23andMe’s slim list of prospective buyers–who must uphold privacy policies, according to the FTC. But what about that survey information? *Updated*

April 3, 2025 | by

Barely a week later, but only a few buyers are lining up for 23andMe’s parts. The future of the bits and pieces of 23andMe and their 15 million customers apparently are in the Magic 8 Ball’s response class: “reply hazy, try again” and “cannot predict now”. Not entirely surprising is the lack of vigorous and financially competitive interest in them. Fortune counted the interested parties at only three, plus unsurprisingly, their controlling shareholder Anne Wojcicki.

Here’s their rundown:

Nucleus Genomics. This isn’t a surprise as their founder, Kian Sadeghi, had posted an article about their pass at 23andMe on Substack last September. [TTA 12 March, Editor’s comments] Sadeghi has often likened Nucleus to Netflix versus 23andMe’s Blockbuster, where the second generation survives while the first generation dies off. Nucleus’ consumer offering are $400 tests that it claims can identify health risks for more than 900 conditions. Like 23andMe, Nucleus got in trouble with an early offering, a genetic test for IQ. Supposedly, Mr. Sadeghi is not all that interested in the genetic database, but in Lemonaid, the telehealth remedy site that 23andMe bought for $400 million ($100 million cash, $300 million in now worthless stock). The objective is to integrate telehealth and remedies with Nucleus’ tests, broadening the ‘one and done’ nature of most genetic testing–the original reason why 23andMe bought it. Nucleus has some cash on hand and resources to call in, having closed a $14 million Series A in January and backed by Reddit founder Alexis Ohanian and Peter Thiel’s Founders Fund.

The Sei Foundation. A blockchain developer and advocate for decentralized science (DeSci), it’s proposed a unique use case for the 23andMe database. Their X posting states that they can plug 23andMe genomics information into their blockchain, return data ownership to users through encrypted, confidential transfers, and then allow users to choose how their data is monetized and share in the revenue. They maintain that this would be compliant with existing healthcare and data privacy laws. Gerald Gallagher, general counsel for the foundation, said that “The legal issues involved are not specific to whether or not the data is stored on chain, and the current policy requires notice and new approvals from customers in the event of a sale of assets or change in control.”

Pinnacle Reliability. CEO/founder Ryan Sitton of this complex systems data analytics company for industrial reliability expressed interest in 23andMe before the Chapter 11 via this LinkedIn posting that offered $100 million four weeks ago. The social post did not lead to a real and properly financed offer to the board. According to Fortune, he has renewed his interest.

Anne Wojcicki stated her intent to buy the company when the Chapter 11 was announced and she stepped down from the CEO position. Neither she nor her spokesperson has had any further comment. 

23andMe and buyers better keep the data privacy promises. Federal Trade Commission (FTC) chairman Andrew Ferguson has already notified representatives of the US Trustee Program, a Justice Department division that oversees administration of bankruptcy proceedings, that 23andMe currently, as well as any future owners, must retain the data privacy policies put into place by 23andMe, such as they are. “The FTC believes that, consistent with Section 363(b)(1) of the Bankruptcy Code, these types of promises to consumers must be kept. This means that any bankruptcy-related sale or transfer involving 23andMe users’ personal information and biological samples will be subject to the representations the Company has made to users about both privacy and data security, and which users relied upon in providing their sensitive data to the Company,” he wrote. “Moreover, as promised by 23andMe, any purchaser should expressly agree to be bound by and adhere to the terms of 23andMe’s privacy policies and applicable law, including as to any changes it subsequently makes to those policies.” This seems to be a straight-up reading of current law, even if the current administration’s policy is to bring FTC and other agencies under closer control by the executive branch, a tangent which occupies the last two paragraphs of the Ars Technica article.

Guess what other information 23andMe has on its 15 million users? Survey data! 85% of 15 million users consented to have their individual data used for research. As part of that research, 23andMe requested that users complete an optional survey which added to their profiles. These extensive questions were not available for prior review, but the FAQs made it clear that once you consented to answering them, every time you visited the research page, you’d get questions to answer until they were all answered. In other words, endless continuing research. The rationale presented to users was to “help drive scientific and medical discoveries”. So, when you request to delete your data, will the survey data associated with the user profile be withdrawn as well? The lengthy article in The Conversation seems to conclude, no.

