| 1 | 1 | | |
|---|
| 2 | 2 | | |
|---|
| 3 | 3 | | |
|---|
| 4 | 4 | | |
|---|
| 5 | 5 | | 2025 -- S 0767 |
|---|
| 6 | 6 | | ======== |
|---|
| 7 | 7 | | LC000556 |
|---|
| 8 | 8 | | ======== |
|---|
| 9 | 9 | | S T A T E O F R H O D E I S L A N D |
|---|
| 10 | 10 | | IN GENERAL ASSEMBLY |
|---|
| 11 | 11 | | JANUARY SESSION, A.D. 2025 |
|---|
| 12 | 12 | | ____________ |
|---|
| 13 | 13 | | |
|---|
| 14 | 14 | | A N A C T |
|---|
| 15 | 15 | | RELATING TO COMMERCI AL LAW--GENERAL REGULATORY PROVISION S -- |
|---|
| 16 | 16 | | GENETIC INFORMATION PRIVACY ACT |
|---|
| 17 | 17 | | Introduced By: Senators Zurier, Valverde, and Euer |
|---|
| 18 | 18 | | Date Introduced: March 14, 2025 |
|---|
| 19 | 19 | | Referred To: Senate Commerce |
|---|
| 20 | 20 | | |
|---|
| 21 | 21 | | |
|---|
| 22 | 22 | | It is enacted by the General Assembly as follows: |
|---|
| 23 | 23 | | SECTION 1. Legislative findings and short title. 1 |
|---|
| 24 | 24 | | (a) The general assembly finds and declares the following: 2 |
|---|
| 25 | 25 | | (1) Direct-to-consumer genetic testing services are largely unregulated and could expose 3 |
|---|
| 26 | 26 | | personal and genetic information, and potentially create unintended security consequences and 4 |
|---|
| 27 | 27 | | increased risk. 5 |
|---|
| 28 | 28 | | (2) There is growing concern in the scientific community that outside parties are exploiting 6 |
|---|
| 29 | 29 | | the use of genetic data for questionable purposes, including mass surveillance and the ability to 7 |
|---|
| 30 | 30 | | track individuals without their authorization. 8 |
|---|
| 31 | 31 | | (3) Genomic data is highly distinguishable. There is a confirmation that a sequence of 30 9 |
|---|
| 32 | 32 | | to 80 single nucleotide polymorphisms could uniquely identify an individual. Genomic data is also 10 |
|---|
| 33 | 33 | | very stable. It undergoes little change over the lifetime of an individual and thus has a long-lived 11 |
|---|
| 34 | 34 | | value, as opposed to other biometric data such as blood tests, which have expiration dates. 12 |
|---|
| 35 | 35 | | (4) The potential information hidden within genomic data is cause for significant concern. 13 |
|---|
| 36 | 36 | | As our knowledge in genomics evolves, so will our view on the sensitivity of genomic data. 14 |
|---|
| 37 | 37 | | (b) Short title. This chapter shall be known, and may be cited, as the "Genetic Information 15 |
|---|
| 38 | 38 | | Privacy Act." 16 |
|---|
| 39 | 39 | | SECTION 2. Title 6 of the General Laws entitled "COMMERCIAL LAW — GENERAL 17 |
|---|
| 40 | 40 | | REGULATORY PROVISIONS" is hereby amended by adding thereto the following chapter: 18 |
|---|
| 41 | 41 | | |
|---|
| 42 | 42 | | |
|---|
| 43 | 43 | | LC000556 - Page 2 of 10 |
|---|
| 44 | 44 | | CHAPTER 61 1 |
|---|
| 45 | 45 | | GENETIC INFORMATION PRIVACY ACT 2 |
|---|
| 46 | 46 | | 6-61-1. Definitions. 3 |
|---|
| 47 | 47 | | For purposes of this chapter, the following definitions apply: 4 |
|---|
| 48 | 48 | | (1) “Affirmative authorization” means an action that demonstrates an intentional decision 5 |
|---|
| 49 | 49 | | by the consumer. 6 |
|---|
| 50 | 50 | | (2) “Biological sample” means any material part of the human, discharge therefrom, or 7 |
|---|
| 51 | 51 | | derivative thereof, such as tissue, blood, urine, or saliva, known to contain deoxyribonucleic acid 8 |
|---|
| 52 | 52 | | (DNA). 9 |
|---|
| 53 | 53 | | (3) “Consumer” means a natural person who is a Rhode Island resident. 10 |
|---|
| 54 | 54 | | (4) “Dark pattern” means a user interface designed or manipulated with the substantial 11 |
|---|
| 55 | 55 | | effect of subverting or impairing user autonomy, decision making, or choice. 12 |
|---|
| 56 | 56 | | (5) “Direct-to-consumer genetic testing company” means an entity that does any of the 13 |
|---|
| 57 | 57 | | following: 14 |
|---|
| 58 | 58 | | (i) Sells, markets, interprets, or otherwise offers consumer-initiated genetic testing 15 |
|---|
| 59 | 59 | | products or services directly to consumers. 16 |
