I believe under HIPAA, you have the right to access any of your medical data. If you really want your data, I would get a lawyer to write a nasty letter to them demanding it.
As usual when HIPAA is brought up, you're wrong. HIPAA is the most misunderstood law in America.
Hint, the "I" in HIPAA stands for "insurance." A general rule - if an insurance company isn't involved HIPAA doesn't apply. HIPAA is a law that regulates insurance companies and entities that deal directly with insurance companies, not "medical data."
> A general rule - if an insurance company isn't involved HIPAA doesn't apply.
Not exactly. If you go to most any healthcare provider, and pay out-of-pocket, HIPAA still applies. More accurately, HIPAA applies to any healthcare providers who transmits any health information in electronic form in connection with a transaction covered by 45 C.F.R. ยง160.103. Or in other words, basically every healthcare provider is also a covered entity, unless they're completely 100% cash only and don't take insurance for anyone ever. Do these even exist?
Although, still 23andMe wouldn't be covered because they're not providing healthcare services.
>basically every healthcare provider is also a covered entity, unless they're completely 100% cash only and don't take insurance for anyone ever.
This is correct - I should have been more specific. If a business doesn't take insurance then HIPAA doesn't apply. Not that insurance isn't involved in a specific transaction. I've edited my GP comment to be more specific.
https://lawforbusiness.usc.edu/direct-to-consumer-generic-te...