What guidance does HIPAA offer to providers considering familial risk notification and cascade genetic testing?

Nora B. Henrikson, Jennifer K. Wagner, Heather Hampel, Christopher Devore, Nirupama Shridhar, Janet L. Williams, Katherine E. Donohue, Iftikhar Kullo, Anya E.R. Prince

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


Background: It is unclear how the Health Insurance Portability and Accountability Act (HIPAA) should be interpreted in the context of sharing of genomic information between family members. Methods: The authors analyzed the HIPAA Privacy Rule, reviewed the literature and constructed a clinical scenario to inform how HIPAA can be interpreted for multiple forms of patient- and provider-mediated genetic risk notification. Results: Under HIPAA, healthcare providers can lawfully notify relatives to recommend genetic risk assessment using multiple approaches, including supporting the patient telling their own relatives, contacting relatives directly with the patient's authorization, or contacting a relative's provider directly. Conclusions: Multiple forms of patient- or provider-mediated contact of relatives are already legally permissible under HIPAA, are consistent with ethical obligations of care to patients and their families, and could result in improved population health through identification of clinically actionable disease risk. Unanswered questions remain about implementation and impacts of provider-mediated programs.

Original languageEnglish (US)
Article numberlsaa071
JournalJournal of Law and the Biosciences
Issue number1
StatePublished - Jan 1 2020

All Science Journal Classification (ASJC) codes

  • Medicine (miscellaneous)
  • Biochemistry, Genetics and Molecular Biology (miscellaneous)
  • Law

Cite this