Dedicated to providing the latest
HIPAA compliance news

ACLU Claims Myriad Genetics Violated HIPAA Rules by Withholding Genetic Data

Share this article on:

Late last week, a complaint was filed with the Department of Health and Human Services’ Office for Civil Rights by the American Civil Liberties Union after Myriad Genetics refused to provide four patients with copies of their full genetic records – an alleged breach of the HIPAA Privacy Rule.

The patients in question had undergone genetic tests to assess hereditary risk for bladder, breast, and ovarian cancer. Myriad provided the patients with details of the genetic factors which were deemed to be significant and useful for healthcare providers. However, the data provided to the patients did not include information about all of the genetic variants Myriad’s testing had uncovered.

The patients requested copies of all of their genetic data that was held by Myriad Genetics, including the genetic variants that Myriad deemed not to pose a risk to the patients.

Myriad refused to provide copies saying the patients were not entitled to copies of the withheld data. It was claimed that the withheld data was not part of the designated record set which Myriad is required to provide to patients under the HIPAA Privacy Rule.

The complaint was filed with OCR because the patients wanted access to this information so they could “proactively track their families’ genetic dispositions to cancer.” The patients also wanted the option of providing those data to healthcare organizations for research purposes and also to enable them to submit the data to public databases.

After learning of the pending legal action, Myriad voluntarily decided to provide all of the data to the four patients as requested; however, that was not enough to stop legal action being taken against the company for alleged violations of HIPAA Rules.

Myriad does not believe HIPAA Rules have been violated and that the company is within its rights to withhold the data. The data that were initially withheld were not deemed to be relevant to healthcare providers for the purpose of providing treatment to patients, and therefore were not supplied as part of the designated record set.

ACLU senior staff attorney Sandra Park explained that while the four patients now have copies of the information they requested, Myriad still refuses to accept that all genetic testing data should be included in its designated record set. This potentially could result in other patients having difficulty obtaining all of their data in the future. She said “Myriad needs to recognize that HIPAA protects all of its patients’ rights to access their complete genomic information.”

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On