Drugmakers Are Set to Pay 23andMe Millions to Access Consumer DNA::GSK will pay the DNA testing company $20 million for non-exclusive access to genetic data.

  • godzillabacter@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    1 year ago

    That’s not true. HIPAA covers anyone handling protected health information in a professional manner. If some office clerk at the VA is mailing out copies of HIPAA-protected information, they’re bound by HIPAA. If a consulting IT firm has access to a hospital’s servers as they’re changing something about the EHR, they’re bound by HIPAA. Protected information cannot make its way from a “covered entity” to a non-covered entity like a totally unrelated bakery who would not have an obligation to protect your information without either: 1) violating the law, 2) you personally disclosing the information to the non-protected party, or 3) you or someone authorized on your behalf signing a disclosure waiver permitting the covered entity to disclose

    • EssentialCoffee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      HIPAA’s only going to apply if a covered entity is involved. If there’s no covered entity, then it’s nothing to do with HIPAA.

      As you’ve already stated, there’s a bunch of ways for your information to get out with being a HIPAA violation.