I sense a lawsuit incoming that could lead to a supreme court decision on the basis of this being medical data, who actually owns that data? It really isn’t 23andme’s dna to sell to the highest bidder, it’s the customer’s protected health data, and would fall under HIPAA.
> reverse the ban on using the data for health insurance
Right now, health "insurance" is transparently a subsidy scheme where the healthy subsidize the unhealthy. I wonder, if "insurance" companies were allowed to operate as actual actuarial net-neutral-EV honest-to-god insurance companies again, which political coalition would get net savings? I could see it going either way. Conceivably, the efficiency gains from having actual insurance again would result in net-positive EV for both sides.
23andMe doesn't fall under HIPAA at all. HIPAA is scoped to only cover specific entities. Once someone sells/gives your PHI to a non-HIPAA entity, then it's no longer private at all. There are usually disclaimers and warnings about this from providers when you release such things.
This is because HIPAA isn't designed to protect your privacy or your data but it's designed to protect the providers and insurance carriers. It's covering their legal asses and maximizing difficulty for everyone else to access information about what they've done to you. It's about protecting their investment.
If HIPAA were designed to protect your privacy, then HIPAA would apply to your data or you personally, rather than the narrow scope of regulated entities.
