Federal Privacy Regulation and the Financially Troubled DTC Genomics Company
Last month, the Genomics Law Report prepared a three-part series entitled What Happens if a DTC Genomics Company Goes Belly Up? The series, which was originally published on Genetic Future (see Parts 1, 2 and 3), reviewed the privacy policies of several genomics companies to determine whether they prohibit the transfer of private data to third parties. We also discussed the fact that a bankruptcy court may approve such a transfer notwithstanding a policy to the contrary. In this post, we examine whether federal regulations may restrict the dissemination of private genomic data—including the new rules proposed earlier this month under the Genetic Information Nondiscrimination Act of 2008.
1. Is DTC Getting HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the most prominent federal regulation governing the privacy of medical records, established the Privacy Rule to provide national standards for protected medical records. HIPAA’s Privacy Rule currently applies only to “covered entities” and business associates of covered entities. A covered entity is a health plan, health care clearinghouse, or a health care provider. Since a company providing genomic sequencing services is not a health plan or a health care clearinghouse, HIPAA will apply only if such a company is determined to be a health care provider or a business associate of a covered entity.
Read the rest of this entry »
