Knowing which rules to follow when it comes to keeping medical records is challenging enough, with privacy officers struggling to choose between HIPAA requirements and state mandates. But when it comes to genetic information the situation gets murkier still. And that situation is plenty murky, according to a recent report commissioned by the California HealthCare Foundation and prepared by the Georgetown University Health Privacy Project. Released May 10, Genetics and Privacy: A Patchwork of Protections surveys U.S. policy on the collection, use, storage and protection of genetic information. The conclusion? There are no clear and consistent nation-wide guidelines to ensure that genetic information is kept out of the wrong hands; nor is there any consistent policy governing when genetic testing should be "encouraged, discouraged, facilitated, or prohibited." As a result, genetic privacy policies often vary from state to state, employer to employer and insurer to insurer Genetics, Employers and Privacy One of the study's key concerns is the potential for the abuse of genetic information by employers. The report points out that while HIPAA goes to "great length" to prevent employers from inappropriately acquiring and using workers' protected health information, the reg can't always keep all health information out of employers' hands. Some employers that sponsor their employees' health plans, for example, administer those plans in-house. In such instances an employer could learn that an employee had undergone a genetic test when the worker submits a claim for the test. In other cases, employers can acquire their employees 'genetic information more directly. While acknowledging that there is little hard data on the issue, the report cites one survey that found one percent of major U.S. firms test employees for sickle cell anemia, 0.4 percent genetically test for Huntington's disease, and 14 percent conduct medical examinations which could include genetic testing to detect susceptibility to workplace hazards. Additionally, the report claims that 20 percent of major U.S. firms collect information about their employees' family medical history, a rich source of genetic information. To illustrate the potential dangers posed by such practices, the report cites the recent Burlington Northern and Santa Fe Railroad Co. case, in which the company forced employees who had developed carpal tunnel syndrome to undergo medical exams that included without their knowledge or consent testing for a genetic marker that would supposedly show they were genetically predisposed to the condition (see article 8).
While conceding that much genetic information will be protected by Health Insurance Portability and Accountability Act privacy regulations, so long as it meets the HIPAA definition of protected health information, the report nevertheless identifies five major gaps it says still remain in the protection of genetic information:
"The federal government has yet to develop a clear policy about the collection, use, storage and protection of genetic information," says CHCF's Sam Karp. "The result is a patchwork of protections that leaves individuals and families vulnerable."
To see the report go to www.chcf.org/documents/ihealth/GeneticsAndPrivacy.pdf.