Tech News

States tighten genetic confidentiality

If you already have spit into a plastic tube or swab your cheek and send your saliva in the mail to find out more about your ancestry or health risks, you might have assumed that the company that analyzes your DNA is legally required to keep your data private genetics. But you would be wrong.

The Health Insurance Portability and Accountability Act, known as HIPAA, protects individuals’ health information as it is processed by doctors, hospitals, and health insurance companies. This applies to genetic tests ordered by your doctor, but not to those that you can purchase online directly from companies like 23andMe and Ancestry, as these kits are not considered medical tests. As a result, businesses have largely operated in a legal gray area. Companies write their own privacy policies that customers agree to when they purchase a kit, but companies can change these policies at any time.

This is a problem, because genetic data can reveal all kinds of sensitive information about you — your. ethnic group, your family Connections, and even your likelihood of developing Alzheimer’s disease or certain cancers. Increasingly, law enforcement officials use consumer DNA databases to investigate violent crime.

But a growing number of states are passing genetic privacy laws in an attempt to address these loopholes. California became the latest on October 6 when Gov. Gavin Newsom enacted the law Genetic Information Protection Act, which places restrictions on data collected by DNA testing companies directly from consumers. SB 41, which comes into effect in January, requires customers to give express consent before their genetic data can be used for scientific research or shared with a third party. If customers consent to their data being used for research purposes, companies should provide them with an easy way to opt out at any time.

“Consumers have an inherent right to privacy,” says Maureen Mahoney, technology and privacy policy analyst at Consumer Reports, a nonprofit consumer advocacy organization that lobbied for the bill. Californian. “People don’t want information about their test results made public. “

Mahoney says privacy advocates wanted to make sure DNA testing companies couldn’t bury consent clauses in long-term service agreements. California’s new law prohibits businesses from using “Dark patterns”– deceptive practices that use pop-ups and other web elements to trick consumers into giving consent.

It also requires companies to give customers a clear and easy way to close their accounts and remove their DNA data from the company database, if they choose. In addition, companies are required to destroy a customer’s biological sample within 30 days of their request.

Utah enacted a similar law in March, followed by Arizona in April. Both state laws deal with issues of consent, data security, advice on privacy practices, and an individual’s right to have their genetic data deleted and their biological sample destroyed.

Lawyers say such protections are necessary because US privacy laws were written before the advent of home genetic testing. HIPAA was enacted in 1996. The Human Genome Project did not disclose the first draft of our genetic code until 2003. Five years later, Congress recognized that genetic data could be used to discriminate against individuals and, in 2008, it adopted the Genetic Information Non-Discrimination Act (GINA). The law prohibits harmful treatment by employers and health insurers based on a person’s genetic information. But that does not prevent other entities, such as life insurers, mortgage lenders, or schools, from refusing services based on a person’s genetic makeup.


Source link

Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button