Covid-19 at home tests

Poor privacy policies could discourage some people from using them.

The primary federal legal regime protect­ing health data in the United States is HIPAA, which sets national standards for privacy policies for the protection of some personal health information.

Whether HIPAA applies to an at-home Covid-19 test depends on two factors: whether the test provider is considered a covered entity and whether the information collected falls within the scope of protected health information.

February 2022

At home fast testing​

at home fast testing

While the distribution of the Covid-19 vaccines continues, it’s not clear if the virus will create new variants and if we will need multiple covid-19 booster. It will be some time before life will resume as normal.

In the meantime, easy, reliable, and fast testing will play a critical role in stop­ping the spread of the disease, allowing both individuals and authorities to take appropriate measures.

Covid-19 at-home test kits are designed so that nasal or saliva samples can be collected by a customer outside of a medical setting and sent to a laboratory for analysis.

As a condition of the FDA’s authorization, the testing company required to develop a mobile app or website to further facilitate reporting of results by both healthcare providers and individuals using the test.

You may also like Travel Advice  

legal protection

At-home test providers and the laboratories with which they partner can collect personal and health data on their customers through several channels, including through an initial online symptom survey, purchase information, customer interactions with provider websites or apps, and test results.

Legal protections: HIPAA and FDA authorization

The primary federal legal regime protect­ing health data in the United States is HIPAA, which sets national standards for the protection of some personal health information.

Whether HIPAA applies to an at-home Covid-19 test depends on two factors: whether the test provider is considered a covered entity and whether the information collected falls within the scope of protected health information.

Covered entities include health care providers who transmit health information electronically, while protected health information refers to individually identifiable health data.

Pcr test 1
Easily test for SARS-CoV-2 infection. Collect your sample at home with a certified clinical tester who will hand deliver it to our CLIA certified lab partner. Receive secure digital results in as little as the SAME DAY.

HIPAA restrictions

While these providers would likely still be subject to hipaa restrictions as “business associates” of the labs, not being a covered entity could open the door to their using information in ways customers may not expect or explicitly agree to — for marketing, product development, or other purposes. ​

While these providers would likely still be subject to HIPAA restrictions as “business associates” of the labs, not being a covered entity could open the door to their using information in ways customers may not expect or explicitly agree to — for marketing, product development, or other purposes.

To the extent at-home kits are eventually used in ways more akin to a pregnancy test, meaning they are available for customers to purchase off-the-shelf with results never handled by the test provider, the provider would likely fall completely outside the scope of HIPAA protections.

Privacy policy states that the company may use customer data if it “believe[s] in good faith that such use is other­wise necessary or advisable.

Data protection

Beyond HIPAA, while a customer may expect the FDA to consider the privacy protections of a test before granting an emergency authorization, data privacy is not listed as one of the criteria considered for authorization, meaning that FDA authorization guarantees little about a provider’s privacy practices.

As some health providers explicitly states in its privacy policy, this data might include the groups the customer is associated with on social media or a list of friends who did not consent to their names being shared.

Privacy policy states that the company may use customer data if it “believe[s] in good faith that such use is other­wise necessary or advisable.

By disclos­ing customer data to third parties for commercial use, and provid­ing little transparency into what data is shared and with whom, test providers make it more likely that sensitive data could be leaked, used to discriminate, or sold by data brokers without over­sight or consent.

Fight­ing the pandemic effect­ively Ultimately, at-home Covid-19 test­ing remains a valu­able option to keep testing rates up, particularly since travel and rates of Covid-19 cases increased during the holidays and drop-in test­ing can take hours.

Want the quality of the PCR test done from the comfort of your home?  

Leave a Reply

Your email address will not be published.