23andMe leading push for regulatory changes for direct-to-consumer genetic testing

Pharmacogenetics Reporter has a lengthy article (subscription required) on the California bill SB 482, sponsored by personal genomics company 23andMe, which seeks "to distinguish so-called "post-CLIA bioinformatics services" from entities providing laboratory services".

In other words, 23andMe is pushing to have companies purely providing analysis of genetic data regulated separately from those doing the actual laboratory testing. Since 23andMe out-sources its testing to an external laboratory, this would exempt the company from some regulatory requirements. The move follows some fairly serious regulatory controversy over direct-to-consumer testing in California a year ago.
However, this isn't simply an attempt to make the situation easier for direct-to-consumer genetic testing companies. The bill also proposes regulations that would raise the bar for genetic testing companies, and hopefully close out some of the shadier operators in the space:
However, SB 482 would also set operating standards for "post-CLIA bioinformatics services" for the first time. If passed, SB 482 would require these companies to use a licensed clinical lab to analyze customer samples and disclose to customers the CLIA status of the laboratories being utilized.
Under the requirements of the bill, such entities would have to employ an individual, with a Master's degree or a PhD, to approve algorithms used to interpret genomic data. The companies would have to provide CDPH with a "transparent description of the validity of biological data sets and how to perform the algorithm on biological data sets."
Privacy of consumer data is also addressed by the bill, requiring "post-CLIA bioinformatics services" to delete identifiers linked to customers' biological data and "take all reasonable steps to prevent the release of individually identifiable information without explicit consent from a customer."
The ACLU has raised some concerns about the wording of the bill:
In its letter to Padilla, the ACLU recommends the bill be revised to require that all genetic materials be destroyed two weeks after communicating the information to the customer; to use more explicit language banning the release of identifiable genomic data without written consent; and to lift the requirement that customers must consent to research on their de-identified data as a condition of using genomic services.

The ACLU also asserts in the letter that "the requirements in [SB 482] are insufficient for ensuring that the tests these companies offer are accurate and reliable."

It's clear that personal genomics companies are in for a bumpy ride over the next couple of years as they wrestle with their critics over the future of the industry.
I hope the right balance is ultimately reached here: it's obviously a bad idea to give any industry carte blanche to make whatever regulations it wants, but over-exuberant regulation of the industry would do lasting harm to innovation in the development of personalised medicine. The trick will be to find the point at which the bottom-feeders in the industry are punished without holding back companies that are doing things the right way.

More like this

Daniel, Daniel, Daniel,

You just saw how the ineptitude of a corporation can infer that a nonclinical test could be used as a clinical test.

I am very, very disturbed that this company could use a bill to in essence say, oh that blood smear, you need to regulate the microscope, but not the doctor looking at the smear.

I am going to post on this right now!



All I saw was one person working for a company retweet a potentially misleading message from a customer, and then immediately correct the error when called on it. That's hardly evidence of gross ineptitude.

And the bill isn't asking for zero regulation of interpretation services, but simply for interpretation and labwork to be regulated differently. I think it needs to be tightened up a little further (e.g. companies should be required to state the predictive value of tests using clear and controlled vocabulary and appropriate references), but it's a step in the right direction IMO.

[Cross-posting this comment here and on Sherpx's blog.]

Sherpa, first of all you do make some good points. And I think your heart is in the right place. But you're not thinking through the implications of what you're saying.

By your "logic", the Reynolds Risk Score calculator, as well as your use of it in practicing medicine, is also in violation of regulations, because the website does not comply with CLIA or other laboratory requirements. Where is the contact info for complaints? Has the laboratory that built the website filed for PMA/510(k) with the FDA? Has the software implementation been adequately validated (as opposed to the algorithm itself)? Why is risk information returned directly to users without physician intervention? Were the people who built the website licensed laboratory technicians? Does the website owner have a laboratory director? Is there proficiency testing for the website? And so on. Same applies for WarfarinDosing.org.

Now mind you, I'm not saying that the algorithms are not valid. I completely agree that these algorithms have been very well clinically validated. (In the case of warfarin dosing, there's not enough evidence for clinical utility...yet.)

However, compliance with regulation and clinical validity/utility are completely separate things. In what is an incredibly complex, confusing, and often nonsensical world, neither of these is necessary or sufficient for the other. I don't think that this is the way things should be, but that is how they are. Compliance does not imply validity, and validity does not imply compliance. And on the flip side, lack of compliance does not imply lack of validity, and lack of validity does not imply lack of compliance.

If you are incapable of seeing this, then there's really no purpose to having any sort of dialogue with you whatsoever.

By anonymous (not verified) on 25 Jun 2009 #permalink

Cross Posting my rebuttal

Steve Murphy MD said...

What in the hell does that have to do with a company purporting not to practice medicine but doing medical risk assessments via biologic data?

Compliance? This isn't about compliance.....It is about trying to escape regulation.

As for the reynoldsriskcalculator it IS valid The Reynolds Risk Score was developed and validated using data from 24,558 initially healthy American women who were followed over a ten-year period for the development of heart attack, stroke, angioplasty (balloon surgery to open an artery), coronary artery bypass surgery, or death related to heart disease. Full details of the Reynolds Risk Score are published in the Journal of the American Medical Association,(Ridker PM, Buring JE, Rifai N, Cook NR. Development and validation of improved algorithms for the assessment of global cardiovascular risk in women: The Reynolds Risk Score. JAMA 2007;297:611-619). Funding for this project was provided by a research grant from the Donald W Reynolds Foundation and by the National Heart Lung and Blood Institute. The Reynolds Risk Score for men was similarly developed using data from 10,724 initially healthy non-diabetic American men who were followed over a ten-year period for the development of heart attack, stroke, angioplasty, bypass surgery, or death related to heart disease. Full details of the Reynolds Risk Score for men are published in Circulation (Ridker PM, Paynter NP, Rifai N, Gaziano JM, Cook NR. C-reactive protein and parental history improve global cardiovascular risk prediction: The Reynolds Risk Score for Men. Circulation 2008 (in press)).

