The rise of individual genetic information has also meant the increase of this health information being incorporated into medical records.  While the Genetic Information Nondiscrimination Act of 2008 (GINA) prohibits the use of genetic information to discriminate against individuals in health coverage and insurance, it does not preclude Covered Entities or Business Associates from disclosing this information.  Ultimately, it is the health record recipient’s responsibility to not make decisions based on genetic information in accordance with GINA.

What’s The Backstory?

HIPAA isn’t the only federal confidentiality legislation that applies to medical records.  In 2008, GINA was introduced to prevent health plans and employers from discriminating against individuals based on their genetic information. In the healthcare industry, GINA dictates that insurance providers may not take into consideration the genetic history of a coverage applicant or customer when making decisions regarding that individual’s qualification for coverage.

What Can I Disclose?

While operating under the regulatory standards of HIPAA and GINA, Covered Entities can disclose all requested records that accompany proper patient authorization to requestors. GINA in no way prevents releasing the requested record when accompanied by a valid patient authorization, even when the record contains genetic information.  Should a record containing genetic information be requested and released to a health plan provider, the responsibility for ensuring that information is not used for discriminatory purposes rests with the requestor.

As long as there is a valid, HIPAA-compliant authorization in place, Covered Entities operate under no obligation to remove, redact, or otherwise prevent the disclosure of a patient’s genetic information.

GINA applies specifically to the underwriting practices of health plan providers. It is unreasonable for health plan providers to expect all other Covered Entities and Business Associates to do them a favor by executing additional auditing and removing genetic information from the chart when it is authorized to be sent by the patient.  In accordance with HIPAA, you can defer to the patient authorization rather than requestor preferences on what is to be disclosed.


Occasionally requestors push back, indicating genetic information should not be included in the release of records.  However, these requestors may have overlooked that they are simply making a request to have the information excluded from the release; they aren’t entitled to demand the exclusion under GINA.  Covered Entities and Business Associates should not have to shoulder the burden of additional auditing when GINA clearly states the responsibility falls on the requestor to use the information disclosed in an appropriate manner.

What if The Information Is Restricted?

Should a patient submit documentation that they wish to restrict the release of their genetic information from a requestor, their instructions should be followed. The records should then be redacted to prevent the restricted information from being disclosed.

Release the Records Requests

Is the pushback from requestors on including genetic information in requests confusing your health information management team? ScanSTAT is here to help.  We’re happy to handle both the routine requests, and the more complicated, allowing you to focus on taking care of your patients instead of paperwork.  If you’d like to learn more about how we can alleviate these requests from your daily workload, reach out to us to schedule a demo today.

This FAQ is for informational purposes only and does not constitute legal advice. Seek your own legal counsel to ensure compliance with federal and state law.