Skip to content

Genetic Testing HIPAA Warning: Legal Considerations

genetic testing hipaaBy: Jacqueline Bain

You might have recently received a holiday gift of a direct-to-consumer genetic testing kit from or (or any other number of companies). So exciting! In our melting pot society, one can’t help but be curious about where they come from and if they are more likely than any other person to be subject to any number of ailments.

Not so fast though! Before you swab yourself and send away your genes for testing, you might consider what you’re exposing yourself to. Direct-to-consumer genetic testing companies, which provide genetic testing directly to consumers without any intervening healthcare provider, are not bound by HIPAA. They are not considered “covered entities”, and therefore not required to use the same protections for genetic information the way a hospital or your doctor would.

In the absence of laws governing their conduct with your genes, many direct-to-consumer genetic testing services do choose to provide privacy protections to their consumers. Moreover, once a direct-to-consumer enumerates its intent to protect the privacy of those submitting genes to it, they are contractually bound to those policies. So, it’s important for a consumer to review these policies prior to submitting a genetic specimen if that consumer is concerned about the use of his/her genetic information.’s privacy policy is available here, and’s privacy policy is available here.

It must be noted, however, that each of and’s policies states that the company can change/update the policy by posting a notice to the policy itself. Thus, either company can change its commitment relied upon by its consumer’s pretty inconspicuously at any time. Not even the most fastidious lawyers I know make a habit of reading and re-reading website privacy policies regularly. Beyond this, states that it will email consumers prior to the effective date and states that it will prominently display notice, which may include an email to consumers. Long story short, if you’re concerned about the privacy of your genetic data and still choose to use one of these sites, remain vigilant in accessing and understanding their privacy policies. last updated its privacy policy on April 30, 2018, and updated its on July 17, 2018.

There are some laws that protect health insurers and employers from using your genetic information to discriminate. The Genetic Information Non-Discrimination Act of 2008 was implemented to protect persons from discrimination based on their genetic information in both health insurance and employment. From a health insurance perspective, health insurers are prohibited from using genetic information to make eligibility, coverage, underwriting or premium decisions. For instance, a health insurer cannot use the presence of BRCA1 (the BReast CAncer gene 1) to deny a person health insurance coverage or justify an increased premium as compared to a person who tests negative for BRCA1. Florida has a similar law. Second, GINA prevents employers from using genetic information in decisions including as hiring, firing, promotions, pay, and job assignments. However, neither GINA nor the Florida law prevents the use of genetic information in life insurance or disability insurance determinations. A Florida bill proposing to expand the protections to these determinations died in the legislature last year.

State laws are starting to catch up to the science of genetic discovery. For instance, California’s “Shine the Light” law, permits California residents to request from genetic testing companies a list of any personal information that has been disclosed to third parties for marketing purposes. Florida hasn’t instituted any such statute yet. Florida’s Information Protection Act protects other parts of a consumer’s personal information, but genetic information is not included.

While State and Federal laws catch up, though, if you have a question about your genetic makeup, seek help from a medical professional who is bound to strict privacy standards. Even if you’ve been tested and received results from a direct-to-consumer genetic testing company, a medical professional can help you interpret the results and suggest preventative and treatment measures based on the testing outcomes.