numerous laboratories immediately began offering testing of the BRCA1 and BRCA2 genes and committed to sharing the data with other scientists. In disregard of the Supreme Court ruling, Myriad again tried to stop these labs from testing for mutations on the BRCA genes, and again was rebuffed in the courts.
Responsible, patient-centered data sharing is crucial for advancements in genetics, as recognized by President Obama’s new Precision Medicine Initiative. However, Myriad retains patients’ data — much of which was obtained during 17 years of patent exclusivity — in its proprietary database.
Today’s complaint is here: