Tips for Protecting Your Genetic Privacy

 

Clinical/ Research

Always ask your doctor or health care professional how they handle personal genetic information and whether they work with any third party entities that have access to such information

Always ask your doctor or health care professional if a particular medical procedure or research protocol involves genetic testing.

You will need to make a personal decision on whether your genetic test results, specimens collected or health care information will be available for anonymous or coded genetic research. Speak with your doctor or health care provider and make sure to thoroughly read the notice form provided to you.

Never consent to any medical procedure or research protocol that does involve genetic testing without knowing (1) what genetic information is being collected, (2) what will be done with that genetic information, (3) what security measures are in place to protect the privacy of that information, and (4) what will done with any genetic samples after the genetic test(s) is complete.

If you DO NOT want your results of a genetic test, specimens collected or health care information available for anonymous or coded genetic research you must indicate so in writing to your doctor or health care provider. 

If you change your mind in the future, it is YOUR responsibility to inform your health care provider and it would only affect results of genetic tests, specimens collected or health care information from that date forward.

Request a Copy of Your Health Records.  Your Provider May Charge a “Reasonable Fee” for Such Copies.

 

DTC

When you are considering whether or not to do business with an online DTC company check if the site has a prominently-posted privacy policy? If so, what does it say? (Just because they call it a "privacy policy" doesn't mean it will protect you - read it for yourself. Many are little more than disclaimers saying that you have no privacy! So read them carefully.) If the policy sounds OK to you, do you have a reason to believe it? Have you ever heard of this company? What is their reputation? And are they backing up their privacy statement with a seal program such as TRUSTe ( http://www.truste.org/ ) or BBBonline ( http://www.bbbonline.org/ )? (While imperfect, such programs hold Web sites to at least some minimal baseline standards, and may revoke, with much fanfare, the approval-seal licenses of bad-acting companies that do not keep their word.) If you see a seal, is it real? Check with the seal-issuing site to make sure the seal isn't a fake.  

Forensic

You can cut and paste:  http://www.councilforresponsiblegenetics.org/pageDocuments/I6W7Q3D7RM.pdf

Insurance

Know your rights under GINA, HIPAA and your specific state law.  Never volunteer family history or other genetic information.

Employment

Know your rights under GINA and your specific state law.  Be careful what you say about your family history and other genetic information to your employer and co-workers. You should not send genetic information from a work computer or e‐mail address.

What Else Can I Do to Protect My Genetic Information?

  1.  
  2. You should get to know the important rights outlined in this guide.
  3. You should always ask questions about your rights.
  4. You should NEVER give health information to someone if you are not certain they are authorized to have your information.
  5. You should not enter information online unless it is a secure website that you trust.
  6. You should document and keep a record of all consents given to access your genetic information
  1.  

 

What Should I Do If My Rights Are Denied or I Don’t Believe My Genetic Information Is Being Protected Properly?

Contact a privacy officer.

Every health care provider and health plan covered by the federal health privacy law must appoint someone on their staff as a privacy officer. If you experience a problem related to the privacy of your medical records or access to them, you might want to contact this individual in an effort to resolve the problem.

File a federal complaint with the appropriate Federal agency.

The U.S. Department of Health and Human Services Office for Civil Rights is the federal agency charged with enforcing the federal health privacy law. This office has the authority to impose civil and criminal penalties if they find a violation of the law. Your complaint must be filed within 180 days of the incident. You can also go directly to http://www.hhs.gov/ocr/privacy/index.html  

The Equal Employment Opportunity Commission (EEOC) is the federal agency charged with enforcing the employment provisions of the Genetic Information Nondiscrimination Act (GINA). This office has the authority to either investigate and impose civil penalties or offer you a “right to sue” letter which is required before pursuing private litigation.  Your complaint must be filed within 180 days of the incident. You can go directly to: http://www.eeoc.gov/employees/howtofile.cfm

Several federal agencies are involved in enforcing the health insurance provisions of GINA. The U.S. Department of Labor (DOL) has primary jurisdiction over employer health benefit plans. Questions about genetic discrimination in your job-based health insurance coverage can always be directed to DOL. The Secretary of Labor has authority to fine employer-sponsored health benefit plans that do not comply with GINA. You can go directly to: http://www.dol.gov/oasam/programs/crc/complaint.htm

The U.S. Department of Health and Human Services (HHS) has jurisdiction over health insurers and the policies they sell to individuals and employers. HHS also has jurisdiction over Medigap supplemental policies sold to Medicare beneficiaries. However, states (which traditionally are the primary regulators of health insurance) are allowed to adopt and enforce standards that are at least as protective as those required by GINA. The Secretary of HHS will enforce GINA protections when states fail to do so.  You can go directly to: http://www.hhs.gov/ocr/office/file/index.html

In addition, the Internal Revenue Service (IRS) has authority to assess tax penalties on employer-sponsored health benefit plans that do not comply with GINA.

Seek state‐level recourse.

There are officials in your state who may be willing to help you address violations of the federal and state privacy laws. Among those likely to help are your state attorney general http://www.naag.org/ , your state insurance commissioner http://www.naic.org/ , and a state medical board http://www.fsmb.org/ . See the websites to find your state’s officials.

Seek private counsel to explore a lawsuit.
Remember you do NOT have the right to sue a health care provider or health plan for a violation of the federal privacy law, but a documented violation of the federal law may strengthen a privacy case you bring in state court though not all states offer an individual cause of action under state privacy laws. 

Remember that YOU decide what information about yourself to reveal and when, why, and to whom.