Reprinted from REPORT ON PATIENT PRIVACY, the industry’s most practical source of news on HIPAA patient privacy provisions.
To catch the notorious “BTK” killer, police collected the DNA of more than 1,300 men. In the end, it was the DNA of just one person — a woman, his daughter — that led to the arrest of the man and his subsequent confession.
Without her knowledge or consent, the woman’s medical providers gave her DNA, collected years earlier during a gynecological screening test, to the police. Investigators then were able to make a close enough match to DNA found at crime scenes to identify the man as the killer of 10 people.
DNA is considered protected health information (PHI) under the privacy rule. Yet, as with many aspects of the privacy rule, its treatment of DNA is complicated, and interpretations are being challenged by new developments in investigative techniques, such as the use of a family member’s DNA.
Read more at AIS Health