|---|
| 60 | 60 | | (ii) Analyzes genetic data obtained from a consumer, except to the extent that the analysis 17 |
|---|
| 61 | 61 | | is performed by a person licensed in the healing arts for diagnosis or treatment of a medical 18 |
|---|
| 62 | 62 | | condition. 19 |
|---|
| 63 | 63 | | (iii) Collects, uses, maintains, or discloses genetic data collected or derived from a direct-20 |
|---|
| 64 | 64 | | to-consumer genetic testing product or service, or is directly provided by a consumer. 21 |
|---|
| 65 | 65 | | (6) “Express consent” means a consumer’s affirmative authorization to grant permission in 22 |
|---|
| 66 | 66 | | response to a clear, meaningful, and prominent notice regarding the collection, use, maintenance, 23 |
|---|
| 67 | 67 | | or disclosure of genetic data for a specific purpose. The nature of the data collection, use, 24 |
|---|
| 68 | 68 | | maintenance, or disclosure shall be conveyed in clear and prominent terms in such a manner that 25 |
|---|
| 69 | 69 | | an ordinary consumer would notice and understand it. Express consent cannot be inferred from 26 |
|---|
| 70 | 70 | | inaction. Agreement obtained through use of dark patterns does not constitute consent. 27 |
|---|
| 71 | 71 | | (7)(i) “Genetic data” means any data, regardless of its format, that results from the analysis 28 |
|---|
| 72 | 72 | | of a biological sample from a consumer, or from another element enabling equivalent information 29 |
|---|
| 73 | 73 | | to be obtained, and concerns genetic material. Genetic material includes, but is not limited to, 30 |
|---|
| 74 | 74 | | deoxyribonucleic acids (DNA), ribonucleic acids (RNA), genes, chromosomes, alleles, genomes, 31 |
|---|
| 75 | 75 | | alterations or modifications to DNA or RNA, single nucleotide polymorphisms (SNPs), 32 |
|---|
| 76 | 76 | | uninterpreted data that results from the analysis of the biological sample, and any information 33 |
|---|
| 77 | 77 | | extrapolated, derived, or inferred therefrom. 34 |
|---|
| 78 | 78 | | |
|---|
| 79 | 79 | | |
|---|
| 80 | 80 | | LC000556 - Page 3 of 10 |
|---|
| 81 | 81 | | (ii) “Genetic data” does not include deidentified data. For purposes of this subsection, 1 |
|---|
| 82 | 82 | | “deidentified data” means data that cannot be used to infer information about, or otherwise be 2 |
|---|
| 83 | 83 | | linked to, a particular individual; provided that, the business that possesses the information does all 3 |
|---|
| 84 | 84 | | of the following: 4 |
|---|
| 85 | 85 | | (A) Takes reasonable measures to ensure that the information cannot be associated with a 5 |
|---|
| 86 | 86 | | consumer or household; 6 |
|---|
| 87 | 87 | | (B) Publicly commits to maintain and use the information only in deidentified form and 7 |
|---|
| 88 | 88 | | not to attempt to reidentify the information, except that the business may attempt to reidentify the 8 |
|---|
| 89 | 89 | | information solely for the purpose of determining whether its deidentification processes satisfy the 9 |
|---|
| 90 | 90 | | requirements of this subsection; provided that, the business does not use or disclose any information 10 |
|---|
| 91 | 91 | | reidentified in this process and destroys the reidentified information upon completion of that 11 |
|---|
| 92 | 92 | | assessment; and 12 |
|---|
| 93 | 93 | | (C) Contractually obligates any recipients of the information to take reasonable measures 13 |
|---|
| 94 | 94 | | to ensure that the information cannot be associated with a consumer or household and to commit 14 |
|---|
| 95 | 95 | | to maintaining and using the information only in deidentified form and not to reidentify the 15 |
|---|
| 96 | 96 | | information; 16 |
|---|
| 97 | 97 | | (iii) “Genetic data” does not include data or a biological sample to the extent that data or a 17 |
|---|
| 98 | 98 | | biological sample is collected, used, maintained, and disclosed exclusively for scientific research 18 |
|---|
| 99 | 99 | | conducted by an investigator with an institution that holds an assurance with the United States 19 |
