The Genetic Information Nondiscrimination Act of 2008
On May 21, 2008, the Genetic Information Nondiscrimination Act was signed into law. Generally, this new law prohibits genetic discrimination in employment and health insurance benefits. It does so by amending several laws, including HIPAA, ERISA, the Public Health Service Act and Medicare. Clearly it will have an impact on employers and what follows is a general summary of the Act. With the increasing ability to test for genetic causes for health conditions, there is rising concern that people with adverse genetic makeup will be the victim of discrimination. To protect against that eventuality, the Act is designed to not just protect information, but preclude the misuse of information. The Act is not clear on how an employer might get the information, but if it does, then the Act applies.
Title One of the act prohibits group health plans from discriminating on the basis of genetic information with respect to eligibility, premiums and contributions. So genetic makeup cannot be a consideration when setting rate, contribution levels or eligibility. However, the Act does not preclude an increase in group rates for the manifestation of a disease or disorder commonly linked to genetic makeup, though manifestation of a disease or disorder cannot be used as "genetic information" to further increase rates for specific family members or dependents. There are also certain prohibitions on the ability of health insurers to request genetic information or require testing. Obviously HIPAA medical privacy rights also apply to information a plan obtains regarding genetic information.
"Genetic Information" is defined as information about an individual's genetic tests, information about genetic tests of family members and the manifestation of a disease or disorder linked to genetic information. a "genetic test" is an analysis of an individuals DNA, RNA, chromosomes, proteins or metabolites that detect genotypes, mutations and chromosomal changes.
I think the key component of this Act (other than its May 21, 2009 compliance deadline) is that Congress saw a hole in the definition of Protected Health Information (PHI) under HIPAA that had to be plugged. This Act seems to fit genetic testing into the HIPAA umbra even though it is not necessarily part of what HIPAA privacy regs were originally designed to protect. Certainly plans and policies will have to be amended to include a statement that the plan does not discriminate based on these genetic factors, but the practical implications will likely be minimal from a plan's perspective.
Title Two of the Act prohibits discrimination in employment practices based on genetic information. Much like HIPAA, if an employer obtains this information, it cannot base hiring and firing practices on that data. As we have already understood that to be the case for PHI, it should not be much of an issue here. However, as with plans, it is recommended (and will likely ultimately be required) that employers have a statement saying they don't discriminate on this basis.