If it remains identifiable, this trove of data could be matched up with other data for law enforcement or to discriminate against someone at high risk for developing a genetic disorder. That type of discrimination is banned for employment and health insurance, but not life insurance or long-term care. Or it could be used to compile a more personal profile for marketing purposes. This needs to be cleared up. Despite this, every person with a 23andMe account should request that their personal data and anything else associated with it be deleted, immediately, before this information finds its way to a new buyer.

Will the rise of technology mean the fall of privacy–and what can be done? UK seeks a new National Data Guardian.

August 21, 2020 | by

Can we have data sharing and interoperability while retaining control by individuals on what they want shared? This keeps surfacing as a concern in the US, UK, Europe, and Australia, especially with COVID testing.

In recent news, last week’s acquisition of Ancestry by Blackstone [TTA 13 August] raised questions in minds other than this Editor’s of how a business model based on the value of genomic data to others is going to serve two masters–investors and its customers who simply want to know their genetic profile and disease predispositions, and may not be clear about or confused about how to limit where their data is going, however de-identified. The consolidation of digital health companies, practices, and payers–Teladoc and Livongo, CVS Health and Aetna, and even Village MD and Walgreens–are also dependent on data. Terms you hear are ‘tracking the patient journey’, ‘improving population health’, and a Big ’80s term, ‘synergy’. This does not include all the platforms that are solely about the data and making it more available in the healthcare universe.

A recent HIMSS virtual session, reported in Healthcare Finance, addressed the issue in a soft and jargony way which is easy to dismiss. From one of the five panelists:  

Dr. Alex Cahana, chief medical officer at ConsenSys Health.”And so if we are in essence our data, then any third party that takes that data – with a partial or even complete agreement of consent from my end, and uses it, abuses it or loses it – takes actually a piece of me as a human.”

Dignity-Preserving Technology: Addressing Global Health Disparities in Vulnerable Populations

But then when you dig into it and the further comments, it’s absolutely true. Most data sharing, most of the time, is helpful. Not having to keep track of everything on paper, or being able to store your data digitally, or your primary care practice or radiologist having it and interpretation accessible, makes life easier. The average person tends to block the possibility of misuse, except if it turns around and bites us. So what is the solution? Quite a bit of this discussion was about improving “literacy” which is a Catch-22 of vulnerability– ‘lacking skill and ability’ to understand how their data is being used versus ‘the system’ actually creating these vulnerable populations. But when the priority, from the government on to private payers, is ‘value-based care’ and saving money, how does this prevent ‘nefarious use’ of sharing data and identifying de-identified data for which you, the vulnerable, have given consent, to that end? 

It’s exhausting. Why avoid the problem in the first place? Having observed the uses and misuses of genomics data, this Editor will harp on again that we should have a Genomic Data Bill of Rights [TTA 29 Aug 18] for consumers to be fully transparent on where their data is going, how it is being used, and to easily keep their data private without jumping through a ridiculous number of hoops. This could be expandable to all health data. While I’d prefer this to be enforced by private entities, I don’t see it having a chance. In the US, we have HIPAA which is enforced by HHS’ Office of Civil Rights (OCR), which also watchdogs and fines for internal data breaches. Data privacy is also a problem of international scope, what with data hacking coming from state-sponsored entities in China and North Korea, as well as Eastern European pirates.

Thus it is encouraging that the UK’s Department of Health and Social Care is seeking a new national data guardian (NDG) to figure out how to safeguard patient data, based on the December 2018 Act. This replaces Dame Fiona Caldicott who was the first NDG starting in 2014 well before the Act. The specs for the job in Public Appointments are here. You’ll be paid £45,000 per annum, for a 2-3 day per week, primarily working remote with some travel to Leeds and London. (But if you’d like it, apply quickly–it closes 3 Sept!). It’s not full time, which is slightly dismaying given the situation’s growing importance. The HealthcareITNews article has a HIMSS interview video with Dame Fiona discussing the role of trust in this process starting with the clinician, and why the Care.data program was scrapped. Of related interest is Public Health England’s inter-mortem of lessons learned in data management from COVID-19, while reportedly Secretary Matt Hancock is replacing it with a new agency with a sole focus on health protection from pandemics. Hmmmmm…..HealthcareITNews.

