At our practice we run a pretty tight ship when it comes to security of patient records. Why do we do this? Well there are 2 big reasons.
1. It's the right thing to do.
2. The law will put you in the hurt locker if you don't
I want to talk about reason 2 a little bit.
Why?
With all of this protection of health information and DTC genomics companies going bankrupt, I begin to really wonder who a covered entity is.
Daniel Vorhaus over at Genomics Law Review has a pretty good break down of it, but I think there may be some nuances not covered. As well as a notable lack of coverage of HITECH policies in the ARRA.
Wha?
Yes the recovery act has stuff on Health care privacy in it. In HIPAA DTC Genomics may not be covered, but I think in HITECH they are.
Why have I been reading this stuff? Because it's my job.
According to HITECH
H.R.1 150 Title XIII (HITECH)
SEC. 13404
For the purposes of compliance with privacy and security regulations, a "covered entity" and its "business associate" are equally liable as if each were itself was a covered entity.
Which means if I send a DTC genomic test off with a doctor's order, AKA Illumina, a breach in that data due to the lab or interpretive business associate THEY are just as liable as the physician.
This means that DTC Genomic tests ordered by physicians fall into a completely more risky category than those ordered by Joe Blow.
This one risk may be why DTC is dying not to make these tests gatekeeper specific. Once these tests become gatekeeper specific, DTC will
A. No longer be DTC
B. No longer be free of HITECH and HIPAA
Which means a big 'ol nightmare for these companies as they want to emphasize the social networking part. You see, social networks have always balanced growth versus security and the same is true for any Internet Technology.
But let's say this is just one rogue hacker who has decided to hack a genome record ordered by a physician.......Via say a hacked email or website........
What is the penalty?
This is the scary part.
Sec. 1320d-6. Wrongful disclosure of individually identifiable health information (a) Offense A person who knowingly and in violation of this part-- (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, shall be punished as provided in subsection (b) of this section. (b) Penalties A person described in subsection (a) of this section shall-- (1) be fined not more than $50,000, imprisoned not more than 1 year, or both; (2) if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and (3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.
So let's say someone hacked a record to get the one up on you, maybe you are a political candidate or maybe a business competitor, or maybe they want to sue you.......If this rogue hacker performs an act of this on genomic information ordered by a doctor or that can be defined as PHI, these are the penalties. If it is not considered PHI, it is a far lesser offense.......So the question is, do you want these protections if you are a customer/patient? I would say Hell Yeah.But do you want them as a covered entity? Uhhhhh.....Ahem.......Well........As a doctor we have to follow these. Why shouldn't anyone else who has been given the responsibility of handling human samples?The Sherpa Says: As a consumer HITECH is great. But as a start up company it can prove to be a nightmare. But those who have to risk the most are the huge companies making millions of dollars....can you say class action lawsuit for millions? I know a few lawyers who would be interested in that! I wonder if the DTC Genomics investors thought of that
Related Posts
- IOM not webcast today. Why Not? - November 8th, 2009 [November 8th, 2009]
- National Academies skeptical at Best. - November 8th, 2009 [November 8th, 2009]
- Some Confusion Exists - November 8th, 2009 [November 8th, 2009]
- Why DTC Genomics IS Medicine. - November 8th, 2009 [November 8th, 2009]
- First Mari, Now Linda. Who's next? - November 8th, 2009 [November 8th, 2009]
- Is it true? - November 8th, 2009 [November 8th, 2009]
- Re-Reviewing the National Academies - November 8th, 2009 [November 8th, 2009]
- The problem with nonclinicians....... - November 8th, 2009 [November 8th, 2009]
- Crazy Night of Emails to Government - November 8th, 2009 [November 8th, 2009]
- Adrienne Carlson's Personalized Medicine. - November 8th, 2009 [November 8th, 2009]
- Tell Me, How do you feel now? Sherpa's RX - November 8th, 2009 [November 8th, 2009]
- This Just In. 23andMe to go to GPs. I love my readers!! - November 8th, 2009 [November 8th, 2009]
- Sorry so long away - November 8th, 2009 [November 8th, 2009]
- 2D6 Rears its ugly head..... - November 8th, 2009 [November 8th, 2009]
- Ok, Fine, Back to Plavix - November 8th, 2009 [November 8th, 2009]
- Kaiser a protoype for Collins' Aim - November 8th, 2009 [November 8th, 2009]
- A few months late to the party.... - November 8th, 2009 [November 8th, 2009]
- Stated Another Way....... - November 8th, 2009 [November 8th, 2009]
- Excuse Me? Harvard and Navigenics? WTF? - November 8th, 2009 [November 8th, 2009]
- Follow up to Yesterday's WTF? Harvard, Navi? and Pfizer??? - November 8th, 2009 [November 8th, 2009]
