Current Issue Pic Top Harvard Health Policy Review Current Issue Top
Current Issue Pic Middle About Us Fill Current Issue Bottom
Links  
Contact Us Fall 2001; Volume 2, Number 2
Health Highlights

The DNA Code Meets The United States Code: Legal Protections Against Genetic Discrimination

David C. Bowen, Ph.D. and Nancy Segal, JD

page 1 | page 2 | page 3

Once in a great while, a scientific discovery is made that can transform both science and society. Humankind’s newly acquired ability to map and ultimately alter its own genetic traits may well be one such epochal discovery. While recent advances in genetics are the work of thousands of scientists in dozens of countries, the most prominent symbol of our newfound mastery of the gene was the announcement in June 2000 that two vast teams of scientists had determined the DNA sequence of the human genetic code. No movie star ever had better timing than this discovery, which arrived at the perfect moment to symbolize the end of a century of physics and the beginning of a century of the gene. The most immediate use of the data from sequencing the genome will be to increase our understanding of the links between genetic traits and disease. Medicine has already benefited from the first trickle of what will soon become a flood of new discoveries about the links between genetic mutations and particular diseases. One well-known example of such a link is the correlation between a mutation in two genes, BRCA1 and BRCA2, and an elevated risk of breast and ovarian cancer. The benefits of a test for mutations in these genes were recently illustrated by a large-scale study showing that women with the mutation significantly increased their life expectancy by undergoing prophylactic mastectomy. One in eight of the women who tested positive for mutations in one of the two genes, but did not undergo mastectomy, developed breast cancer within three years of the study, whereas all the women who underwent the surgery remained cancer-free.1 Clearly, undergoing a prospective mastectomy is a step that few women would undertake without a compelling medical reason to do so. One message of the study is that testing positive for a BRCA mutation may provide such a reason. If used to guide medical decision-making, the BRCA test can thus be an extraordinary boon to women in evaluating a treatment that could save their lives. Yet this new understanding of the genetic basis of disease holds risks as well as benefits. The knowledge that a woman carries a BRCA mutation can be used to inform medical decision-making. But an employer might view that same information to mean that a woman was ordained inevitably to contract cancer. Such is the power of genetics that many non-specialists regard the presence of a genetic mutation as an unalterable prediction that a person will express a disorder that has been associated with that mutation. Thus, a person’s genetic signature is not seen as one of many factors affecting his or health, but rather as the determinative factor. With these misconceptions so prevalent, employers may increasingly come to rely on genetic testing to “weed out” those employees who carry genetic traits associated with undesirable characteristics. Similarly, genetic traits may come to be used increasingly by insurance companies to deny coverage to those who are seen as “bad genetic risks.” Enabling employers, insurers and others to base decisions about individuals not on their actual characteristics, but rather on the characteristics that are assumed to be their genetic destiny would be a truly dystopian outcome of our vast national investment in genetic research. The challenge lawmakers must face is in harnessing the great potential benefits that come from understanding the human genome while preventing undesirable uses of genetic information. This essay reviews the current legal protections against genetic discrimination and previews Congressional action likely to occur on this issue in the near future.

Public Concerns about Misuse of Genetic Information

Genetic information and its applications offer great opportunities to save lives and prevent the onset of disease. However, the medical progress made possible by genetics studies, such as those on BRCA, is dependent on the willingness of study volunteers to undergo genetic testing. Such willingness may be increasingly hard to come by. Fears surrounding possible misuse or unauthorized disclosure of genetic data have increasingly come to affect the willingness of individuals to participate in genetic research. A national telephone survey of more than 1,000 people on this issue found that 63% of respondents said they would not take genetic tests if health insurers or employers could get access to the results.2 Even when patients do volunteer for research, they or the investigators conducting the research may conceal identifying information out of fears of genetic discrimination.3 These fears extend to clinical practice. Genetic counselors report that fears about breaches of privacy and improper use of genetic data are widespread among their patients, who often agonize about the decision to take a genetic test. These reports are substantiated by a growing body of evidence documenting reluctance among at risk populations to undergo genetic testing. For example, only 43% of those at risk for hereditary colon cancer participated in a genetic testing program4 and the same percentage of women at risk for breast cancer participated in a genetic test for that disease.5

More broadly, the public at large routinely expresses a strong desire to keep genetic data private. In a 1995 Harris poll, 85% of respondents indicated that they were either “very concerned” or “somewhat concerned” that insurers and employers might gain improper access to their genetic data.6 In a Gallup poll, 93% of respondents stated that government researchers should not be allowed to study an individual’s genetic information without consent.7 Fears about the possible misuse of genetic knowledge have translated into a deep-seated mistrust of genetic research. In a survey taken at the time the human DNA sequence was announced, 46% of respondents said they expected harmful results to occur as a result of the research, while 41% viewed the genome project as morally wrong.8

