By: Justyn Trott

Genetics is the science that can be used to categorize people, characterize them, or subject them to social or economic discrimination. Genetic information includes information about an individual’s genetic tests and the genetic tests of an individual’s family members, it is often used to determine whether someone has an increased risk of getting a disease, disorder, or condition in the future. The individuals being tested aren’t the only ones with an interest in the test results. Family members, employers, insurers, the press and the government all may desire information about a person’s genetics. Thus, raising a lot of privacy issues for genetic information.

With the potentially valuable information that genetic testing may provide, consumers must be wary of the potential threat to privacy. This threat may be even higher than ever now with increased cyber-attacks now during the COVID-19 pandemic, especially as biotechnology and computer technology continue to advance, privacy issues are continuing to rise. The challenge of protecting health information is compounded by the increasing reliance upon digital data.

The most recent incident was the breach within GEDmatch, a genealogy stie which stores individual’s genetic information. From the breach, more than a million profiles were exposed to officials for law enforcement purposes, resulting from two back-to-back hacks, which overrode existing user settings. This breach was able to shine the light on how bad things can go wrong when genetic information is exposed. Especially when those responsible for storing private genetic information fail to take the necessary precautions by using inadequate safeguards. Here, the genetic information was being used to locate and find individuals associated with crimes but on the flip side, the genetic information could have been used take advantage or deny individuals access to certain opportunities. Moreover, these issues will continuously grow as genetic information is stolen and this all circles back to the same issue at hand, the implementation of improper safeguards. Therefore, there need to be security measures set in place to protect against these types of criminal acts.

Although many states have started to enact legislation to prohibit health insurers from collecting and using certain types of genetic information, this is not a one stop solution. Most of the laws cover narrow categories of genetic information in limited settings. Moreover, they do not speak to one of the more common issues of employment discrimination.

In Jackson v. Regal Beloit Am., Inc., an employer violated state laws when it required that an employee submit to a medical examination and provide prior hospitalization records. The employer failed to show that the examination and inquiry were job related and consistent with business necessity. After the employee refused to comply with the medical examinations, the employer wrongfully fired the employee for not complying. The court found that the employee’s noncompliance did not provide a legitimate, non-discriminatory reason for the termination and found the employers medical request to be unlawful under GINA.

On the federal level, the Genetic Information Nondiscrimination Act of 2008 (GINA) was designed to prohibit the improper use of genetic information for insurance and employment purposes. GINA prohibits insurers from denying coverage to a healthy individual or charging that person higher premiums based solely on a genetic trait that may point to a future disease. In addition, the legislation will bar employers from making employment decisions based upon genetic information. Unfortunately, it does not allow personal control over one’s own genetic testing results.

In AARP v. United States EEOC, the EEOC promulgated employer-sponsored wellness programs to the point where an employer was injured by being required to pay 30% more for health insurance after  declining to disclose his medical condition to his employer as part of a wellness program. The programs often involve the collection of sensitive medical information from employees, including information about disabilities or genetic information. The Court concluded that EEOC, has failed to provide a reasoned explanation for its decision to adopt the 30% incentive levels in both the ADA and GINA rules. Therefore, ruling that the policies set forth by EEOC were inconsistent with GINA.

The number of genetic tests taken by individuals will increase significantly in the coming years, including EHRs making it easier to disclose genetic information extensively. As the world contemplates how to improve on how to deal with genetic information, policymakers are finding that protecting privacy is not cheap or easy. In order keep information from being disclosed without authorization, further security measures must be improved, but restricting authorized discovery is just as important. It is essential, and challenging, to decide which individuals and entities have a right to which information and for what purposes.

Future effective legislation should address the difficulties in gaining access to health information and carefully balance the rights of employers and employees. Moreover, it should also penalize wrongdoers and provide remedies for people harmed by wrongful disclosures by individuals and entities. Lastly, EHRs should be developed so that they can limit discovery to relevant health information for individuals. Tackling these matters will provide an effective first step toward shaping the future of medical privacy.

Student Bio: Justyn Trott is currently a second-year law student at Suffolk University Law School, focusing in Intellectual Property Law. He is a staffer on the Journal of High Technology Law. Prior to law school, Justyn received a Bachelor of Science in Biomedical Engineering from University of Hartford.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.