Is 23andMe HIPAA compliant?

George Davidson
Dec 02, 2020

No, 23andMe isn’t HIPAA compliant.

23andMe isn’t HIPAA compliant because the Health Insurance Portability and Accountability Act (HIPAA) only applies to healthcare organizations and providers, such as physicians, insurance companies, hospitals, and applicable business associates. HIPAA doesn’t apply to private genetic testing and genealogy services, such as 23andMe and other similar businesses. These services aren’t considered covered entities.

Current HIPAA privacy laws were in place before genetic privacy became a concern. HIPAA laws don’t protect personal data shared with genealogy testing providers. 

The collection of genetic information gives 23andMe more sensitive information than a healthcare provider or a doctor. Unfortunately, HIPAA doesn’t hold these genetic testing services to the same standard of confidentiality as covered entities.

Few restrictions are in place outside of HIPAA to protect genetic data. For example, the government might access genetic information in private or public databases if national security is at risk. Individuals who contribute DNA to 23andMe could face law enforcement scrutiny if a relative’s genetic data provides probable cause in a criminal investigation. (23andMe only releases clients’ information to law enforcement upon receipt of a court order).

23andMe also collects other information through social media and real-time tracking of online activity. The company uses this data for marketing. It also shares customer information for research, as long as customers consent to participate in its research efforts.

Product details

Company Logo

Business Associate Agreement

No

HIPAA Compliant

No

Product description

23andMe is a direct-to-consumer genetic testing and analysis service to help individuals understand and access personal information about the human genome.

Disclaimer:

Readers should perform their own research before making the final decision. The information on the JotForm HIPAA Compliance Checker does not constitute official healthcare or legal advice. JotForm is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction