Genetic Information Nondiscrimination Act (GINA): WPF files comments on wellness program privacy, purchase of employee genetic data, more
The World Privacy Forum has filed extensive comments on the proposed changes to how the Genetic Information Nondiscrimination Act will be interpreted. Our comments focus on how the proposal will impact wellness program privacy, as well as family and spousal privacy. In our comments, we discuss our concerns with a variety of aspects of wellness program privacy, including the fact that much data from wellness programs falls outside of HIPAA protections. We also have strongly urged the EEOC to not allow employers to purchase genetic information about employees from third parties without consent, among other items related to this issue.
Comment Highlights
These brief quotes are from various parts of the full comment set, which is here.
Regarding wellness program privacy:
“Employers offering wellness plans that allow unfettered data sharing and secondary use of consumer data may not fully understand the extent to which identifiable or re-identifiable data about individual consumers may be entering the secondary marketplace.”
“No one should collect any personal data unless it there is clear and convincing evidence that the data is necessary for a wellness program. Even then, use of patient claims data and medical record data should be expressly prohibited without the affirmative, voluntary, and recent consent of the data subject.”
Regarding the proposed provision to allow purchase of genetic data about employees:
“Consent to enroll in a wellness program should not also serve as consent for acquisition of genetic information from a third party, and there should be separate forms for consent with no penalty at all if an employee refuses consent for acquisition of information.”
“We propose instead that any acquisition of genetic information as part of health or genetic services be allowed only with the express and voluntary written consent of the data subject (including spouses and adult children) and then only after full disclosure of the type of information sought and the source of the information.”
“The Commission should expressly prohibit workplace wellness programs from accessing genetic information from other sources, such as patient claims data, medical records data, and commercial, for-profit organizations.”
Regarding the proposal to ban the sale of employee genetic information:
WPF supported the proposed ban on the sale of employee genetic data, but we asked for clarification on the terms used and asked for broader definitions.
“It is often the case in the personal information business that information will be exchanged, shared, licensed, used in a joint activity, or transferred in some other way that does not constitute a sale. Sometimes the holder of information uses it on behalf of a third person (e.g., sends a mailing on the third person’s behalf). The rule should apply to sales, exchanges, sharing, uses, other transfers or disclosures, etc.”
Full Comments
Read the full WPF comments on GINA here (PDF, 12 pages)