Protecting Your Data: What You Need to Know

By Juanita Rogers

In today’s digital world, data privacy is more important than ever. Recent discussions in the healthcare and technology sectors highlight growing concerns about data security and privacy. With information being shared and stored online, each of us must be aware of the risks and how we can safeguard our personal data. An article published in the New England Journal of Medicine (NEJM) in March 2025 sheds light on the significant challenges surrounding data privacy and what needs to be done to protect sensitive personal information.

The article mentions direct-to-consumer (DTC) genetic testing companies, including 23andMe, AncestryDNA and MyHeritage. These companies sell kits to provide consumer ancestry and genetic information, which is typically taken from a saliva sample. However, DTC genetic testing is just one type of genetic testing, and it often evaluates a limited number of genes. It does not involve a healthcare provider who orders the test or comprehensively reviews findings with the consumer. As DTC companies gain popularity and the number of consumers who provide their data increases, potential risks related to data privacy and protection become increasingly important.

Key Insights from the NEJM Article on Data Privacy

The NEJM article emphasizes the pressing need for stronger data protection in various sectors, particularly healthcare, where sensitive personal information is at risk. The article emphasizes that information collected as a part of direct-to-consumer tests, like 23andMe, is not protected in the same way that personal health information is protected under the Health Insurance Portability and Accountability Act (HIPAA).

The article also outlines how recent data breaches, misuse and mismanagement have underscored vulnerabilities in current systems. While significant progress, such as HIPAA in healthcare, has been made to enforce privacy regulations, remaining gaps in fully protecting individuals’ private data leave personal and health information exposed to potential misuse.

The article highlights potential outcomes and reminds readers of the importance of transparency from organizations in how they collect, store and share personal data. As consumers become more aware of their rights, demand is increasing for businesses and institutions to uphold data privacy standards and ensure that individuals have control over their own information.

Since the NEJM article was published, 23andMe has declared bankruptcy. This situation leads to a crucial question: What happens to the extensive database of consumer information that a company like 23andMe maintains when it goes bankrupt?

After bankruptcy, the personal data 23andMe collected from customers can be sold, and consumers may have limited control over how their information is used. 23andMe maintains that users can delete their account information and associated data by following the steps listed on their website.

Current Protections for Health and Privacy

As part of FORCE’s commitment to keeping the hereditary cancer community informed, it is important to highlight two significant federal laws— GINA and HIPAA—that protect your health information and prevent discrimination. 

GINA (Genetic Information Nondiscrimination Act)
GINA is a federal law designed to protect individuals from discrimination based on their genetic information. Passed in 2008, GINA ensures that employers and health insurers cannot make decisions about hiring, firing, promotions or providing health insurance based on genetic predispositions to certain conditions. This includes the results of genetic tests or family health history. GINA plays a vital role in encouraging people to seek genetic testing without fear of discrimination.

It is important to note that GINA does not apply to life, long-term care or disability insurers. This federal law has additional exceptions, which you can review on the FORCE’s “GINA Overview” webpage  and on the GINA website.

HIPAA (Health Insurance Portability and Accountability Act)
HIPAA provides nationwide protection for the privacy and security of individuals’ health information. Enacted in 1996, HIPAA governs how healthcare providers, insurers and other entities handle personal health data, ensuring that your information is kept confidential and secure. It grants you rights over your medical records and mandates strict safeguards to protect your health data from unauthorized access. HIPAA also includes provisions for portability, helping individuals maintain their health insurance coverage even when changing jobs.

HIPAA protects different types of data, including medical records, health insurance details and treatment information.

What FORCE is Doing to Address the Issue

Maintaining data privacy and fighting genetic discrimination is a top priority for FORCE. In recent years, our Public Policy Team has engaged in state advocacy, spearheading efforts to ban the use of genetic information in life, long-term care and disability insurance underwriting and premium decisions. Currently, only Florida bans the use of genetic information in life, long-term care, and disability insurance. Other states have fewer comprehensive laws. With the growing use of genetic testing to assess the risk of numerous diseases (such as ALS, Parkinson’s Disease and cardiovascular conditions) and concerns about data privacy, FORCE is launching a work group to explore legislative options to strengthen HIPAA and GINA.

What You Can Do to Protect Your Data

While organizations must do their part in securing data, you have a responsibility to safeguard your personal information. Here are some steps you can take:

1. Be Cautious about what You Share—Think twice before sharing personal information online, especially on social media or unsecured websites.
2. Stay Informed about Data Breaches—Subscribe to notifications or services that alert you if a breach involving your personal information occurs.
3. Review Privacy Policies—Take the time to understand how companies handle your data. If you’re not comfortable with their policies, consider finding alternatives, and know that you are not required to provide your data if you are not comfortable doing so.

Looking Ahead and Staying Involved

FORCE is committed to keeping you informed, and this blog aims to provide you with valuable insight into the current state of data privacy. Our Public Policy Team is actively working to continue raising awareness and help strengthen data protection for the hereditary cancer community. We encourage you to review our 2025 Advocacy Priorities and to consider getting involved in the following ways:

• Send a message to your lawmakers about important issues for those with hereditary cancer.
• Register to participate in FORCE’s Advocacy Day, a virtual event on June 12, 2025.
• Become a Patient Advocate Leader (PAL).
• Stay informed about public policy initiatives that impact the hereditary cancer community:

  • State policy initiatives
  • Federal policy initiatives

Look for follow-up articles in the coming months to learn about the latest developments and how you can stay proactive about your data security.

Juanita Rogers is Vice President of Health Education & Communication at FORCE. She has a background in public health and lives in the Washington, DC area. Juanita is passionate about empowering patients and families through health education and supporting the needs of the hereditary cancer community.