In March of 2021, Utah passed the Genetic Information Privacy Act (GIPA), a law designed to protect the privacy of consumers’ genetic data generated through direct-to-consumer (DTC) genetic testing. The law requires DTC genetic testing companies to obtain a consumer’s consent to collect, use, or disclose their genetic information unless it is de-identified. The law also states that consumers must be able to access and delete their data and user account(s) and destroy any biological samples. Eleven states have passed some form of GIPA, the first of which was passed in Utah.

Likewise, back in 2020, Florida passed legislation, HB 1189, making it illegal for life, long-term care, and disability insurance companies to discriminate against consumers based on their genetic information. The law extends consumer protections beyond the 2008 federal Genetic Information Nondiscrimination Act, or GINA, which made it illegal for employers and health insurers to discriminate against individuals based on genetic data.  

As DTC genetic and hereditary testing has grown in popularity over the years, so has the call for legislation to protect consumers’ genetic information privacy. So, what is all the fuss about?

It turns out that the current piecemeal approach to genetic information privacy legislation in the United States has given DTC genetic testing companies almost total control over consumers’ genetic information. Without federal and state laws protecting consumers’ genetic and other information collected by DTC genetic testing companies, these companies are free to sell or use genetic information without consumer consent.  

Additionally, many companies collect shared personal and family health history information, which may or may not be protected depending on the state you live in. Consumer participation in DTC hereditary testing can also indirectly affect the privacy of their relatives’ genetic information by sharing some percentage of their DNA with the person undergoing hereditary testing.  

Advances in genetic research are also increasing the benefit of genetic screening for specific diseases. Genetic screening can delay or even prevent the disease based on understanding everyone’s genetic risk for the disease. For example, establishing the genetic risk for certain cancers can help patients and physicians make proactive decisions to protect a person’s future quality of life.

While these facts may seem trivial to a young, healthy person, consider being denied life insurance because of a gene variant you harbor or losing a long-term care insurance policy for the same reason—despite showing no sign of disease. Unless you currently live in Florida, there are no protections for consumers against this discrimination from life, long-term care, or disability insurance companies.  

Depending on the privacy laws at the time, DTC genetic testing companies may be able to share your genetic information without your consent. Genetic information acquired through DTC genetic testing may also be leveraged by law enforcement to create leads in cold cases, affecting the privacy rights of relatives who share some portion of DNA with the tested individual. In September 2019, the U.S. Department of Justice eased some concerns after issuing an interim policy limiting federal law enforcement’s use of DTC genetic information to violent cases or profiles with user consent. In 2021, Maryland was the first state in the U.S. and the world to pass legislation regulating the use of consumer genetic information by law enforcement.

In contrast to DTC genetic testing companies, Health Insurance Portability and Accountability Act (HIPAA)-compliant clinical laboratories are federally required to protect the health and genetic information collected by the laboratory. Kailos Genetics, a healthŌme company, is a clinical lab that complies with all HIPAA regulations and never sells patient data. Kailos will share de-identified patient data for research only with the patient’s consent. In other words, HIPAA-compliant laboratories cannot profit from patient data or use genetic or health data for any purpose other than healthcare.

As our understanding of genetics' role in disease development increases, the potential for genetic discrimination also increases unless consumer genetic rights and privacy are protected by comprehensive legislation at the federal or state level. While genetic privacy and discrimination risks are real and likely to increase, few states have enacted sufficient protections to mitigate this risk for consumers undergoing DTC genetic testing.

Each consumer must decide if the benefit of hereditary testing is worth a potential breach of personal genetic and health information privacy in the future.  Importantly, consumers can convince their local legislators to pursue legislation that prevents DTC genetic testing companies from selling or using consumer health and genetic data for proprietary or other gain.

The Kadance Heritable Cancer Risk Test is processed in a HIPAA-compliant, CLIA-certified clinical laboratory specializing in genetic screenings.

‍