Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Kentucky · Chapter 311 — Physicians, osteopaths, podiatrists, and related medical practitioners

311.705 Genetic testing -- Guidelines for collection and use of genetic data.

1,041 words·~5 min read·/ky/chapter-311/311-705

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(1)As used in this section:
(a)"Biological sample" means any material part of the human, discharge
therefrom, or derivative thereof, such as tissue, blood, urine, or saliva, known
to contain deoxyribonucleic acid (DNA);
(b)"Consumer" means an individual who is a resident of the state;
(c)1. "Direct-to-consumer genetic testing company" means an entity that:
a. Offers genetic testing products or services directly to a consumer;
or
b. Collects, uses, or analyzes genetic data that resulted from a direct-
to-consumer genetic testing product or service and was provided to
the company by a consumer.
2. "Direct-to-consumer genetic testing company" does not include any
entity only when they are engaged in collecting, using, or analyzing
genetic data or biological samples in the context of research, as defined
in 45 C.F.R. sec. 164.501, conducted in accordance with the Federal
Policy for the Protection of Human Subjects, 45 C.F.R. pt. 46, the Good
Clinical Practice Guideline issued by the International Council for
Harmonisation, or the United States Food and Drug Administration
Policy for the Protection of Human Subjects under 21 C.F.R. pts. 50 and
56;
(d)"Express consent" means a consumer's affirmative response, or the affirmative
response of a consumer's legal guardian, attorney-in-fact, health care
surrogate, or authorized representative, to a clear, meaningful, and prominent
notice regarding the collection, use, or disclosure of genetic data for a specific
purpose;
(e)1. "Genetic data" means any data, regardless of its format, that concerns a
consumer's genetic characteristics and includes but is not limited to:
a. Raw sequence data that result from a sequencing of a consumer's
complete extracted or a portion of the extracted DNA;
b. Genotypic and phenotypic information that results from analyzing
the raw sequence data; and
c. Self-reported health information that a consumer submits to a
company regarding the consumer's health conditions and that is
used for scientific research or product development and analyzed
in connection with the consumer's raw sequence data.
2. "Genetic data" does not include de-identified data;
(f)"Genetic testing" means any laboratory test of a consumer's complete DNA,
regions of DNA, chromosomes, genes, or gene products to determine the
presence of genetic characteristics of a consumer; and
(g)"Person" has the same meaning as KRS 446.010.
(2)To safeguard the privacy, confidentiality, security, and integrity of a consumer’s genetic data, a direct-to-consumer genetic testing company shall:
(a)Provide clear and complete information regarding the company’s policies and
procedures for collection, use, or disclosure of genetic data by making
available to a consumer:
1. A high-level privacy policy overview that includes basic, essential
information about the company’s collection, use, or disclosure of genetic
data; and
2. A prominent, publicly available privacy notice that includes, at a
minimum, information about the company’s data collection, consent,
use, access, disclosure, transfer, security, and retention and deletion
practices;
(b)Obtain a consumer’s consent for collection, use, or disclosure of the
consumer’s genetic data including, at a minimum:
1. Initial express consent that clearly describes the uses of the genetic data
collected through the genetic testing product or service, and specifies
who has access to test results and how the genetic data may be shared;
2. Separate express consent for transferring or disclosing the consumer’s
genetic data to any person other than the company’s vendors and service
providers, or for using genetic data beyond the primary purpose of the
genetic testing product or service and inherent contextual uses;
3. Separate express consent for the retention of any biological sample
provided by the consumer following completion of the initial testing
service requested by the consumer;
4. Informed consent in compliance with the Federal Policy for the
Protection of Human Subjects, 45 C.F.R. pt. 46, for transfer or
disclosure of the consumer’s genetic data to third party persons for
research purposes or research conducted under the control of the
company for the purpose of publication or generalizable knowledge; and
5. a. Express consent for marketing to a consumer based on the
consumer’s genetic data; or for marketing by a third party person
to a consumer based on the consumer having ordered or purchased
a genetic testing product or service.
b. Marketing does not include the provision of customized content or
offers on the Web sites or through the applications or services
provided by the direct-to-consumer genetic testing company with
the first-party relationship to the customer;
(c)Require valid legal process for disclosing genetic data to law enforcement or
any other government agency without a consumer’s express written consent;
(d)Develop, implement, and maintain a comprehensive security program to
protect a consumer’s genetic data against unauthorized access, use, or
disclosure; and
(e)Provide a process for a consumer to:
1. Access the consumer’s genetic data;
2. Delete the consumer’s account and genetic data; and
3. Request and obtain the destruction of the consumer’s biological sample.
(3)Notwithstanding any other provisions in this section, a direct-to-consumer genetic
testing company may not disclose a consumer’s genetic data to any entity offering
health insurance, life insurance, or long-term care insurance, or to any employer of
the consumer without the consumer’s written consent.
(4)The Attorney General may bring an action in the name of the Commonwealth, or as
parens patriae on behalf of consumers, to enforce this section. In any action brought
by the Attorney General to enforce this section, a violation of this section is subject
to a civil penalty of the following:
(a)Two thousand five hundred dollars ($2,500) for each violation of this section;
(b)The recovery of actual damages incurred by consumers on whose behalf the
action was brought; and
(c)Costs and expenses incurred by the office of the Attorney General.
(5)The disclosure of genetic data pursuant to this section shall comply with all state
and federal laws for the protection of privacy and security. This section shall not
apply to protected health information that is collected by a covered entity or
business associate governed by the privacy, security, and breach notification rules
issued by the United States Department of Health and Human Services, 45 C.F.R.
pts. 160 and 164, established pursuant to the federal Health Insurance Portability
and Accountability Act of 1996, Pub. L. No. 104-191, and the federal Health
Information Technology for Economic and Clinical Health Act, Pub. L. No. 111-5.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.