The tests and their validity is not the problem......

Nor is compliance.....It is Shirking the fact that they may have to TAKE responsibility.....

You are asking questions which have nothing to do with the argument.....

"Why is risk information returned directly to users without physician intervention?" Tell me how you get a BP, CRP and LDL in states that don't ALLOW DTC testing? You don't

The same is true of other arguments you pose. As far as I know, the website is not GIVING YOU biometric data. 23andMx is......

Or at least brokering it, which this website is not. I am swamped today, but I will say again.....


June 25, 2009 10:15 AM

Daniel MacArthur and I have been noticing something and he decided to cover it today, which is why I have decided to provide a counterpoint here....Also GenomeWeb published on this. SB 482 is a bill I glossed over in a post in the past and was recently interviewed for in the San Jose Mercury News.......

Daniel leads this as 23andMx leading the regulatory push.....but this is more insidious than that. This is 23andMx trying to cook the books and create laws which exempt them from the stringent regulation which they should receive......

I told this to the newsies over at San Jose on Sunday, so I am going to post this today......

It turns out that this bill SB 482 essentially exempts DTC companies from facing the harshest regulations that medical providers/labs have to face

From Daniel
"In other words, 23andMe is pushing to have companies purely providing analysis of genetic data regulated separately from those doing the actual laboratory testing. Since 23andMe out-sources its testing to an external laboratory, this would exempt the company from some regulatory requirements. The move follows some fairly serious regulatory controversy over direct-to-consumer testing in California a year ago."

Which I predicted BTW....... But in all seriousness, these portals to lab services view themselves as NON MEDICAL entities, that is the crux of this argument, and by passing this bill it would set legal precedent as being non-medical and not facing medical regulations......

But that bill should fall flat. Why? Because it is written with a false logic. I am about to explain the correct logic............

The assumption is, that by only running an algorithm on biodata and giving a risk number, you are not practicing medicine.....nor is it running a laboratory....

Thus they don't need healthcare regulation or medical lab regulations.....but they are dead wrong.....

The first myth: Running an algorithm on biodata and giving a risk estimate is not medicine.......

Answer: IN FACT it IS medicine, the AMA guide book for Current Procedural Terminology acknowledges that this IS medicine and it should be coded with the number 99420 of the evaluation and management code..... I run something called a reynolds risk calculation on patients. It is a computer algorithm found at www.reynoldsriskscore.com. Give it a shot, you will see it is very similar to a DTC genomic test. I bill and get paid for providing this medical service......

The Second Myth: Because we don't run the test, we shouldn't be responsible for CLIA regulations. We are not a laboratory.....

Answer: This company actually accepts ownership for the sample and provides specimen handling which is delivered to an analytical facility.....By merely handling the specimen they need to be considered as part of the healthcare unit, or apply for CLIA exemption. Any handling of any specimen can be billed for and should be regulated as such..... Not the shipper, the company/person/lab who takes ownership of the specimen.....


I was on twitter last night when I saw this ugly retweet come from the account at 23andMx RT @dane: @23andMe BTW, you saved me $25 for a CF test - used my and spouse's 23 results instead. Thx! (via @23andMe)

Which raised eyebrows from myself and Daniel

"@23andMe For once I agree with (Steve) - implicitly promoting your chip as replacement for a validated CF test is a risky move.about 19 hours ago from TweetDeck"

I basically said that this is the type of shennanigans coming from a company who isn't being regulated.

If they were, this insinuation that using a 23andMx test for a clinical use, would never bubble up.....but it did.

And I am willing to bet the twitterer for 23andMx isn't medical at all....... Which is once again why, oh why SB 482 needs to be shot down immediately....

I am glad the ACLU is on this, but the AMA, The ACMG and the NSGC need to be all over this bill too........

As you can see from the edits, this bill was initially proposed as a healing arts bill, which is what it is....... But even with that, 23andMx has no use for YOUR laws.......

The Sherpa Says: 23andMx deleted that tweet, so at least they understand that what they are doing WAS and still is wrong......

posted by Steve Murphy MD at 8:56 AM on Jun 25, 2009
Leave your comment

Your views on that tweet are far different than mine....You see it as a lapse that was corrected in about 5 minutes...I see that as 1733 followers of 23andMx Plus who ever followed @Dane, Plus who ever followed the retweeters.......And only 1, just 1 of those people getting the wrong impression. The RESPONSIBLE thing to have done was to tweet that a 23andMx test should NEVER be used as a replacement for CF testing.....Not JUST delete the tweet.

Can't you see?


Thank-you for adding the part from the ACLU. I think their recommendations are often overlooked in the DTC debates. The average person believes that their sample or kids samples are destroyed after any genetic test they receive. Many are outraged to find out their their samples are kept and used for further testing, even if personal data is removed. Retention of samples and additional testing should be an opt-in situation.

Who's got more clout? Google's wife or the AMA?

By anomalous (not verified) on 29 Jun 2009 #permalink

Google's wife

By DTCobserver (not verified) on 02 Jul 2009 #permalink