- Did you get your kit? Thanks Dr. Rob from MedCo - November 8th, 2009 [November 8th, 2009]
- Gluco...Wha? Parkinson's Disease and Glucocerebrosidase mutations. - November 8th, 2009 [November 8th, 2009]
- Away and now back, What did I miss???? 23andme layoffs? Selling Genomes for cheap up next! - November 8th, 2009 [November 8th, 2009]
- Change IS Needed. I agree with William, sometimes. - November 8th, 2009 [November 8th, 2009]
- Good Enough Science? Apparently so at 23andme - November 8th, 2009 [November 8th, 2009]
- Long QT Syndrome, location matters - December 13th, 2009 [December 13th, 2009]
- Congratulations Generation Health. Nice pick up! - December 13th, 2009 [December 13th, 2009]
- An argument 23andSerge can't win...23andme but not medicine - December 13th, 2009 [December 13th, 2009]
- Stop. Breathe. Repeat. An analysis of the direction of DTC Genomics Field. - December 13th, 2009 [December 13th, 2009]
- Hey DTC genomics, Stay Private, Stay Alive, Go Public and Die - December 13th, 2009 [December 13th, 2009]
- You can't have it both way. Either scared your genome is sold off or not. - December 13th, 2009 [December 13th, 2009]
- 15 Days Away Gives Time for Perspective. - December 13th, 2009 [December 13th, 2009]
- What about the SACGHS registry? Another missed opportunity? - December 13th, 2009 [December 13th, 2009]
- AJHG is in and my Favorite Muin is in it! But He Is NOT the Father! - December 13th, 2009 [December 13th, 2009]
- Navigenics for 23andMe prices? - December 18th, 2009 [December 18th, 2009]
- Lp(a) Maybe there's something there that wasn't there before? - December 24th, 2009 [December 24th, 2009]
- Another Year, Another Bankruptcy - December 31st, 2009 [December 31st, 2009]
- 5 Technologies going bye bye in this decade? - January 6th, 2010 [January 6th, 2010]
- Personal Genomics Flop.....big Belly Flop! - January 8th, 2010 [January 8th, 2010]
- Gotta Love It. Even the daycare....... - January 11th, 2010 [January 11th, 2010]
- Congratulations Navigenics. You ARE a clinical lab! Uh-Oh... - January 12th, 2010 [January 12th, 2010]
- CETP, Jewish Centenarians and Alzheimers - January 14th, 2010 [January 14th, 2010]
- Enter the "Not" DTC Genomics Rep - January 17th, 2010 [January 17th, 2010]
- Why Dr. Vanier's Navigenics appointment is good for PM - January 22nd, 2010 [January 22nd, 2010]
- Holy Crap! MedCo Follows in CVS footsteps - February 3rd, 2010 [February 3rd, 2010]
- FDA, Warfarin, still not as sexy to me. - February 5th, 2010 [February 5th, 2010]
- Hype, Hype, Hype from a single study. - February 11th, 2010 [February 11th, 2010]
- I love my readers, even Renata M! - February 17th, 2010 [February 17th, 2010]
- How can insurers use DTC genomics to profile? - February 17th, 2010 [February 17th, 2010]
- 9p21.....ahem. Paynter et.al. Smackdown. Again. - February 18th, 2010 [February 18th, 2010]
- Hey! It's Pete Hulick! Are you Going to GET? - February 19th, 2010 [February 19th, 2010]
- I was wrong......AHEM - February 28th, 2010 [February 28th, 2010]
- G2C2, finally a tool for genomic education! - March 2nd, 2010 [March 2nd, 2010]
- Just 4 million? What 23andMe is worth. - March 5th, 2010 [March 5th, 2010]
- What a difference a year makes - March 9th, 2010 [March 9th, 2010]
- ........DTC Genomic Medicine? - March 12th, 2010 [March 12th, 2010]
- The FDA, 2c19 and the ACC - March 13th, 2010 [March 13th, 2010]
- The problem with Comparative Whole Genomics...... - March 13th, 2010 [March 13th, 2010]
- BRCA testing by 23andME is the same as Myriad Genetics. - March 15th, 2010 [March 15th, 2010]
- The Argument Against DTC Genomics Marketing and such - March 16th, 2010 [March 16th, 2010]
- A moment of Clarity. Some DTCG is not bad. - March 18th, 2010 [March 18th, 2010]
- SNPs for breast cancer risk? It Depends. - March 18th, 2010 [March 18th, 2010]
- How can MDVIP use Navigenics Test for Medicine? - March 18th, 2010 [March 18th, 2010]
- Why did P&G invest in Navigenics? - March 23rd, 2010 [March 23rd, 2010]
- PGx in DTCG? Doesn't stand up to Useful testing. - March 25th, 2010 [March 25th, 2010]
- End of Gene Patents? - March 29th, 2010 [March 29th, 2010]
- Sherpa Accepting Chief Medical Officership - April 3rd, 2010 [April 3rd, 2010]
- The Rumors of My Death........ - April 20th, 2010 [April 20th, 2010]
- Happy DNA Day! - April 25th, 2010 [April 25th, 2010]
- 99 USD, DNA day and patient letters - April 25th, 2010 [April 25th, 2010]
- 2C19, Navigenics and Clinical Reality. - May 1st, 2010 [May 1st, 2010]
- Coriell Personalized Medicine Collaborative rising - May 7th, 2010 [May 7th, 2010]
- Personal Genomes in Clinical Care. Quake paper is a waste! - May 11th, 2010 [May 11th, 2010]
- Personal Genomes in Clinical Care. Quake paper Falls Short! - May 13th, 2010 [May 13th, 2010]
- Last post edited by Drew - May 13th, 2010 [May 13th, 2010]
- GateKeeper? FCUK U! - May 13th, 2010 [May 13th, 2010]
- GateKeeper? F! U! - May 15th, 2010 [May 15th, 2010]
- Potential of genomic medicine, LOST - May 19th, 2010 [May 19th, 2010]
- How Bad Can a House Investigation be for DTC Genomics? - May 20th, 2010 [May 20th, 2010]
- Couldn't you have picked a better Gene Set Berkeley? - May 21st, 2010 [May 21st, 2010]