|---|
| 100 | 100 | | Department of Health and Human Services pursuant to Part 46 (commencing with Section 46.101) 20 |
|---|
| 101 | 101 | | of Title 45 of the Code of Federal Regulations, in compliance with all applicable federal and state 21 |
|---|
| 102 | 102 | | laws and regulations for the protection of human subjects in research including, but not limited to, 22 |
|---|
| 103 | 103 | | the Common Rule pursuant to Part 46 (commencing with Section 46.101) of Title 45 of the Code 23 |
|---|
| 104 | 104 | | of Federal Regulations, United States Food and Drug Administration regulations pursuant to Parts 24 |
|---|
| 105 | 105 | | 50 and 56 of Title 21 of the Code of Federal Regulations, and the federal Family Educational Rights 25 |
|---|
| 106 | 106 | | and Privacy Act (20 U.S.C. Sec. 1232g). 26 |
|---|
| 107 | 107 | | (8) “Genetic testing” means any laboratory test of a biological sample from a consumer for 27 |
|---|
| 108 | 108 | | the purpose of determining information concerning genetic material contained within the biological 28 |
|---|
| 109 | 109 | | sample, or any information extrapolated, derived, or inferred therefrom. 29 |
|---|
| 110 | 110 | | (9) “Person” means an individual, partnership, corporation, association, business, business 30 |
|---|
| 111 | 111 | | trust, or legal representative of an organization. 31 |
|---|
| 112 | 112 | | (10) “Service provider” means a sole proprietorship, partnership, limited liability company, 32 |
|---|
| 113 | 113 | | corporation, association, or other legal entity that is organized or operated for the profit or financial 33 |
|---|
| 114 | 114 | | benefit of its shareholders or other owners, that is involved in the collection, transportation, and 34 |
|---|
| 115 | 115 | | |
|---|
| 116 | 116 | | |
|---|
| 117 | 117 | | LC000556 - Page 4 of 10 |
|---|
| 118 | 118 | | analysis of the consumer’s biological sample or extracted genetic material on behalf of the direct-1 |
|---|
| 119 | 119 | | to-consumer genetic testing company, or on behalf of any other company that collects, uses, 2 |
|---|
| 120 | 120 | | maintains, or discloses genetic data collected or derived from a direct-to-consumer genetic testing 3 |
|---|
| 121 | 121 | | product or service, or is directly provided by a consumer, or the delivery of the results of the 4 |
|---|
| 122 | 122 | | analysis of the biological sample or genetic material. The contract between the company and the 5 |
|---|
| 123 | 123 | | service provider shall prohibit the service provider from retaining, using, or disclosing the 6 |
|---|
| 124 | 124 | | biological sample, extracted genetic material, genetic data, or any information regarding the 7 |
|---|
| 125 | 125 | | identity of the consumer, including whether that consumer has solicited or received genetic testing, 8 |
|---|
| 126 | 126 | | as applicable, for any purpose other than for the specific purpose of performing the services 9 |
|---|
| 127 | 127 | | specified in the contract for the business, including both of the following: 10 |
|---|
| 128 | 128 | | (i) A provision prohibiting the service provider from retaining, using, or disclosing the 11 |
|---|
| 129 | 129 | | biological sample, extracted genetic material, genetic data, or any information regarding the 12 |
|---|
| 130 | 130 | | identity of the consumer, including whether that consumer has solicited or received genetic testing, 13 |
|---|
| 131 | 131 | | as applicable, for a commercial purpose other than providing the services specified in the contract 14 |
|---|
| 132 | 132 | | with the business; and 15 |
|---|
| 133 | 133 | | (ii) A provision prohibiting the service provider from associating or combining the 16 |
|---|
| 134 | 134 | | biological sample, extracted genetic material, genetic data, or any information regarding the 17 |
|---|
| 135 | 135 | | identity of the consumer, including whether that consumer has solicited or received genetic testing, 18 |
|---|
| 136 | 136 | | as applicable, with information the service provider has received from or on behalf of another 19 |
