As physicians, nurses, therapists and health care providers continue to utilize new smart phones, tablets, and laptops in caring for patients, the Department of Health and Human Services (“HHS”) has responded with educational videos, worksheets and guidance to help health care providers  create a “culture of compliance and awareness” and to protect patients’ Protected Health Information (“PHI”).  While the material is focused on health care professionals, the information is also applicable to group health plan professionals and their business associates who use mobile devices to store and transmit PHI in connection with administration of group health plans.

As health care providers, patients, family members, friends, and disaster relief agencies such as the American Red Cross continue to grapple with the aftermath of Hurricane Sandy it is important to be mindful of privacy regulations and to prepare in advance for the next emergency. The Health Insurance Portability and Accountability Act  of 1996 (“HIPAA” or “Privacy Rule”) protects individually identifiable health information held by “covered entities.” The information protected is referred to as protected health information or PHI. The Privacy Rule permits covered entities to disclose PHI for a variety of purposes including to (a) treat patients; (b) identify, locate and notify family members, guardians, or anyone else responsible for an individual’s care; (c) obtain the services of disaster relief agencies; (d) conduct public health activities; and (e) prevent or lessen serious and imminent threats to health or safety.

What if the story of your life was written at birth- a “future diary” available for someone to read? The decoding of the human genome over a decade ago held the promise of defying our genetic destiny, but it also foreshadowed some significant ethical issues on the horizon. This month, California legislators addressed some of these concerns in the Genetic Information Privacy Act (SB 1267). The proposed bill would guard against covert DNA testing by requiring written permission from California citizens before collecting, analyzing, storing or sharing their genetic information. Any such data obtained with permission could only be used within the scope of the permission given by the DNA owner, after which the DNA samples would have to be destroyed.

Last week, the Connecticut Attorney General became the first state attorney general to enter into a settlement agreement for HIPAA violations, as a result of the new authority granted to attorneys general under the Health Information Technology for Economic and Clinical Health Act (HITECH Act).

The popularity of crime dramas on primetime television schedules has made certain aspects of genetic testing commonplace and uncontroversial.  However, as science continues to advance at an exponential rate, and as technology and innovation have invaded the realm of individual privacy rights, individuals’ genetic make-up are likely the next frontier.

At least 32 states have genetic privacy laws on the books.  These states have taken steps to protect genetic information beyond the protections given to other types of health information.  This is referred to as “genetic exceptionalism,” which calls for special protections for genetic information due to its predictive, personal and familial nature and other unique characteristics.  Generally speaking, state genetic privacy laws restrict parties (such as insurers or employers) from taking a particular action without consent.  These laws cover a broad range of issues, including:

  • Requiring personal access to genetic information;
  • Requiring consent for performing tests, obtaining or accessing genetic information, retaining genetic information, and/or disclosing genetic information;
  • Defining genetic information or DNA samples as personal property; and
  • Providing for specific penalties for genetic privacy violations.