A bill (SB-980) that confirms the Genetic Information Privacy Act has been approved by the California Senate. Currently, California Governor Gavin Newsom simply needs to sign the bill.
The Genetic Information Privacy Act will bring in new requirements for businesses providing direct-to-customer genetic tests to safeguard consumer privacy and protect personal and genetic data.
Presently, direct-to-client genetic testing services are mostly not regulated. There is the worry that the tactics of organizations that provide these services can possibly expose sensitive genetic information and that external parties can exploit the utilize of genetic information for sketchy purposes, for example, mass surveillance, tracking people with no authorization, or expose genetic data causing discrimination against particular persons. As opposed to a lot of elements of “protected health information”, genomic information is secure and goes through little change through the lifetime of a person, thus any sharing of genetic data may have life-long implications for the person involved.
The Genetic Information Privacy Act is going to cover any organization that sells, promotes, interprets, or perhaps provides genetic testing services that are started directly by customers. The Act is not applicable to licensed companies who are diagnosing or treating a medical problem.
The Act has a number of privacy and data security terms. All customers should be given notice concerning the company’s policies and processes regarding the gathering, use, upkeep, and sharing of personally identifiable genetic information.
Express permission should be received from clients before the collection, usage, or disclosure of a customer’s genetic data, and another express authorization ought to be secured for specifically defined activities, for instance, any sending of genetic information to a third party and advertising based on a client’s genetic info. In case a customer decides to withdraw their permission at any moment, any biological samples presented need to be destroyed in 30 days of the withdrawal, reversal being received.
Any business needed to adhere to the Genetic Information Privacy Act should implement sensible security steps, procedures, and routines to make sure that a client’s genetic information is safeguarded against unauthorized access, usage, changes, exposure, and destruction.
Policies and procedures ought to be created and executed to allow a customer to access their genetic information, have their account and genetic data taken out, and their sample destroyed. Genetic data exposures to particular entities, which include those that provide medical and life insurance and businesses, are not allowed, subject to specific exemptions. Businesses are additionally forbidden from discriminating against a client for availing the rights provided to them by the Genetic Information Privacy Act.
Any medical data under the California Confidentiality of Medical Information Act is exempted, like any protected health information (PHI) gathered, retained, used, or shared by HIPAA-covered entities or their business associates, as per the HIPAA and the HITECH Act.
Any entity under the Genetic Information Privacy Act discovered to have broken any of its conditions will be issued civil monetary penalties.