|---|
| 137 | 137 | | person or persons, or has collected from its own interaction with consumers or as required by law. 20 |
|---|
| 138 | 138 | | 6-61-2. Privacy of genetic data. 21 |
|---|
| 139 | 139 | | (a) To safeguard the privacy, confidentiality, security, and integrity of a consumer’s genetic 22 |
|---|
| 140 | 140 | | data, a direct-to-consumer genetic testing company shall do both of the following: 23 |
|---|
| 141 | 141 | | (1) Provide clear and complete information regarding the company’s policies and 24 |
|---|
| 142 | 142 | | procedures for the collection, use, maintenance, and disclosure, as applicable, of genetic data by 25 |
|---|
| 143 | 143 | | making available to a consumer all of the following: 26 |
|---|
| 144 | 144 | | (i) A summary of its privacy practices, written in plain language, that includes information 27 |
|---|
| 145 | 145 | | about the company’s collection, use, maintenance, and disclosure, as applicable, of genetic data; 28 |
|---|
| 146 | 146 | | (ii) A prominent and easily accessible privacy notice that includes, at a minimum, complete 29 |
|---|
| 147 | 147 | | information about the company’s data collection, consent, use, access, disclosure, maintenance, 30 |
|---|
| 148 | 148 | | transfer, security, and retention and deletion practices, and information that clearly describes how 31 |
|---|
| 149 | 149 | | to file a complaint alleging a violation of this chapter; and 32 |
|---|
| 150 | 150 | | (iii) A notice that the consumer’s deidentified genetic or phenotypic information may be 33 |
|---|
| 151 | 151 | | shared with or disclosed to third parties for research purposes in accordance with Part 46 34 |
|---|
| 152 | 152 | | |
|---|
| 153 | 153 | | |
|---|
| 154 | 154 | | LC000556 - Page 5 of 10 |
|---|
| 155 | 155 | | (commencing with Section 46.101) of Title 45 of the Code of Federal Regulations. 1 |
|---|
| 156 | 156 | | (2) Obtain a consumer’s express consent for collection, use, and disclosure of the 2 |
|---|
| 157 | 157 | | consumer’s genetic data, including, at a minimum, separate and express consent for each of the 3 |
|---|
| 158 | 158 | | following: 4 |
|---|
| 159 | 159 | | (i) The use of the genetic data collected through the genetic testing product or service 5 |
|---|
| 160 | 160 | | offered to the consumer, including who has access to genetic data, and how genetic data may be 6 |
|---|
| 161 | 161 | | shared, and the specific purposes for which it will be collected, used, and disclosed; 7 |
|---|
| 162 | 162 | | (ii) The storage of a consumer’s biological sample after the initial testing requested by the 8 |
|---|
| 163 | 163 | | consumer has been fulfilled; 9 |
|---|
| 164 | 164 | | (iii) Each use of genetic data or the biological sample beyond the primary purpose of the 10 |
|---|
| 165 | 165 | | genetic testing or service and inherent contextual uses; 11 |
|---|
| 166 | 166 | | (iv) Each transfer or disclosure of the consumer’s genetic data or biological sample to a 12 |
|---|
| 167 | 167 | | third party other than to a service provider, including the name of the third party to which the 13 |
|---|
| 168 | 168 | | consumer’s genetic data or biological sample will be transferred or disclosed; 14 |
|---|
| 169 | 169 | | (v)(A) The marketing or facilitation of marketing to a consumer based on the consumer’s 15 |
|---|
| 170 | 170 | | genetic data or the marketing or facilitation of marketing by a third party based upon the consumer 16 |
|---|
| 171 | 171 | | having ordered, purchased, received, or used a genetic testing product or service; 17 |
|---|
| 172 | 172 | | (B) This subsection does not require a direct-to-consumer genetic testing company to 18 |
|---|
| 173 | 173 | | obtain a consumer’s express consent to market to the consumer on the company’s own website or 19 |
|---|
| 174 | 174 | | mobile application based upon the consumer having ordered, purchased, received, or used a genetic 20 |
|---|
| 175 | 175 | | testing product or service from that company if the content of the advertisement does not depend 21 |
