Vol. II No. 4: A Preliminary Summary of HIPAA and Genetic Privacy

Mona Alrazzaq, Wayne Kuo, Alexander Rotberg, Anna Sun

Summary Author: Anna Sun

Editor’s Note: Due to the constraints of COVID19 and the global health pandemic, this final article did not see full completion. Research and preliminary writing took place, but a full article is not represented here. In its place, one of our writers provided a brief summary of some of the concerns and questions surrounding HIPAA and genetic privacy and transparency, to give a sample of the work we hoped to finish. UGLR is grateful for all our writers’ work and flexibility in such an uncertain time, as well as for the understanding of our readers.


Brief Summary

One of the most prominent responses to this concern is the Health Insurance Portability and Accountability Act that was passed by Congress in 1996, otherwise known as HIPAA. HIPAA consists of five titles that aim to protect health insurance coverage, prevent health care abuse and fraud, enforce guidelines for pre-tax medical spending accounts and group health plans, and govern company-owned life insurance policies. Title II of HIPAA is most prevalent with regards to protecting health care information, as it includes the Privacy Rule which defines protected health information (PHI) as any individually identifiable health information that is maintained by a covered entity or business associate and is transmitted or maintained in any form.

Despite the implementation of HIPAA, many corporations have been accused of violating the privacy rights of their consumers by sharing data with third party consumers. In 2017, the University of Chicago Medical Center collaborated with Google to develop machine learning techniques and create predictive models in order to improve healthcare analysis, based on patient records from the medical center. However, both the university and Google were sued in a class-action lawsuit as the patient records contained identifiable information, leading to privacy concerns as Google could potentially sell the data to possible data brokers and other third-party clients. While Google claims that their actions were in compliance with HIPAA, the lawsuit brings into question whether HIPAA has become outdated as it was enacted before the development of many new technological advancements.

The modern development of crowdsourcing also raises another issue with regards to HIPAA and protected health information. In a medical context, crowdsourcing allows individuals to list their symptoms and medical history online in order to receive answers from a medical professional if they are unable to obtain quality in-person health care. The main concern with medical crowdsourcing is whether the online information provided by patients falls under the distinction of protected health information, therefore leading to a violation of HIPAA if it does, as the internet can be accessed freely and there is no guarantee that the information can be kept private. One possible solution would be to enact legislation that would limit access to these medical crowdsourcing websites and control those who are granted access.

The growing need for modernized health care legislation has become evident, as HIPAA has proven to be outdated and unable to encompass the advanced issues that arise with improvements in technology and society. It is clear that these problems will only increase in the coming years without the proper intervention by lawmakers in order to ensure that the healthcare information of American citizens are protected.