Are My Genetic Results Private?

June 8, 2021

This spring, Utah passed the Genetic Information Privacy Act (GIPA), which is a law designed to protect the privacy of consumers’ genetic data generated through direct-to-consumer (DTC) genetic testing.  


The law requires DTC genetic testing companies to obtain a consumer’s consent to collect, use or disclose their genetic information, unless the information is de-identified. Consumers must also be able to access their data from DTC companies, delete their data and account, and destroy any biological samples.

Likewise, back in 2020, Florida passed legislation, HB 1189, making it illegal for life, long-term care and disability insurance companies to discriminate against consumers based on their genetic information.1 The law extends protections for consumers beyond the 2008 federal Genetic Information Nondiscrimination Act, or GINA, that made it illegal for employers and health insurers to discriminate against individuals based on genetic data.

As DTC genetic and hereditary testing has grown in popularity over the years, so has the call for legislation to protect consumers’ genetic information privacy. So what is all the fuss about?

It turns out that the current piecemeal approach to genetic information privacy legislation in the United States has given DTC genetic testing companies almost total control over consumers’ genetic information. Without federal and state laws protecting consumers’ genetic and other information collected by DTC genetic testing companies, these companies are free to sell or use genetic information without consumer consent.2 Additionally, many companies collect shared personal and family health history information, which, depending on the state you live in, may or may not be protected. Consumer participation in DTC hereditary testing can also indirectly affect the privacy of their relatives’ genetic information, by way of sharing some percentage of their DNA with the person undergoing hereditary testing.

While this fact may seem trivial to a young, healthy person, consider being denied life insurance because of a gene variant you harbor or losing a long-term care insurance policy for the same reason—despite showing no sign of disease. Unless you currently live in Florida, there are no protections for consumers against this type of discrimination from life, long-term care or disability insurance companies. And depending on the privacy laws that exist at the time, DTC genetic testing companies may be able to share your genetic information without your consent. Genetic information acquired through DTC genetic testing may also be leveraged by law enforcement to create leads in cold cases, affecting the privacy rights of relatives that share some portion of DNA with the tested individual.3

In contrast to DTC genetic testing companies, clinical laboratories that are subject to the federal Health Insurance Portability and Accountability Act (HIPAA) are legally required to protect the health and genetic information collected by the laboratory. Kailos Genetics, for instance, complies with all HIPAA regulations and never sells patient data. Kailos will share de-identified patient data for research purposes only with the patient’s express consent. In other words, HIPAA-covered laboratories cannot profit from patient data or use patient genetic or other health data for any purpose other than the patient’s healthcare.

As our understanding of the role genetics plays in disease development increases, the potential for discrimination based on the possession of genetic variants also increases unless consumer genetic rights and privacy are protected by comprehensive legislation at the federal and/or state level. While genetic privacy and discrimination risks are real, and likely to increase in the future, few states have enacted sufficient protections to mitigate this risk for consumers undergoing DTC hereditary testing. Each consumer must decide for themselves whether or not the benefit of hereditary testing is worth a potential breach in genetic and health information privacy in the future. Importantly, consumers also have the ability to convince their local legislators to pursue legislation that prevents DTC genetic testing companies from selling and/or using consumer health and genetic data for proprietary or other gain.

Kailos Genetics is a HIPAA-compliant, CLIA-certified clinical laboratory that specializes in genetic screening tests, including the ExpedioTM Hereditary Cancer Screening.  To learn more about ExpedioTM, click here, or contact us with any questions you may have about genetic screening tests.

1National Law Review. Florida bill restricting life insurers’ use of genetic information signed by Governor DeSantis. July 1, 2020. Accessed May 12, 2021. 

2Consumer Reports. Direct-to-consumer genetic testing: the law must protect consumers’ genetic privacy. Accessed May 12, 2021. 

3Schuppe, J. Police were cracking DNA cases with a DNA website. Then the fine print changed. NBC News. October 23, 2019. Accessed May 12, 2021.