What guidance does HIPAA offer to providers considering familial risk notification and cascade genetic testing?

Nora B. Henrikson, Jennifer K. Wagner, Heather Hampel, Christopher Devore, Nirupama Shridhar, Janet L. Williams, Katherine E. Donohue, Iftikhar Kullo, Anya E.R. Prince

Research output: Contribution to journalArticlepeer-review


Background: It is unclear how the Health Insurance Portability and Accountability Act (HIPAA) should be interpreted in the context of sharing of genomic information between family members. Methods: The authors analyzed the HIPAA Privacy Rule, reviewed the literature and constructed a clinical scenario to inform how HIPAA can be interpreted for multiple forms of patient- and provider-mediated genetic risk notification. Results: Under HIPAA, healthcare providers can lawfully notify relatives to recommend genetic risk assessment using multiple approaches, including supporting the patient telling their own relatives, contacting relatives directly with the patient's authorization, or contacting a relative's provider directly. Conclusions: Multiple forms of patient- or provider-mediated contact of relatives are already legally permissible under HIPAA, are consistent with ethical obligations of care to patients and their families, and could result in improved population health through identification of clinically actionable disease risk. Unanswered questions remain about implementation and impacts of provider-mediated programs.

Original languageEnglish (US)
Article numberlsaa071
JournalJournal of Law and the Biosciences
Issue number1
StatePublished - Jan 1 2020


  • familial implications
  • genetic testing
  • genomics
  • physician duty
  • privacy

ASJC Scopus subject areas

  • Medicine (miscellaneous)
  • Biochemistry, Genetics and Molecular Biology (miscellaneous)
  • Law


Dive into the research topics of 'What guidance does HIPAA offer to providers considering familial risk notification and cascade genetic testing?'. Together they form a unique fingerprint.

Cite this