For two years, employers have been waiting for federal regulators to clarify just what the Genetic Information Nondiscrimination Act means for them. Now that wait is over.
But while newly issued GINA regulations provide some long anticipated guidance, questions remain.
The statute amended federal civil rights and employment laws to prohibit employers from firing, refusing to hire or otherwise discriminating against employees based on genetic information.
Since the act became law in 2008, company human resources managers and employment lawyers have had questions about its application.
Regulations designed to give guidance on the law’s requirements and prohibitions have been delayed repeatedly over the course of two years as the Equal Employment Opportunity Commission sought input from stakeholders, leaving employers and their attorneys guessing exactly what types of activities are prohibited, and how broad the law’s exceptions are.
Those regulations and other guidance materials were finally released by the EEOC in December.
Attorneys said that the final guidance is helpful and an improvement on the proposed version.
“The initial draft regulations were fairly detailed, but they were also fairly confusing because they lacked explanatory guidance,” said Dan Vorhaus, an attorney in the Charlotte office of Robinson Bradshaw & Hinson and editor of the Genomics Law Report, the firm’s online publication.
By contrast, he said, the final guidance is complete with explanations and a question-and-answer supplement aimed at giving small businesses concrete examples of just what is and is not allowed.
But some uncertainty remains.
“Where the confusion may lie, and where some clarity may be needed, is defining exactly what constitutes genetic information,” said Brian D. Hall, an attorney in the Columbus, Ohio, office of Porter Wright and editor of the firm’s blog, Employer Law Report.
He said that the EEOC intended that definition to be broad, to include not only tests that determine whether an individual is predisposed to certain types of ailments, but also information such as family medical history.
The guidance attempts to clarify this definition by providing examples to explain what’s covered, such as noting that DNA tests fall within the definition, but other medical tests — including HIV tests, cholesterol tests and tests to determine presence of drugs or alcohol — do not.
The rule’s exceptions
A key component of the new guidance is the explanation of the following six exceptions to the rule:
• Inadvertent acquisition of genetic information;
• Health or genetic information voluntarily submitted for services such as a wellness program;
• Family medical information submitted in accordance with the Family and Medical Leave Act;
• Information from public sources;
• Genetic monitoring that is either voluntarily submitted or required by law; and
• DNA testing for law enforcement purposes.
Some confusion still remains about some of those exceptions.
For example, while the regulations clearly set out an exception for the inadvertent acquisition of genetic information by an employer, they are unclear about what employers should do if they do acquire genetic information accidentally.
It would be hard to “un-see” something that has already been seen, so employers should focus on what the law is designed to prevent — the use of the information.
“You can make sure that the information that was inadvertently obtained remains confidential,” Hall said. “Make sure it is not disclosed beyond what is admissible under GINA.”
One useful clarification responds to companies’ concerns about whether information obtained on social networking websites like Facebook would trigger the law. According to the final regulations, inadvertent acquisition of genetic information online — such as photographs from a cancer benefit in honor of an employee’s family member posted on a Twitter feed — falls within the exception.
But that doesn’t mean an employer can search social media websites for the purpose of finding genetic information. That is prohibited.
“The guidance mentions Facebook by name,” Vorhaus said. “[EEOC officials] do deserve credit for the way they have [explained] it. I think it’s pretty clear.”
Better safe harbor than sorry
If questions remain after reading the guidance, the best approach for employers is to do what is required under existing laws — and also use some common sense.
For example, the Americans with Disabilities Act requires employers to keep employees’ medical data in their own files, separate from the employees’ work files.
The guidance provides sample safe harbor language that can be used on information requests, such as requests for medical records or testing requests to physicians.
“Employers ought to be including the safe harbor language in the model notice in all requests for medical records,” Hall said.
That language not only shows that the company was taking precautions to guard against inadvertent disclosure of covered information, but also puts doctors on notice that such information should be withheld.
However, the safe harbor language is not fool-proof.
“By including the safe harbor language, you hopefully [prevent] the doctor from providing you with genetic information or family history,” Hall said. “But I think in reality, the doctor is not going to go through the records and redact everything” that is prohibited.
As insurance, all employees and managers should also be educated about the law and its restrictions.
“You definitely want to train your employees and management as best you can in terms of what they can and cannot do,” Hall said.