The prevalent practice of using patients' medical records for chart review research, without consent from patients, does not engender much criticism when compared to biospecimen research, where worries surrounding genomic privacy inspired proposed revisions to the Federal Policy for Protection of Human Subjects, or the Common Rule, to require consent for such research. ¹ With the proliferation of electronic medical records (EMRs), an immense amount of patient data is now available for researchers to analyze and search for insights into factors that might influence and predict health outcomes. ² Further, these factors may be found in the genome, the encoded genetic representation of a person. As gene sequencing evolves from an expensive tool used by researchers to a more affordable and routine clinical screening test used in direct patient care, more patients are likely to have their genomes fully digitized, immeasurably growing the already impressive accumulation of electronic health data currently housed in EMRs. ³

Because of the relative ease of acquiring a great deal of data, increasing numbers of genomic researchers will seek out EMRs as a low-cost source of populationwide genome data, thereby making patients unwitting subjects of genomic study. In this way, EMR-based records research will pose genetic privacy risks analogous to those of biospecimen research, yet current federal regulations still allow researchers to call gene sequence data de-identified, removing such data from the protection of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the Common Rule. ⁵ Therefore, this chart review research will likely happen outside of patients' knowledge, much less their consent, in a research environment where the privacy risks are regularly minimized and security practices can be uncertain. ³ For patients' privacy rights and expectations and for the research community, the ethical implications loom large.

Regulators have permitted the nonconsensual use of chart review research on the grounds of one essential assumption: stripping common identifiers such as names, social security numbers, and addresses from the data essentially removes the risk of harm. Once deemed anonymization, this method is presently called de-identification, a statement on the probability of identification.

While de-identification may protect other forms of health information by minimizing the risk of re-identification, a person's DNA sequence is a unique combination of coding...