Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

Federal Laws Lag Behind Tech Privacy Breaches

Article Placeholder Image
By Jonathan R. Tung, Esq. on November 19, 2015 5:59 AM

The federal government is woefully behind the times when it comes to protecting the private data of users who accessible genetic profiles. The lack of privacy protections allow third parties to easily access genetic information. This invasion of privacy, which potentially affects millions of people, could almost certainly change the business model of insurers and hiring.

"Walking Though an Open Door"

When young Jacqueline Stokes went online to check the results of a take-home paternity test, she hardly expected that with the switch of a few letters in the URL she'd basically have access to 6,000 other people results. The cybersecurity consultant said "[y]ou wouldn't call that hacking ... you would call that walking through the door."

When Stokes presented evidence to the Department of Health and Human Services the agency told her that HIPAA, the 1996 patient privacy-law, did not apply to services like take home paternity tests.

Highlighting a Gaping Hole

Under Current Interpretations of HIPAA, wearable devices like Fitbit and the data such devices collect fall outside the ambit of HIPAA, which governs insurers and patient care providers. The same goes for genetic testing companies such as 23andMe which operate online databases that give clients -- or data thieves -- access to private data. And with the proliferation of technology that has given consumers more and greater access in tracking their personal lives than ever before, so too has the danger of unwanted outside access.

What clients fail to realize is the new technology presents legal issues that are terra incognita for legal analysts and that much of the personal data that would normally be protected by federal laws fall outside of HIPAA protections.

Tighter Than HIPAA

23andMe also recently had other problems besides mounting concerns about privacy breaches. In 2010, the company suffered an embarassing mix-up in which about 96 clients were given the wrong DNA results. Kate Black, who represents 23andMe said that the companies internal policies actually offer greater protections than that are demanded under HIPAA. Thus, some companies are at least thinkingi about patient data security.

But some states have decided to take a more proactive approach even if Congress has been slow to move. The California legislature has previously considered a measure to prohibit anyone from using, transfering, etc., someone's personal data without the patient's written permission. Thus, California's measure could potentially be toothier than HIPAA.

And state laws will need to be. Tracking tech is not about to slow down anytime soon. Just this year it was projected that the worldwide market for wearables was to grow by 173% over last year alone.

Related Resources:

Find a Lawyer

More Options