The news that FDA has written a stiffly-worded warning letter to 23andme signals a new milestone in the long and winding road to a coherent regulatory framework for consumer genomics. I was just finishing a gruelling slog to submit a paper when I got an email alerting me to this bombshell and have spent the time since en route to Montreal, so I am not up-to-date with reaction on the internet (although I have read Myraqa’s excellent post).
It is now over a year since 23andme submitted a de novo 510k submission to FDA and things have been very quiet since then. FDA’s letter makes plain that behind the scenes things have not been going well between the company and the agency. I have read quite a few FDA warning letters in the course of my research over the last few years but I have never seen one this stern before. The FDA are indicating an extreme displeasure with 23andme’s failure to meet their regulatory requirements. So where did it all go wrong and why has a letter been sent now? I have spoken to neither 23andme nor the FDA but here is my take on what has happened.
I think to understand this we need to go back to the FDA’s advisory committee meeting on consumer genomics, held in March 2011. I was invited to that meeting to give an overview on the regulatory trends across the globe, so had a ringside seat at this particular fight. Much of the subsequent internet discussion of the meeting focused on the panel’s view that most genetic tests should be offered through a physician. But in my opinion that was not the real meat of the meeting. The substance of the discussion was about science, not ethics. From that perspective the highlights of the meeting included a testy exchange between the panel and deCODE’s Jeff Gulcher on statistical issues such as the importance of pre-test probability, and the FDA’s presentation on the statistical challenges of validating polygenic genetic risk assessment (which was given by the scarily brainy Marina Kondratovich).
The critical question the FDA asked the panel was whether this class of tests should be held to the FDA’s statutory standard i.e. should be able to provide “clinically significant results”. Unsurprisingly the panel was not willing to operate a policy of genetic exceptionalism for consumer genomics companies and affirmed that this standard should be applied. But genetic exceptionalism was precisely what 23andme were asking for at the meeting: they suggested that FDA needed to redefine clinical validity to deal with their type class of tests. The FDA’s new warning letter suggests that much of the tension between company and agency is at this sticking point.
23andme have had a fair measure of success in challenging the status quo. I believe that they, along with their erstwhile competitors decode and Navigenics, have shifted the terrain on which we debate the merits of genetic risk prediction, largely by reframing the issue as one of consumer rights. But that ideological victory is of little import when it comes to the question of what constitutes adequate validation for their tests. That was an issue on which the three companies could not even agree amongst themselves when they undertook their industry standard-setting initative. It should be no surprise then that this remains 23andme’s Achilles heel.
But why did they FDA’s letter come now? Only the agency can answer that question, but I think that the tipping point would have been the launch of 23andme’s national consumer advertising campaign. We should remember that the last spate of FDA action in this sector was prompted when Pathway Genomics began to sell its tests through Walgreens, a high-street pharmacy chain. Advertising your tests on the television when you have applied for, but are struggling to gain, FDA approval is not a smart tactic. It is a move, I would suggest, born of desperation, rather than stupidity. The company must have known they were likely to raise regulators’ hackles but they are in desperate search for a milestone which would convince outsiders that they are achieving some measure of success (even if they are still a long way from profit).
Perhaps they thought that since the FDA have still not received the green light from the Obama administration to issue their draft guidance on the regulation of laboratory-developed tests, then they had some political wiggle room. Clearly that was a mistake. Historically the FDA has often developed new policy through a bottom-up process of individual actions, and that is how the LDT issue is currently being played out – witness the agency’s recent action against Atossa Genetics (and see the Myraqa blog for a great post on that story). FDA are to be applauded for sticking to their scientific guns. Let us hope that the draft LDT guidance follows soon.
The following post has just appeared in BioNews:
Last week saw the launch of the UK arm of the Personal Genome Project (PGP). This is the second major sequencing initiative launched this year in the UK (the first being Genomics England). Interestingly, both projects seek to sequence 100,000 genomes, and of course both are fuelled by a belief that genomics is set to become a routine part of healthcare. Yet the projects are as notable for their differences as their similarities.
Genomics England is bankrolled by the government, with £100 million of NHS funds earmarked for the project. The source of funding for PGP is rather more disparate, with the PHG Foundation reporting that it is to be funded for the next year ‘by the Chinese Beijing Genomics Institute (BGI) and commercial sequencing and interpretation service providers Illumina, Life Technologies, and Personalis’. Whether it can secure long-term funding is not clear, with Science Insider reporting that the more established US and Canadian arms are struggling for funding. Another difference is in their approach to confidentiality: PGP operates on the principle that research participants share their data publicly.
Controversy surrounding protecting the privacy of genetic research participants heightened after the 2008 publication by Homer et al demonstrating a new technique which allowed them to re-identify genotyped individuals or even individuals in pooled mixtures of DNA. The publication immediately led research funders including the US National Institutes of Health and the Wellcome Trust to place new restrictions on access to data from genome wide association studies (GWAS).
The PGP’s solution to the problem of privacy is not to increase safeguards but to do away with them altogether, by enrolling research participants in a project which requires consent to full public disclosure of their data. This is a radical move. Genetic epidemiology, like most other biomedical research, has hitherto operated according to a norm that seeks to ensure that research subjects are protected by the cloak of anonymity. As far as I am aware, this remains the case for most genomic research. The ethics and governance framework of the UK Biobank, our flagship initiative in this research field, states that the organisation ‘is committed to protecting the confidentiality of data and samples’. The UK’s other flagship initiative is Genomics England, an organisation whose governance framework is still in development but which has already promised to ‘strictly manage secure storage of personal data in accordance with existing NHS rules designed to securely protect patient information’.
I am unconvinced by the argument that the PGP’s public disclosure policy is the best response to the difficulties of safeguarding genomic confidentiality. In a recent review of this issue, Greenbaum et al provided an alternative perspective: ‘Another approach could be to learn from the legal and banking sectors wherein privacy and confidentiality are protected while the practitioners nevertheless manipulate and analyze large databases of highly confidential personal and financial data. Furthermore, private information is exchanged between many organizations ranging from large companies to small law firms. In those cases, incentives to keep clients, as well as governmental regulations with stiff penalties and civil and criminal repercussions, help to prevent breaches of customer privacy’.
This carrot-and-stick approach is not a 100 percent guarantee of good behaviour: when the incentives are strong enough, as is the case with insider trading, then individuals may break the law. But it does provide a significant measure of protection for individuals and corporations from the malicious abuse or careless disclosure of their confidential data, and, as importantly, it provides legislative support to the principle that such protection is a reasonable expectation.
In the era of big data, the governance of personal information requires the robust defence of such principles.