|---|
| 176 | 176 | | upon any information specific to that consumer, except for the product or service that the consumer 22 |
|---|
| 177 | 177 | | ordered, purchased, received, or used, and the placement of the advertisement is not intended to 23 |
|---|
| 178 | 178 | | result in disparate exposure to advertising content. Nothing in this subsection alters, limits, or 24 |
|---|
| 179 | 179 | | negates the requirements of any other antidiscrimination law or targeted advertising law; 25 |
|---|
| 180 | 180 | | (C) Any advertisement of a third-party product or service presented to a consumer shall be 26 |
|---|
| 181 | 181 | | prominently labeled as advertising content and be accompanied by the name of any third party that 27 |
|---|
| 182 | 182 | | has contributed to the placement of the advertising. If applicable, the advertisement also shall 28 |
|---|
| 183 | 183 | | clearly indicate that the advertised product or service, and any associated claims, have not been 29 |
|---|
| 184 | 184 | | vetted or endorsed by the direct-to-consumer genetic testing company; 30 |
|---|
| 185 | 185 | | (D) For the purpose of this section, “third party” does not include a public or private 31 |
|---|
| 186 | 186 | | nonprofit postsecondary educational institution to the extent that the consumer’s genetic data or 32 |
|---|
| 187 | 187 | | biological sample is disclosed to a public or private nonprofit postsecondary educational institution 33 |
|---|
| 188 | 188 | | for the purpose of scientific research or educational activities as described in § 6-61-5. A company 34 |
|---|
| 189 | 189 | | |
|---|
| 190 | 190 | | |
|---|
| 191 | 191 | | LC000556 - Page 6 of 10 |
|---|
| 192 | 192 | | that is subject to the requirements described in this section shall provide effective mechanisms, 1 |
|---|
| 193 | 193 | | without any unnecessary steps, for a consumer to revoke their consent after it is given, at least one 2 |
|---|
| 194 | 194 | | of which utilizes the primary medium through which the company communicates with consumers. 3 |
|---|
| 195 | 195 | | (b) If a consumer revokes the consent that they provided pursuant to this section, the 4 |
|---|
| 196 | 196 | | company shall honor the consumer’s consent revocation as soon as practicable, but not later than 5 |
|---|
| 197 | 197 | | thirty (30) days after the individual revokes consent, in accordance with both of the following: 6 |
|---|
| 198 | 198 | | (1) Revocation of consent under this section shall comply with Part 46 of Title 45 of the 7 |
|---|
| 199 | 199 | | Code of Federal Regulations; and 8 |
|---|
| 200 | 200 | | (2) The company shall destroy a consumer’s biological sample within thirty (30) days of 9 |
|---|
| 201 | 201 | | receipt of revocation of consent to store the sample. 10 |
|---|
| 202 | 202 | | (c) The direct-to-consumer genetic testing company shall do both of the following: 11 |
|---|
| 203 | 203 | | (1) Implement and maintain reasonable security procedures and practices to protect a 12 |
|---|
| 204 | 204 | | consumer’s genetic data against unauthorized access, destruction, use, modification, or disclosure; 13 |
|---|
| 205 | 205 | | and 14 |
|---|
| 206 | 206 | | (2) Develop procedures and practices to enable a consumer to easily do any of the 15 |
|---|
| 207 | 207 | | following; 16 |
|---|
| 208 | 208 | | (i) Access the consumer’s genetic data; 17 |
|---|
| 209 | 209 | | (ii) Delete the consumer’s account and genetic data, except for genetic data that is required 18 |
|---|
| 210 | 210 | | to be retained by the company to comply with applicable legal and regulatory requirements; or 19 |
|---|
| 211 | 211 | | (iii) Have the consumer’s biological sample destroyed. 20 |
|---|
| 212 | 212 | | (d) A person or public entity shall not discriminate against a consumer because the 21 |
|---|
| 213 | 213 | | consumer exercised any of the consumer’s rights under this chapter by doing any of the following 22 |
|---|
| 214 | 214 | | including, but not limited to: 23 |
|---|
