23andMe Challenges a Creaky Regulatory State
Let’s agree that 23andMe Inc., the Google-backed company marketing a $99 genetics test that assesses your risk for more than 240 health conditions, didn’t manage its relationship with the Food and Drug Administration well.
After “more than 14 face-to-face and teleconference meetings, hundreds of email exchanges, and dozens of written communications,” the FDA wrote in a letter to 23andMe, “you have not worked with us toward de novo classification, did not provide the additional information we requested necessary to complete review of your 510(k)s, and FDA has not received any communication from 23andMe since May.”
At Mother Jones, Kevin Drum wrote off 23andMe as yet another Silicon Valley startup that “apparently believes federal laws apply only to ordinary mortals.”
If executives at the company ever held that view, they’ve abandoned it now. “We recognize that we have not met the FDA’s expectations regarding timeline and communication regarding our submission,” the company said in a statement. “Our relationship with the FDA is extremely important to us and we are committed to fully engaging with them to address their concerns.”
The public humiliation of 23andMe shows how dangerous it is for any company to cross regulators. But there’s a benefit derived from upstarts such as 23andMe bristling at creaky, old rules: They force a re-examination of laws that are, sometimes, genuinely outdated.
“The legal question is pretty simple,” said Daniel Carpenter, author of “Reputation and Power: Organizational Image and Pharmaceutical Regulation at the FDA.” The definition of a device under the Federal Food, Drug and Cosmetics Act, Carpenter said, “is anything intended for the use or diagnosis of a disease or other conditions.”
But the FFDC was passed in 1938. The section on medical devices was updated in 1976. The personal genetic test -- and the theory of personal medicine behind it -- didn’t exist when the regulations were written.
The short-term plan for 23andMe is a traditional pay-for-product model in which consumers hand 23andMe $99 to test their saliva and get a genetic report. But the long-term play is more interesting: 23andMe wants to aggregate the genetic information of millions of individuals, then mine that data to make medical connections, find disease markers and discover treatments at a faster rate than would be possible using traditional techniques.
It’s an experiment in big-data genetics. Consequently, the value of the product now -- when there is little information to aggregate -- says very little about how effective and valuable it might be in 20 years.
In the FDA’s letter to 23andMe, it cites potential harms from genetic testing; all are bank shots. After all, swabbing your saliva carries very little risk. So the FDA focuses instead on the possibility that a test will lead consumers to do something else that actually harms them.
Consider, the FDA suggests, a 23andMe test that reports a false positive for a cancer gene: “It could lead a patient to undergo prophylactic surgery, chemoprevention, intensive screening, or other morbidity-inducing actions, while a false negative could result in a failure to recognize an actual risk that may exist.”
Don Taylor, a genomics researcher at Duke University, delivers the obvious rebuttal: “Something has to happen in between that readout and the mastectomy,” he said. “There needs, for instance, to be a surgeon there.”
The risk posed by 23andMe is closer to that posed by WebMD.com or fortune tellers than to the risk of having your health damaged by an X-ray machine. The danger isn’t that a genetic test will harm you directly but that you will act rashly on the information it provides. But is preventing patients from making bad decisions the FDA’s mandate?
To Taylor, this is a “new technology bumping into an old regulatory approach.” The FDA is treating 23andMe as a medical device instead of as information. “This is a case of a square peg in a round hole,” Taylor said.
That’s where 23andMe’s fumbling response to the FDA might actually be in the public interest. It’s easy to imagine the company working closely with the FDA, spending thousands of hours figuring out a way to stay within the established lines of a 25-year-old law. Perhaps that would have been better for the company. But it wouldn’t have offered much opportunity for the political system to reassess an old law and determine whether it suits the newest technologies.
One difficulty with updating old laws and regulations is that their costs are imposed on products of the future rather than the present. It’s hard for consumers to protest the loss of something they never imagined having in the first place. Similarly, politicians have little incentive to revise laws that no one is particularly upset about.
There are a slew of companies in Silicon Valley -- Uber, Lyft and AirBnB are other high-profile examples -- that are operating at the outer edge of the regulatory regime. Their business models are frequently direct challenges to prevailing rules. When confronted by regulatory agencies, they often choose to fight rather than fold. The arrogance driving such behavior can be off-putting, but public collisions with laws that, in many cases, should be updated and reworked can lead to overdue reforms.
Investors in 23andMe probably aren’t pleased the company handled its relationship with the FDA so badly. But for the rest of us, there’s upside to seeing this spat play out in public. “This is a new problem and we need a new regulatory architecture for it,” said Carpenter, who thinks the FDA should be ensuring that the science beneath these kinds of genetic tests is sound.
The political system right now isn’t much better at passing new laws than it is at revisiting old ones, so that new architecture isn’t likely anytime soon. But if 23andMe hadn’t gotten into trouble, it would be even less likely.
(Ezra Klein is a Bloomberg View columnist.)
To contact the writer on this article: Ezra Klein in Washington at email@example.com.
To contact the editor responsible for this article: Francis Wilkinson at firstname.lastname@example.org.