Laws generally encompass information gathered by public heath agencies

Some states have reformed their laws to protect all information that the government collects, including communicable disease data, under a single statute.
A small number of states have adopted legislation based upon a model statute for protecting and disclosing public health data.53
In most states, however, the statutes are decades old and reflect changes neither in disease nor record-keeping technology.45 Responsible public health practices in health departments make flaws in privacy law largely a matter of theoretical concern, but reform of public health privacy laws is nevertheless an important element of an effective response to the social risk of disease.

Having recognized that the greatest risk of breach of privacy probably comes from the original collector of the data, or the insurer or employer who acquires access a payer for health care, we have to address the broader issue of medical records privacy as it applies to genetic information. It is useful to think of a genetic information infrastructure, defined as the basic, underlying framework of collection, storage, use, and transmission of genomic information (including human tissue and extracted DNA) to support all essential functions in genetic research, diagnosis, treatment, and reproductive counseling.

Despite the technical problems and the cost, several governmental and private committees have proposed automation of health data, including genomic information.

Several conceptual and technological innovations are likely to accelerate the pace of automation of health records: patient-based longitudinal clinical records which include genetic testing and screening information; unique identifiers and the potential to link genomic information to identifiable persons; and genetic data bases for clinical, research, and public health purposes.

No matter how effective the protection of public health data, the threat of social harm arising from genetic information will depend to a considerable degree on the protection of privacy in non-public medical and insurance records.

Few states provide comprehensive protection to health care records.55 Several states have passed specific genetic privacy legislation that dramatically restricts disclosure of and access to genetic information without the informed consent of the subject.

The informed consent requirements generally apply to the conduct of a genetic test in a clinical setting. Some of the statutes further extend the informed consent requirements to any subsequent release of the information, unless covered by a statutory exception, and so in some cases could be read to prohibit reporting for public health purposes.62 63 Some of these laws include a specific prohibition on discriminatory uses of the information.21 Some include restrictions and requirements on retention, disclosure, and notice.63 Some require destruction of biological samples and test results after a set amount of time, at the completion of a project or at the request of the individual.

Common exceptions may include the release and retention of data used in anonymous research, genetic testing conducted pursuant to newborn screening requirements, law enforcement, and paternity testing.