| 215 | 215 | | (1) Denying goods, services, or benefits to the customer; 24 |
|---|
| 216 | 216 | | (2) Charging different prices or rates for goods or services, including through the use of 25 |
|---|
| 217 | 217 | | discounts or other incentives or imposing penalties; 26 |
|---|
| 218 | 218 | | (3) Providing a different level or quality of goods, services, or benefits to the consumer; 27 |
|---|
| 219 | 219 | | (4) Suggesting that the consumer will receive a different price or rate for goods, services, 28 |
|---|
| 220 | 220 | | or benefits, or a different level or quality of goods, services, or benefits; 29 |
|---|
| 221 | 221 | | (5) Considering the consumer’s exercise of rights under this chapter as a basis for suspicion 30 |
|---|
| 222 | 222 | | of criminal wrongdoing or unlawful conduct. 31 |
|---|
| 223 | 223 | | (e)(1) Notwithstanding any other provision in this section, and except as provided in 32 |
|---|
| 224 | 224 | | subsection (e)(2) of this section, a direct-to-consumer genetic testing company shall not disclose a 33 |
|---|
| 225 | 225 | | consumer’s genetic data to any entity that is responsible for administering or making decisions 34 |
|---|
| 226 | 226 | | |
|---|
| 227 | 227 | | |
|---|
| 228 | 228 | | LC000556 - Page 7 of 10 |
|---|
| 229 | 229 | | regarding health insurance, life insurance, long-term care insurance, disability insurance, or 1 |
|---|
| 230 | 230 | | employment or to any entity that provides advice to an entity that is responsible for performing 2 |
|---|
| 231 | 231 | | those functions; 3 |
|---|
| 232 | 232 | | (2) A direct-to-consumer genetic testing company may disclose a consumer’s genetic data 4 |
|---|
| 233 | 233 | | or biological sample to an entity described in subsection (e)(1) of this section if all of the following 5 |
|---|
| 234 | 234 | | are true: 6 |
|---|
| 235 | 235 | | (i) The entity is not primarily engaged in administering health insurance, life insurance, 7 |
|---|
| 236 | 236 | | long-term care insurance, disability insurance, or employment; 8 |
|---|
| 237 | 237 | | (ii) The consumer’s genetic data or biological sample is not disclosed to the entity in that 9 |
|---|
| 238 | 238 | | entity’s capacity as a party that is responsible for administering, advising, or making decisions 10 |
|---|
| 239 | 239 | | regarding health insurance, life insurance, long-term care insurance, disability insurance, or 11 |
|---|
| 240 | 240 | | employment; and 12 |
|---|
| 241 | 241 | | (iii) Any agent or division of the entity that is involved in administering, advising, or 13 |
|---|
| 242 | 242 | | making decisions regarding health insurance, life insurance, long-term care insurance, disability 14 |
|---|
| 243 | 243 | | insurance, or employment is prohibited from accessing the consumer’s genetic data or biological 15 |
|---|
| 244 | 244 | | sample. 16 |
|---|
| 245 | 245 | | 6-61-3. Penalties. 17 |
|---|
| 246 | 246 | | (a) Any person who negligently violates this chapter shall be assessed a civil penalty in an 18 |
|---|
| 247 | 247 | | amount not to exceed one thousand dollars ($1,000) plus court costs, as determined by the court. 19 |
|---|
| 248 | 248 | | (b) Any person who willfully violates this chapter shall be assessed a civil penalty in an 20 |
|---|
| 249 | 249 | | amount not less than one thousand dollars ($1,000) and not more than ten thousand dollars 21 |
|---|
| 250 | 250 | | ($10,000) plus court costs, as determined by the court. 22 |
|---|
| 251 | 251 | | (c) Actions for relief pursuant to this chapter shall be prosecuted exclusively in a court of 23 |
|---|
| 252 | 252 | | competent jurisdiction by the attorney general. 24 |
|---|
| 253 | 253 | | (d) Court costs recovered pursuant to this section shall be paid to the party or parties that 25 |
|---|
| 254 | 254 | | prosecuted the violation. Penalties recovered pursuant to this section shall be paid to the individual 26 |
|---|
| 255 | 255 | | to whom the genetic data at issue pertains. 27 |
|---|
| 256 | 256 | | (e) Any provision of a contract or agreement between a consumer and a person governed 28 |