Higi and Interpreta’s data mix partnership–questions on consent, data security

August 23, 2017 | by

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/08/Interpreta-Higi.jpg” thumb_width=”150″ /]Higi (also higi), which has placed health monitoring kiosks in over 11,000 US retail locations and a 5.5 million signup base, and data cruncher Interpreta announced that they are partnering to blend Higi’s vital signs data with Interpreta’s claims, clinical and genomics data analytics. Based on Mobihealthnews’ article and the joint release, an individual’s health information taken at higi retail stations will be “prioritized within Interpreta in real time”. They also claim that for the first time, insurance payers and providers will be able to leverage biometrics data, clinical, claims and additional genomic information a person may obtain from genetic testing services into a ‘personalized care roadmap’ that closes gaps in care. This is positioned as a big advance in population health and it all sounds great.

Perhaps not so great are the details. What about consent and data security? Aside from absolutely no mention of patient consent and HIPAA compliance in the above news, this Editor suspects that past, current and future Higi users may not be made aware that their vital signs data recorded with Higi will be 1) sent into a non-Higi database and 2) integrated with other information that appears in Interpreta’s database. How is this being done? Is consent obtained? What then happens? Is it used on an identified or de-identified basis? Where is it going? Who is doing what with it? Can it be sold, as 23andme’s genomic information is (with consent, but still…)? “Interpreta works in the realm of precision medicine, continuously interpreting and synchronizing clinical and genomics data in real time to create a personalized roadmap to enable the orchestration of timely care.” but they do this for providers and health plans who are then responsible for privacy and data integrity. Consent for Higi to keep a record of your blood pressure when you drop into your local RiteAid or ShopRite is not consent for Interpreta to use or manipulate it. These questions should have been addressed in the release or an accompanying fact sheet. We welcome a response from either Higi or Interpreta.

And one last and exceedingly ‘gimlety’ observation by this Editor: kiosks get hacked, and here we have not a price to a McDonald’s meal but a portal to deep PHI. Here’s a two-part article in an industry publication, Kiosk Marketplace, if you are skeptical. Part 1, Part 2 

From despair to hope? New study charts future of patient-generated data in care delivery

March 15, 2017 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/03/Most-Useful-Sources-of-Health-Care-Data-Today-and-in-5-Years.png” thumb_width=”150″ /]A frustration of everyone in healthcare and technology is the unfulfilled promise of Big Data. A study conducted by a team for NEJM Catalyst (New England Journal of Medicine) of 682 health care executives, clinical leaders, and clinicians indicates that at present, very few (<20 percent) believe that their healthcare organizations extremely or very effectively use data for direct patient care; 40 percent believe it is not very effective or not at all effective.

The hope comes in a trend over the next five years (NJEM chart at left above, click to enlarge). Presently, the most useful sources of data are clinical (95 percent), cost (56 percent), and claims (56 percent). In five years, they project that the top four will be clinical (82 percent) and cost (58 percent) joined by patient-generated and genomic data (both at 40 percent). How that patient-generated data will be compiled to be useful is not described, but the hope is that “With patient-generated data and genomic data, we will be able to create true “n of 1” medicine with options specific to each patient’s needs, giving a boost to priorities such as care coordination and improved clinical decision support.”

A possible roadblock is the lack of interoperability of EHRs. Less than 10 years ago, the EHR was touted as The Solution to patient records and a repository of Everything. 51 percent indicate that interoperability is weak. One-third believe that ease of use and training for EHRs are also weak.

Other findings indicated strong support for greater patient access to personal medical records (93 percent), fee/price information for comparison shopping (80 percent), and outcomes information listed by hospital (73 percent)–but not by doctor (55 percent).

The full report is available for download at the NEJM Catalyst link here. Also Mobihealthnews.

Set that disease data free! A call to break down those data silos.

March 31, 2015 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/03/BlueSiloCollapsing-41.jpg” thumb_width=”175″ /]Awash in a rising sea of data generated by devices and analytics–around treatments, population health, costs–there’s a struggle to make sense of it. We’ve noted the high value and merchandisability of 23andme‘s genomic data (gained by individual user consent) [TTA 5 Mar], but our healthcare institutions which should be codifying and sharing disease and treatment data, largely do not. Those with rare or ‘orphan’ diseases struggle to find information, diagnosis, fellow patients, treatments. They sometimes win breakthroughs by, believe it or not, blogging, and having their articles widely disseminated. Reasons why? According to David Shaywitz in Forbes, they are:

  • Hospitals, even research based centers, struggle to codify their genotype and phenotype data of their patients in a meaningful way that would be usable for clinical decision making. We’ve also noted (oddly not Mr Shaywitz) the long implementation process of IBM Watson cognitive processing/decision making tools in healthcare, the concentration on single diseases and their spread into other industries plus third-party integration outside of healthcare [TTA 9 Oct 14].  (more…)