Patients allege Myriad Genetics withheld gene data, violate HIPAA

HIPAA is most commonly thought of as the health privacy law, ensuring healthcare organizations safeguard the health information of individuals. However, the law also guarantees patients access to their health information, and four patients are citing the law in a complaint that a genetic testing company is withholding their information, reports STAT.

The American Civil Liberties Union filed the complaint on behalf of the four individuals who claim Salt Lake City-based Myriad Genetics Laboratories did not provide them their full genetic information.

According to the complaint, Myriad performed a test to determine the hereditary risks for certain types of cancers. The complainants reportedly received a copy of the test report for those hereditary risks, but they sought access to their full genetic information, including all genetic variants identified in the testing process. "Complainants…are focused on gaining access to a complete list of all variants identified in their genes by Myriad, including all variants that Myriad identified but did not disclose in its test reports," according to the complaint.

The complaint cites a recent HHS guidance on HIPAA, which says patients have the right to access a designated record set maintained by or for a clinical laboratory, and that record set includes "not only the laboratory test reports but also the underlying information generated as part of the test, as will as other information concerning tests a laboratory runs on an individual."

The complaint was filed Thursday, and notes on Wednesday evening Myriad provided the four consumers with their requested information. However, the complaint indicates Myriad still has not provided the consumers with access to their genetic information. Instead, the company "wanted to voluntarily follow up regarding additional information," the complaint states, quoting Myriad's correspondence. "Thus, Myriad continues to violate HIPAA by maintaining a position that denies patients access to this data."

Myriad issued a statement saying the complaint lacks merit and the company complied with the consumers' requests for their designated record set and all requested personal health information.

"We believe the company has acted appropriately, responsibly and in compliance with the laws and regulations governing patients' rights to access their genetic data," said Richard Marsh, general counsel for Myriad. "Our policy is that all patients who receive a test from Myriad can obtain their test results and records directly from the company or through their healthcare provider."

More articles on HIPAA:

You may be violating HIPAA and you don’t even know It 
Patients receive fraudulent HIPAA notification letter from medical group 
Not-so-sensitive data: The case for unprotected health information 

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months