How safe is your genetic information?

If you choose to have a genetic test purchased online from one of the many companies offering them, you may be concerned about the privacy of your genetic information. Check the website and the information you receive to learn what the company's policies are.

If, on the other hand, your genetic information is becoming part of a database covered by HIPAA (Health Insurance Portability and Accountability Act), you may be interested in how secure your information is when "protected" by the federal government. The Washington Post, in an article today titled "Medical Privacy Law Nets No Fines" starts this way:

In the three years since Americans gained federal protection for their private medical information, the Bush administration has received thousands of complaints alleging violations but has not imposed a single civil fine and has prosecuted just two criminal cases.

Of the 19,420 grievances lodged so far, the most common allegations have been that personal medical details were wrongly revealed, information was poorly protected, more details were disclosed than necessary, proper authorization was not obtained or patients were frustrated getting their own records.

More than 14,000 of the cases are considered "closed", either because no violation was found, or the group accused of violation (hospital or physican, for example) agreed to fix the problem. No one's watching, though, to see they do.

According to the article,

At least 309 possible criminal violations to the Justice Department. Officials there would not comment on the status of those cases other than to say they would have been sent to offices of U.S. attorneys or the FBI for investigation. Two cases have resulted in criminal charges: A Seattle man was sentenced to 16 months in prison in 2004 for stealing credit card information from a cancer patient, and a Texas woman was convicted in March of selling an FBI agent's medical records.

Advocates for personal privacy suggest that "the lack of civil fines has sent a clear message that health organizations have little to fear if they violate HIPAA."

To read more, check out the article at

Marie Godfrey, PhD

mgodfrey39's blog | printer-friendly version