- cross-posted to:
- hackernews@lemmy.smeargle.fans
- cross-posted to:
- hackernews@lemmy.smeargle.fans
Drugmakers Are Set to Pay 23andMe Millions to Access Consumer DNA::GSK will pay the DNA testing company $20 million for non-exclusive access to genetic data.
Although I wonder if HIPAA would need to get involved in places like the US if that happens. If that data is used to diagnose, then it falls under HIPAA.
If they do that, there will definitely be giant legal battles. I wonder if that is a legal risk they’d want to take on.
HIPAA basically only covers healthcare providers and workers. I ran into this when the VA mailed my entire medical history to some random person. Since it wasn’t the healthcare branch of the VA, I had exactly zero recourse.
That’s not true. HIPAA covers anyone handling protected health information in a professional manner. If some office clerk at the VA is mailing out copies of HIPAA-protected information, they’re bound by HIPAA. If a consulting IT firm has access to a hospital’s servers as they’re changing something about the EHR, they’re bound by HIPAA. Protected information cannot make its way from a “covered entity” to a non-covered entity like a totally unrelated bakery who would not have an obligation to protect your information without either: 1) violating the law, 2) you personally disclosing the information to the non-protected party, or 3) you or someone authorized on your behalf signing a disclosure waiver permitting the covered entity to disclose