Protecting the Privacy of Genetic Information

Date:2020-08-25

Codex is Committed to Keep Personal Data and Genetic Information Confidential

Protecting the privacy of genetic testing is a topic of great concern at the moment, and it is also an important area that genetic testing companies must pay attention to. Codex Genetics (hereinafter referred to as Codex) adopts a very comprehensive and reliable way of safeguarding privacy while maintaining high-quality services. We are also willing to answer any questions about privacy so our customers can feel safe to provide their personal information to the company.

Why is personal information required before genetic testing?

The data collected by Codex includes the registration and user information provided, prior to genetic testing, by customers, and genetic information generated from saliva samples. The data is necessary to predict the risks of genetic diseases.

Taking BRCA genetic test for breast and ovarian cancer as an example, in addition to the direct collection of saliva samples from customers, we also need to consult the customer’s family medical history, weight, age, race, and menopausal status. The medical history of family members is a risk factor that increases the chance of having a BRCA gene mutation because the BRCA1/2 gene is a genetic variant from dominant inheritance. Studies have shown that body weight is closely related to BRCA1/2 gene mutations which can cause breast cancer, and the incidence of cancer also increases with age. Having Jewish ancestry also increases the chance of carrying BRCA1/2 gene mutations. The BRCA1/2 gene mutation has a clear relation to early menopause. Therefore, the various information that Codex collects from its customers is important and necessary for a complete analysis report. Customers can safely submit their data to the company so that we can provide with the most detailed and comprehensive results.

How to protect the customer’s privacy of genetic testing?

In terms of auditing and monitoring, we have adopted different systems, such as the AWS Config system that can achieve continuous monitoring, evaluation, and change management. Furthermore, we also use the Amazon API Gateway to creates, publishes, maintains, monitors, and protects application programming interfaces (APIs).

In terms of data encryption, systems include Amazon S3 and Amazon DynamoDB enable us to adapt industry-leading performance, scalability, availability, and durability storage services, also providing AES-256 server-side encryption through AWS KMS.

In terms of access management, Codex uses the Amazon Cognito and Amazon IAM systems to perform authority and authorization management tasks, while carrying out a precise access control to our resources to highly protect the company and customer data.

In terms of de-identification/anonymization, our de-identification system is based on the HIPAA-qualified operating environment provided by AWS Lambda and Amazon ECS to ensure the reliability and confidentiality of the demographic, clinical and genetic data processing procedures.

The use of effective and comprehensive AWS services enables our services to achieve international safety standards, and also enables customers to feel safe and confident when using the Codex's genetic testing services.

Why is genetic information de-identification important?

De-identification means deleting the registration information, including genetic data, from sensitive information, and then assigning a random ID to the data so that the person who provided the data cannot be identified. This system is vital for customers to ensure that their identity will not be revealed to any institution or research partner. However, it is worth noting that many current de-identification systems can still trace your identity back, causing the problem of re-identification attacks. When choosing a genetic testing company, customers should understand in detail whether the system they use is reliable.

Codex uses the de-identification function based on AWS Lambda and Amazon ECS systems. To provide confidence and assurance for customers, we will perform segmentation in the logical database system to further prevent re-identification. We promise to provide customers with the most comprehensive protection and committed to protect all customer privacy information and data.

The Guidelines of the 《Health Insurance Privacy and Accountability Act》 are committed to protecting genetic data at an international level

The Health Insurance Portability and Accountability Act (HIPAA) promulgated by the United States in 1996 is a data privacy and security clause for the protection of medical information. With the increasing number of cyber-attacks and health data breaches, this clause becomes more important. HIPPA has formulated a series of rules for personal medical information and protecting it from unauthorized use. With privacy and confidentiality as the two main points, it specifies the issues that medical institutions should pay attention to when handling patient information.

When Codex provides genetic testing services, it follows the international standard of HIPAA to ensure that customers' personal and genetic information is protected, and Codex is committed to preventing any risk of privacy leakage and maintaining high-quality services.

Codex Passed ISO 27001 Certification and Maintains a High Standard Information Security Management System (ISMS)

Codex Genetics passed the ISO27001 certifications in April 2021, a qualification earned by achieving international standard on information security. We fulfilled the requirements for establishing, implementing, maintaining, and continually improving our Information Security Management System (ISMS). This ensures we can consistently protect and safeguard personally identifiable information (PII) following industry best practice.