Skip to main content
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Federal Laws Lag Behind Tech Privacy Breaches

By Jonathan R. Tung, Esq. on November 19, 2015 | Last updated on March 21, 2019

The federal government is woefully behind the times when it comes to protecting the private data of users who accessible genetic profiles. The lack of privacy protections allow third parties to easily access genetic information. This invasion of privacy, which potentially affects millions of people, could almost certainly change the business model of insurers and hiring.

"Walking Though an Open Door"

When young Jacqueline Stokes went online to check the results of a take-home paternity test, she hardly expected that with the switch of a few letters in the URL she'd basically have access to 6,000 other people results. The cybersecurity consultant said "[y]ou wouldn't call that hacking ... you would call that walking through the door."

When Stokes presented evidence to the Department of Health and Human Services the agency told her that HIPAA, the 1996 patient privacy-law, did not apply to services like take home paternity tests.

Highlighting a Gaping Hole

Under Current Interpretations of HIPAA, wearable devices like Fitbit and the data such devices collect fall outside the ambit of HIPAA, which governs insurers and patient care providers. The same goes for genetic testing companies such as 23andMe which operate online databases that give clients -- or data thieves -- access to private data. And with the proliferation of technology that has given consumers more and greater access in tracking their personal lives than ever before, so too has the danger of unwanted outside access.

What clients fail to realize is the new technology presents legal issues that are terra incognita for legal analysts and that much of the personal data that would normally be protected by federal laws fall outside of HIPAA protections.

Tighter Than HIPAA

23andMe also recently had other problems besides mounting concerns about privacy breaches. In 2010, the company suffered an embarassing mix-up in which about 96 clients were given the wrong DNA results. Kate Black, who represents 23andMe said that the companies internal policies actually offer greater protections than that are demanded under HIPAA. Thus, some companies are at least thinkingi about patient data security.

But some states have decided to take a more proactive approach even if Congress has been slow to move. The California legislature has previously considered a measure to prohibit anyone from using, transfering, etc., someone's personal data without the patient's written permission. Thus, California's measure could potentially be toothier than HIPAA.

And state laws will need to be. Tracking tech is not about to slow down anytime soon. Just this year it was projected that the worldwide market for wearables was to grow by 173% over last year alone.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard