Comment on Drugmakers Are Set to Pay 23andMe Millions to Access Consumer DNA
Ghostalmedia@lemmy.world 11 months agoAlthough I wonder if HIPAA would need to get involved in places like the US if that happens. If that data is used to diagnose, then it falls under HIPAA.
If they do that, there will definitely be giant legal battles. I wonder if that is a legal risk they’d want to take on.
Poayjay@lemmy.world 11 months ago
HIPAA basically only covers healthcare providers and workers. I ran into this when the VA mailed my entire medical history to some random person. Since it wasn’t the healthcare branch of the VA, I had exactly zero recourse.
godzillabacter@lemmy.world 11 months ago
That’s not true. HIPAA covers anyone handling protected health information in a professional manner. If some office clerk at the VA is mailing out copies of HIPAA-protected information, they’re bound by HIPAA. If a consulting IT firm has access to a hospital’s servers as they’re changing something about the EHR, they’re bound by HIPAA. Protected information cannot make its way from a “covered entity” to a non-covered entity like a totally unrelated bakery who would not have an obligation to protect your information without either: 1) violating the law, 2) you personally disclosing the information to the non-protected party, or 3) you or someone authorized on your behalf signing a disclosure waiver permitting the covered entity to disclose