Despite this widespread concern about misuse of genetic data, there is no comprehensive federal law protecting either the privacy of genetic information or prohibiting the use of such data to deny insurance coverage or affect employment status. Instead, there is a patchwork of often weak or incomplete protections, based on other laws that were not designed for this purpose. While some states have enacted protections against genetic discrimination, they vary widely in effectiveness and scope.9

Federal Law on Genetic Discrimination in Insurance

HIPAA and Insurance

In health insurance, the Health Insurance Portability and Accountability Act (HIPAA) affords some protection against discriminatory practices based on an individual’s genetic traits. HIPAA ensures that individuals who change insurance carriers (usually after switching jobs) do not have their coverage denied or unduly restricted because of preexisting medical conditions. HIPAA also prohibits an insurance carrier from charging one individual within a group, higher rates than other “similarly situated” individuals in the same group.

Since HIPAA includes genetic information as part of its definition of a preexisting medical condition, the Act might at first glance appear to protect against genetic discrimination in insurance. However, HIPAA, has several important blind spots. First, HIPAA applies only to the group insurance market. Under HIPAA, it is still entirely legal for carriers selling insurance in the individual market to deny coverage or to charge exorbitant rates to individuals based on genetic traits, regardless of whether those traits affect a person’s current health status.

Second, violations of HIPAA are subject only to relatively weak administrative sanctions. Under the Act, individuals who have suffered discriminatory treatment have no recourse to litigation to address their grievances. Rather, they must rely on a sometimes cumbersome system of administrative enforcement through the federal Department of Health and Human Services (HHS). Even if an HHS review finds that an insurance carrier has engaged in discriminatory practices, the company may be fined only a maximum of $100 per day – a tiny sum in the multimillion dollar world of insurance.

HIPAA and Privacy

In addition to its provisions on insurance coverage, HIPAA also deals with the privacy of medical records. It comes as a surprise to many citizens to learn that there is as yet no functional comprehensive federal regulation protecting the privacy of medical information. HIPAA, which passed in 1996, stated that if Congress failed to enact a comprehensive law on medical privacy by August 21, 1999, then the Secretary of HHS would be required to issue privacy regulations. To cut a long and bitterly contentious story short, Congress was unable to enact a privacy law by the required deadline, so HHS issued regulations on medical records privacy in December 2000 that are scheduled to go into effect for large businesses in April 2003 and for small businesses the following year.10

These HHS medical privacy regulations are of obvious relevance to the debate on genetic discrimination. While people fear discriminatory action based on their genetic traits, they also fear the unauthorized disclosure of genetic information. Here again, HIPAA appears at first glance to protect against improper practices, but on closer inspection is found wanting.

While the HHS privacy regulations are comprehensive in many respects, they are limited by the underlying statutory framework of HIPAA, which applied only to three named categories of businesses: providers (i.e. doctors’ offices), payers (i.e. insurance companies) and information clearinghouses. However, medical information is increasingly becoming dispersed beyond these “covered entities”. For example, a bank may provide insurance coverage for its employees. The insurance arm of the company would thus gain access to the medical records of its enrollees. It does not take a vast stretch of the imagination to believe that this information might find its way into the hands of the employer’s personnel department or even into bank’s mortgage lending department.

Due to the underlying statutory constraints of HIPAA, the new HHS privacy regulations cannot directly affect employers or other non-covered entities. Instead, the regulations require any non-covered entity to enter into a contract with a covered entity promising that it will respect the privacy of information transmitted from the covered entity to the non-covered entity.11
If this all sounds a bit convoluted, that’s because it is. Many have argued that a more straightforward system that protects medical information directly – wherever it is and whomever controls it – would be a smoother and more effective system of regulation.12
The need to protect the privacy of medical information is particularly acute for genetic information. While knowledge that a person has hemorrhoids or herpes may be embarrassing to that individual, knowledge about genetic traits may be damaging not only to an individual but also to siblings or children. Due to the extreme sensitivity of genetic information and the possibility that improper disclosures may harm more than one individual, many proponents of legislation on genetic discrimination have sought to include privacy protections that directly protect the genetic information itself, rather than relying on the indirect protections established under the HIPAA regulations.

page 1 | page 2 | page 3
Subscribe
EPIHC
 
Home
 
Fill
Spring 2001, Volume 2, Number 1
Table of Contents
Editor's Note
Features: Violence and Healthcare
Gun Violence
Health Highlights
In Focus
Seal
 
Bar

about us | links | contact us | subscribe | epihc