Introduction

The Genetic Information Privacy Act (GIPA) is a state statute that provides privacy and anti-discrimination protection of the genetic testing, and information derived from genetic testing, of individuals in Illinois.

Applicability

GIPA governs genetic testing and genetic information. These terms, as well as many others used in GIPA, depend on HIPAA regulations for their definitions. 

Under HIPAA, genetic test means an analysis of human DNA, RNA, chromosomes, proteins, or metabolites, for the detection of genotypes, mutations, or chromosomal changes. Excluded from the definition is any analysis of an individual’s manifested disease, disorder, or pathological condition. A recent amendment brings direct-to-consumer commercial genetic testing kits within the scope of this term. Genetic information means information about the genetic services received by the individual or any family member of the individual.

In addition to its general provisions, confidentiality requirements apply specifically to employers and insurers. Employers may be the state or local government units, apprenticeship and training organizations, as well as private employers within the state. An insurer is a managed care plan that is subject to the jurisdiction of the Illinois Director of Insurance.

Requirements

The statute provides a general prohibition against disclosure of genetic information to any entity other than the person tested. There is also a specific prohibition against the disclosure of the identity of the test subject, and the test results. Disclosures, in that case, are allowed for the test subject, individuals authorized by the test subject, and any health care provider providing patient care with a need to know. And generally, the information is inadmissible in court except for identification purposes in a criminal investigation or prosecution.

Additional confidentiality requirements are placed on two types of entities—insurers and employers. Insurers are prohibited from using genetic information for accident and health policy underwriting purposes unless the subject voluntarily submits the results, and the results are favorable. Favorable results are not defined under GIPA, but they may include, for example, an eligibility determination and a reduction of the premium or contribution amount.

Employers are not only subject to GIPA’s confidentiality requirements, but also to anti-discrimination provisions. Employers may not incentivize employees, or candidates for employment, in exchange for taking a genetic test. Further employers are prohibited from discriminating against employees in relation to a genetic test or genetic information. Specifically, they are not allowed to take the following actions concerning genetic tests and genetic information:

  1. Solicit, request, or purchase it as a condition of employment
  2. Affect the terms, conditions, or privileges of employment because of it
  3. Adversely affect, limit, segregate, or classify employees based on it
  4. Retaliate against a person alleging a violation of GIPA

Now that direct-to-consumer commercial genetic testing companies are within the scope of GIPA, they are prohibited from sharing genetic test information or personally identifiable information with any health or life insurance company without the subject’s written consent.

Enforcement & Liability

An individual harmed by a violation of GIPA may file a civil suit in the Illinois circuit court or federal district court. The Illinois Attorney General is authorized to enforce the statute. Further, Article XL of the Illinois Insurance Code provides the exclusive remedy for violations of Section 30 by insurers, and thus may be enforced by the Illinois Insurance Director.

Penalties

A violator may be subject to liquidated damages or actual damages, depending on which is greater. Liquidated damages are $2,500 for a negligent violation, while an intentional or reckless violation is $15,000.