Minding the (db)GaP: Age of Majority and the NIH’s GDS Policy

The 2018 Advancing Ethical Research Conference (AER18) was my second PRIM&R conference, and this year I came armed with questions for specific organizations and agencies. At the top of my list was a question regarding the 2015 NIH Genomic Data Sharing (GDS) Policy: When children’s data is submitted to a national genomic data sharing repository, such as the database of Genotypes and Phenotypes (dbGaP), what are the consent expectations when those subjects reach the age of majority? 

To answer this question, I attended a breakout session titled “Implementing NIH’s Genomic Data Sharing Policy: Challenges and Solutions,” led by Carrie Wolinetz, PhD (NIH), and Shannon Sewards, MA, CIP (Harvard). The main take-aways for HRPPs were that institutions should (1) create flexible GDS policies/procedures, (2) do their best to apply the “spirit” of the GDS Policy, and (3) know that NIH is not actively pursuing GDS noncompliance.

Given the GDS Policy’s emphasis on informed consent for data generated from specimens obtained after January 2015, I was eager to learn the expectations for minors, who cannot legally provide consent. Unfortunately, the presentation did not address this issue, which surprised me because Ms. Seward had discussed a related issue in a 2012 article about the dbGaP certification process. Commenting on the difficulty of certifying something IRBs were less familiar with, she said “we’ve been grappling with whether children who were assented at the time of the study should be consented once they reach the age of 18 for their data to remain in the dbGaP. IRBs sort of get confused with that because it’s not identifiable, it doesn’t meet the definition of a human subject, but they’re asked to make that decision within the same lens.”

When I asked about this topic directly during the Q&A, Dr. Wolinetz acknowledged that NIH has not developed guidance on this topic; however, the GDS guidelines will likely be harmonized with the All of Us precision medicine initiative, which anticipates enrolling minors in the next year or two; until then, HRPPs should apply the “spirit” of the policy. She also agreed to follow up with me directly after the conference.

Let’s consider a test case, based on a real-life example I’m currently puzzling through with researchers at my institution. Our hypothetical study involves only 10-year-olds; afterwards participants and their families will have no more contact with researchers. The parental permission includes notification that children’s data will be submitted to dbGaP.

To my mind, there are three options for addressing subject consent at age of majority (age 18 in Ohio):

  1. Attempt to re-contact and consent subjects for genomic sharing when they turn 18; for those whose consent is not obtained (for any reason), investigators request removal of their data from dbGaP;
  2. Make no attempt to re-contact at age of majority; request a waiver of consent for all subjects; or
  3. Attempt to re-contact and consent subjects for genomic sharing when they turn 18; only data from those who explicitly decline to consent is removed from dbGaP; a waiver of consent is requested for those lost to follow up.

Option 1 is the most conservative, but in privileging individual subjects’ interests, it hinders the benefit to the scientific community because the data of anyone lost to follow up would be withdrawn—to say nothing of the logistics involved in tracking and re-contacting individuals eight years in the future. The goal of the GDS Policy is indefinite—not temporary—storage and sharing of genomic data.

Option 2 is the least burdensome on investigators; however, prospectively planning not to obtain consent violates respect for persons. Many subjects, upon reaching adulthood, may not even realize their genomic data is being used in research. Through institutional certification, IRBs must attest that explicit consent for broad sharing was or will be obtained; in fact, the consent expectations apply even for sharing of data from de-identified specimens/cell lines because “the evolution of genomic technology and analytical methods may raise the risk of potential re-identification” (GDS FAQ G.3). In short, option 2 asks IRBs to waive protections the GDS confers on data/specimens that do not fall under the Common Rule.

That leaves Option 3, a hybrid strategy that attempts to balance participants’ interests with the potential benefits to society—along with the logistical challenges of Option 1. It’s worth noting, however, that this option is similar (though not identical) to an opt-out consent procedure, which is prohibited by the GDS FAQ (H.6). If “explicit consent” is required for submission to dbGaP, this option still leaves questions regarding the inclusion of data from subjects lost to follow up. 

What’s an IRB to do? Though none of the options is particularly satisfying, the hybrid option seems to me to be closest to the spirit of the GDS Policy.

At the conclusion of the session, as fellow attendees and I continued to discuss this quandary, I was reminded of how much I appreciate the PRIM&R community. Although my question wasn’t explicitly answered, the networking alone made this session one of the most valuable of the conference. As genomic data sharing continues to increase, there is an exciting opportunity for HRPPs/IRBs to collectively develop and share best practices regarding enrollment of minors in repositories such as dbGaP.