|---|
| 257 | 257 | | by this chapter that has, or would have, the effect of delaying or limiting access to a legal remedy 29 |
|---|
| 258 | 258 | | for a violation of this chapter shall not apply to the exercise of rights or enforcement pursuant to 30 |
|---|
| 259 | 259 | | this chapter. 31 |
|---|
| 260 | 260 | | (f) Each violation of this chapter is a separate and actionable violation. 32 |
|---|
| 261 | 261 | | 6-61-4. Conflicts of law. 33 |
|---|
| 262 | 262 | | (a) The provisions of this chapter shall not reduce a direct-to-consumer genetic testing 34 |
|---|
| 263 | 263 | | |
|---|
| 264 | 264 | | |
|---|
| 265 | 265 | | LC000556 - Page 8 of 10 |
|---|
| 266 | 266 | | company’s duties, obligations, requirements, or standards under any applicable state and federal 1 |
|---|
| 267 | 267 | | laws for the protection of privacy and security. 2 |
|---|
| 268 | 268 | | (b) In the event of a conflict between the provisions of this chapter and any other law, the 3 |
|---|
| 269 | 269 | | provisions of the law that afford the greatest protection for the right of privacy for consumers shall 4 |
|---|
| 270 | 270 | | control. 5 |
|---|
| 271 | 271 | | 6-61-5. Exclusions. 6 |
|---|
| 272 | 272 | | (a) This chapter shall not apply to any of the following: 7 |
|---|
| 273 | 273 | | (1) Medical information governed by chapter 37.3 of title 5, (“confidentiality of medical 8 |
|---|
| 274 | 274 | | information act”) or to protected health information that is collected, maintained, used, or disclosed 9 |
|---|
| 275 | 275 | | by a covered entity or business associate governed by the privacy, security, and breach notification 10 |
|---|
| 276 | 276 | | rules issued by the United States Department of Health and Human Services, Parts 160 and 164 of 11 |
|---|
| 277 | 277 | | Title 45 of the Code of Federal Regulations established pursuant to the federal Health Insurance 12 |
|---|
| 278 | 278 | | Portability and Accountability Act of 1996 (Public Law 104-191) and the federal Health 13 |
|---|
| 279 | 279 | | Information Technology for Economic and Clinical Health Act (Public Law 111-5); 14 |
|---|
| 280 | 280 | | (2) A provider of health care governed by chapter 37.3 of title 5, or a covered entity 15 |
|---|
| 281 | 281 | | governed by the privacy, security, and breach notification rules issued by the United States 16 |
|---|
| 282 | 282 | | Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of Federal 17 |
|---|
| 283 | 283 | | Regulations, established pursuant to the Health Insurance Portability and Accountability Act of 18 |
|---|
| 284 | 284 | | 1996 (Public Law 104-191) and the federal Health Information Technology for Economic and 19 |
|---|
| 285 | 285 | | Clinical Health Act, Title XIII of the federal American Recovery and Reinvestment Act of 2009 20 |
|---|
| 286 | 286 | | (Public Law 111-5), to the extent that the provider or covered entity maintains, uses, and discloses 21 |
|---|
| 287 | 287 | | genetic information in the same manner as medical information or protected health information, as 22 |
|---|
| 288 | 288 | | described in subsection (a)(1) of this section; 23 |
|---|
| 289 | 289 | | (3) A business associate of a covered entity governed by the privacy, security, and data 24 |
|---|
| 290 | 290 | | breach notification rules issued by the United States Department of Health and Human Services, 25 |
|---|
| 291 | 291 | | Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the federal 26 |
|---|
| 292 | 292 | | Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) and the federal 27 |
|---|
| 293 | 293 | | Health Information Technology for Economic and Clinical Health Act, Title XIII of the federal 28 |
|---|
| 294 | 294 | | American Recovery and Reinvestment Act of 2009 (Public Law 111-5), to the extent that the 29 |
|---|
| 295 | 295 | | business associate maintains, uses, and discloses genetic information in the same manner as medical 30 |
|---|
| 296 | 296 | | information or protected health information, as described in subsection (a)(1) of this section; 31 |
