As more Americans sidestep doctors’ offices to order lab tests and genetic screenings online, privacy experts warn that the new trove of sensitive health data could end up in the hands of companies selling certain types of insurance, lenders, employers, or law enforcement.
Patients’ health data are typically protected under the Health Insurance Portability and Accountability Act, or HIPAA. But that federal law only applies to hospitals, physician practices, and other entities involved in coordinating or paying for patient care. The new breed of startups that sell blood panels and genetic tests — typically not covered by health insurance — directly to consumers aren’t always considered medical providers as defined by the law.
