ZDNET Review Flags Privacy Risks in 10 At-Home DNA Tests as HIPAA Coverage Varies
Updated
Updated · ZDNet · Jun 13
ZDNET Review Flags Privacy Risks in 10 At-Home DNA Tests as HIPAA Coverage Varies
3 articles · Updated · ZDNet · Jun 13
Summary
A review of 10 direct-to-consumer DNA and health testing companies found privacy protections, FDA review and follow-up care vary sharply, with some services potentially falling outside HIPAA despite health-data marketing claims.
HIPAA language often proved limited or ambiguous: experts told ZDNET terms like “HIPAA-compliant” or “HIPAA-grade” can describe security practices without meaning the full consumer transaction is legally protected medical data.
Privacy policies across all 10 companies also allowed some form of disclosure for legal demands, while several described uses of de-identified or aggregated data for research, marketing or third-party access.
Genetic data carries broader stakes because it is permanent and can expose relatives; experts said U.S. law still leaves gaps for life, disability and long-term-care insurance and offers no blanket DNA privacy guarantee.
CLIA or CAP lab credentials were common, but FDA mentions were sparse and usually test-specific, reinforcing experts’ warning that consumers may get technically valid results without clear interpretation or consistent medical follow-up.