|---|
| 297 | 297 | | (4) Scientific research or educational activities conducted by a public or private nonprofit 32 |
|---|
| 298 | 298 | | postsecondary educational institution that holds an assurance with the United States Department of 33 |
|---|
| 299 | 299 | | Health and Human Services pursuant to Part 46 of Title 45 of the Code of Federal Regulations, to 34 |
|---|
| 300 | 300 | | |
|---|
| 301 | 301 | | |
|---|
| 302 | 302 | | LC000556 - Page 9 of 10 |
|---|
| 303 | 303 | | the extent that the scientific research and educational activities conducted by that institution comply 1 |
|---|
| 304 | 304 | | with all applicable federal and state laws and regulations for the protection of human subjects in 2 |
|---|
| 305 | 305 | | research including, but not limited to, the Common Rule pursuant to Part 46 (commencing with 3 |
|---|
| 306 | 306 | | Section 46.101) of Title 45 of the Code of Federal Regulations, United States Food and Drug 4 |
|---|
| 307 | 307 | | Administration regulations pursuant to Parts 50 and 56 of Title 21 of the Code of Federal 5 |
|---|
| 308 | 308 | | Regulations, the federal Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g); 6 |
|---|
| 309 | 309 | | (5) The provisions of the newborn screening program pursuant to § 23-13-14; 7 |
|---|
| 310 | 310 | | (6) Tests conducted exclusively to diagnose whether an individual has a specific disease, 8 |
|---|
| 311 | 311 | | to the extent that all persons involved in the conduct of the test maintain, use, and disclose genetic 9 |
|---|
| 312 | 312 | | information in the same manner as medical information or protected health information, as 10 |
|---|
| 313 | 313 | | described in subsection (a)(1) of this section; or 11 |
|---|
| 314 | 314 | | (7) Genetic data used or maintained by an employer, or disclosed by an employee to an 12 |
|---|
| 315 | 315 | | employer, to the extent that the use, maintenance, or disclosure of that data is necessary to comply 13 |
|---|
| 316 | 316 | | with a local, state, or federal workplace health and safety ordinance, law, or regulation. 14 |
|---|
| 317 | 317 | | (b) Nothing in this chapter shall be construed to affect access to information made available 15 |
|---|
| 318 | 318 | | to the public by the consumer. 16 |
|---|
| 319 | 319 | | 6-61-6. Severability. 17 |
|---|
| 320 | 320 | | The provisions of this chapter are severable. If any provision of this chapter or its 18 |
|---|
| 321 | 321 | | application is held invalid, that invalidity shall not affect other provisions or applications that can 19 |
|---|
| 322 | 322 | | be given effect without the invalid provision or application. 20 |
|---|
| 323 | 323 | | SECTION 3. This act shall take effect upon passage. 21 |
|---|
| 324 | 324 | | ======== |
|---|
| 325 | 325 | | LC000556 |
|---|
| 326 | 326 | | ======== |
|---|
| 327 | 327 | | |
|---|
| 328 | 328 | | |
|---|
| 329 | 329 | | LC000556 - Page 10 of 10 |
|---|
| 330 | 330 | | EXPLANATION |
|---|
| 331 | 331 | | BY THE LEGISLATIVE COUNCIL |
|---|
| 332 | 332 | | OF |
|---|
| 333 | 333 | | A N A C T |
|---|
| 334 | 334 | | RELATING TO COMMERCI AL LAW--GENERAL REGULATORY PROVISIONS -- |
|---|
| 335 | 335 | | GENETIC INFORMATION PRIVACY ACT |
|---|
| 336 | 336 | | *** |
|---|
| 337 | 337 | | This act would establish the Genetic Information Privacy Act, which would require a 1 |
|---|
| 338 | 338 | | direct-to-consumer genetic testing company, as defined, to provide a consumer with certain 2 |
|---|
| 339 | 339 | | information regarding the company’s policies and procedures for the collection, use, maintenance, 3 |
|---|
| 340 | 340 | | and disclosure, as applicable, of genetic data, and to obtain a consumer’s express consent for 4 |
|---|
| 341 | 341 | | collection, use, or disclosure of the consumer’s genetic data, as specified. 5 |
|---|
| 342 | 342 | | This act would take effect upon passage. 6 |
|---|
| 343 | 343 | | ======== |
|---|
| 344 | 344 | | LC000556 |
|---|
| 345 | 345 | | ======== |
|---|
| 346 | 346 | | |
|---|