What are the HIPAA Rules on Use and Disclosure of Genetic Information?

Modified on Tue, 22 Jul at 3:33 PM

DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice; instead, all information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.  


Introduction

This article discusses how HIPAA regulates the use and disclosure of genetic information.

How Does the HIPAA Privacy Rule Regulate Use and Disclosure of "Genetic Information"?

Under the Privacy Rule, health plans are generally prohibited from using or disclosing PHI that is genetic information for underwriting purposes.


How Does the Privacy Rule Define "Genetic Information"? 

"Genetic information" means, with respect to an individual:

 
(i) The individual's genetic tests;
(ii) The genetic tests of family members of the individual;
(iii) The manifestation of a disease or disorder in family members of such individual; or
(iv) Any request for, or receipt of, genetic services, or participation in clinical research which includes genetic services, by the individual or any family member of the individual.

When HIPAA makes reference to genetic information "concerning an individual or family member of an individual," the following genetic information is included: 

 
(i) A fetus carried by the individual or family member who is a pregnant woman; and
(ii) Any embryo legally held by an individual or family member utilizing an assisted reproductive technology.

Under the Privacy Rule, the term "genetic information" excludes information about the sex or age of any individual.


How Does the Privacy Rule Define "Underwriting Purposes"?

With respect to a health plan, "underwriting purposes" means:

1. Rules for, or determination of, eligibility (including enrollment and continued eligibility) for, or determination of, benefits under the plan, coverage, or policy (including changes in deductibles or other cost-sharing mechanisms in return for activities such as completing a health risk assessment or participating in a wellness program).

2. The computation of premium or contribution amounts under the plan, coverage, or policy (including discounts, rebates, payments in kind, or other premium differential mechanisms in return for activities such as completing a health risk assessment or participating in a wellness program).

3. The application of any pre-existing condition exclusion under the plan, coverage, or policy.

4. Other activities related to the creation, renewal, or replacement of a contract of health insurance or health benefits.

Health plans, excluding issuers of long-term care policies falling within paragraph (1)(viii) of the definition of health planmay not use or disclose protected health information that is genetic information for underwriting purposes.


What is NOT Included in the Definition of Underwriting Purposes?

"Underwriting purposes" does not include determinations of medical appropriateness where an individual seeks a benefit under the plan, coverage, or policy.

May a Covered Entity Provider Use or Disclose Genetic Information?

"Genetic information" is included within the definition of "health information" and therefore can constitute protected health information if it meets the definition of protected health information. Use and disclosure of genetic information by healthcare providers is subject to the same general PHI use and disclosure rules that use of other PHI is subject to.

The distinction between whether and when providers may use or disclose PHI and when health plans may use or disclose PHI is accounted for by the Genetic Information Nondiscrimination Act of 2008 (GINA), which 
generally prohibits health plans from collecting genetic information for underwriting purposes.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article