States Tighten Genetic Privacy

If you really are spitting out a plastic tube or moving your cheek and sending your saliva to find out about your ancestry or health risks, you may think that the company that analyzes your DNA legally should keep your genetic data private. But you are wrong.

The Health Insurance Portability and Accountability Act, known as HIPAA, protects individuals ’medical information when it is administered by physicians, hospitals, and health insurance companies. These include genetic tests prescribed by your doctor but not those you can buy online directly from companies like 23andMe and Ancestry because these kits are not considered medical tests. As a result, companies are mostly running in a legal gray area. Firms write their own privacy policies that customers agree to when they purchase a kit, but companies can change these policies at any time.

That’s a problem, because genetic data can reveal all the different sensitive information about you – your ethnicity, your family connections, and even your likelihood of having Alzheimer’s disease or certain cancers. Law enforcement is increasingly using consumer genetics databases investigating violent crimes.

But a growing number of states are adopting genetic privacy laws in an effort to close these gaps. California was most recent on Oct. 6 when Governor Gavin Newsom signed into law the Genetic Information Privacy Act, which places restrictions on data collected directly by DNA testing companies. SB 41, which took effect this January, requires customers to give explicit consent before their genetic data can be used for scientific research or shared with a third party. If customers agree to use their data for research, companies should provide a simple way so they can choose at any time.

“Consumers have an inherent right to privacy,” said Maureen Mahoney, a technology and privacy policy analyst at Consumer Reports, a nonprofit consumer advocacy organization that advocates for California billing. “People don’t want information about their test results to be available to the public.”

Mahoney said privacy advocates want to make sure DNA testing companies don’t bury long -term proposals in service agreements. New California law prohibits companies from using “Dark patterns”—Depteptive methods that use popups and other web elements to trick consumers into giving permission.

It also mandates that companies be provided with a clear and quick way to close their accounts and delete their DNA data from the company’s database, if they wish. In addition, companies must destroy the customer’s biological sample within 30 days of their request.

Utah made a similar law in March, followed by Arizona in April. Both state laws address issues of consent, data security, notice of privacy procedures, and a person’s right to remove their genetic data and destroy their biological sample.

Defendants said such protections are necessary because U.S. privacy laws were written before home genetic testing came along. HIPAA was created in 1996. The Human Genome Project did not disclose the first draft of our genetic code until 2003. Five years later, Congress recognized the potential for genetic data to be used to identify people, and in 2008 it passed the Law of Genetic Information (GINA). The law prohibits discrimination between employers and health care providers based on a person’s genetic information. But that doesn’t stop other entities-like life insurers, mortgage lenders, or schools-from denying services based on human makeup.

Source link


Leave a Reply

Your email address will not be published. Required fields are marked *