Data Protection

Q. How does HLI protect my health information?

HLI is committed to protecting the privacy of its clients and to safeguarding identifiable health information.  HLI has adopted a Privacy and Security Compliance Program to assure its compliance with Federal regulations and state law governing patient privacy and health information security.  Below are examples, not a complete list, of measures in place:

  • Data confidentiality is protected by limiting the security access to only those company users authorized to view and/or work the data.
  • All HLI workforce members are trained to protect the privacy and security of PHI and to follow the Program policies and procedures whenever they use, disclose, maintain, transmit, or access PHI.
  • HLI promotes a culture of privacy and security awareness and ensures that clients are afforded specific rights and protections related to their medical information.
  • HLI regularly schedules risk assessments of the vulnerabilities and threats to client information and implements reasonable and appropriate safeguards to mitigate such risks.
  • HLI evaluates the effectiveness of the Program on an ongoing basis leveraging security best practice frameworks and works to modify policies and procedures from time to time in light of technological, environmental, operational, and regulatory changes.

Q. What does HLI do with genome data?

We believe that comprehensive data will lead to deeper knowledge about individuals – where more can be learned about one through their comparison with many. That information is then scoured to remove identifiable labels and is added into the pool of information from which we believe novel insights will be gleaned. This de-identified data from our customers is incorporated into the HLI database which – through aggregation of other de-identified data from other studies and collaborations – forms the most comprehensive database of whole genome, phenotype and clinical data.  This database is designed to better inform healthcare and generate discovery, as its study generates health intelligence.  The growth of this database enables customers as discoveries are made with greater information.

What are the Personal Privacy, Genetic Information, and Legal Protections for Informed Consent of Whole Genome Sequencing?

  • Consent
    • Required prior to ANY sample collected for genetic testing or molecular genetic analysis
    • Consent laws created and enforced primarily at the state government level; federal regulations may apply in some situations (eg, stored tissue samples)
    • Consent required even for population level analysis, employers, etc.
    • Separate expressed consents required for research and also if personal health information is to be published in the scientific/medical literature
  • HIPAA
    • Health Insurance Portability and Accountability Act (HIPAA) established privacy and security standards, including individual rights for health information
    • Health Information Technology for Economic and Clinical Health Act (HITECH) strengthened HIPAA regarding criminal and civil penalties, breach notification, and enforcement
  • GINA
    • Genetic Information Nondiscrimination Act (GINA) signed into law in 2008
    • Enacted to protect individuals from misuse of genetic information by health insurance carriers and employers
    • Designed to removed barriers to the appropriate use of genetic services by the public
    • Some state laws also extend coverage to prohibit discrimination by one or more of the following: life insurance, disability, or long term care carriers, which are not covered in GINA.