SSA logo: link to Social Security Online home

APPLICATION OF HIPPA REGULATIONS TO GENETIC INFORMATION[192]

Sec1180[42 U.S.C. 1320d–9] (a) In General.—The Secretary shall revise the HIPAA privacy regulation (as defined in subsection (b)) so it is consistent with the following:

(1) Genetic information shall be treated as health information described in section 1171(4)(B).

(2) The use or disclosure by a covered entity that is a group health plan, health insurance issuer that issues health insurance coverage, or issuer of a medicare supplemental policy of protected health information that is genetic information about an individual for underwriting purposes under the group health plan, health insurance coverage, or medicare supplemental policy shall not be a permitted use or disclosure.

(b) Definitions.—For purposes of this section:

(1) Genetic information; genetic test; family member.—The terms “genetic information”“genetic test”and “family member” have the meanings given such terms in section 2791 of the Public Health Service Act (42 U.S.C. 300gg–91)[193], as amended by the Genetic Information Nondiscrimination Act of 2007.

(2) Group health plan; health insurance coverage; medicare supplemental policy .—The terms “group health plan”and “health insurance coverage” have the meanings given such terms in section 2791 of the Public Health Service Act (42 U.S.C. 300gg–91)[194], and the term “medicare supplemental policy” has the meaning given such term in section 1882(g).

(3) HIPAA privacy regulation.—The term “HIPPA privacy regulation” means the regulations promulgated by the Secretary under this part and section 264 of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d–2 note) [195].

(4) Underwriting purposes.—The term “underwriting purposes” means, with respect to a group health plan, health insurance coverage, or a medicare supplemental policy—

(A) rules for, or determination of, eligibility (including enrollment and continued eligibility) for, or determination of, benefits under the plan, coverage, or policy;

(B) the computation of premium or contribution amounts under the plan, coverage, or policy;

(C) the application of any pre-existing condition exclusion under the plan, coverage, or policy; and

(D) other activities related to the creation, renewal, or replacement of a contract of health insurance or health benefits

(c) Procedure.—The revisions under subsection (a) shall be made by notice in the Federal Register published not later than 60 days after the date of the enactment of this section and shall be effective upon publication, without opportunity for any prior public comment, but may be revised, consistent with this section, after opportunity for public comment.

(d) Enforcement.—In addition to any other sanctions or remedies that may be available under law, a covered entity that is a group health plan, health insurance issuer, or issuer of a medicare supplemental policy and that violates the HIPAA privacy regulation (as revised under subsection (a) or otherwise) with respect to the use or disclosure of genetic information shall be subject to the penalties described in sections 1176 and 1177 in the same manner and to the same extent that such penalties apply to violations of this part.


[192]  See Vol. II, P.L. 110-233, §105(b)(1), with respect to the deadline for issuing final regulations.

[193]  See Vol. II, P.L. 78-410, §2791.

[194]  See Vol. II, P.L. 78-410, §2791.

[195]  See Vol. II, P.L. 104-191, §264.