Genetic Information and Employee Privacy

Employers Face New Area of Potential Liability in Genetic Information Privacy Claims

by Thomas Lidbury, Kristina Wright, and Zachary Zagger

at Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

Employers are facing new potential legal risks under the federal Genetic Information Nondiscrimination Act of 2008 (GINA) and the Illinois Genetic Information Privacy Act (GIPA) over inquiries in routine employment physicals in what could be the next battleground for employers over technical requirements of privacy legislation.

Quick Hits

• A new area of claims against employers that inquiries in employment physicals violate state and federal laws protecting the privacy of genetic information is raising new concerns for employers.
• Employers that require physicals may want to consider reviewing their policies and practices to clarify what information is, and is not, required.

Employers are facing a spike in class actions under GINA and GIPA alleging that simple questions during pre-employment physicals or fitness for duty examinations that even indirectly ask about family medical histories are unlawful attempts to solicit and collect genetic information, which could allegedly be used to make employment decisions.

Both GINA and GIPA are more than a decade old and are meant to protect the growth of popular genetic testing services used by individuals to learn about their genetic predispositions and ancestry. But the new claims against employers are creating additional potential legal risks for employers, reminiscent of the wave of claims in recent years against employers for technical violations of Illinois’s Biometric Information Privacy Act (BIPA or Privacy Act).

While it is not clear whether such claims will ultimately prevail in the courts, employers may want to be keep an eye on this new area of potential liability and may want to consider steps to mitigate risk under GINA, GIPA, and/or other federal and state laws that prohibit the collection and use of genetic information.

GINA and GIPA

Both GINA and GIPA prohibit employers and other covered entities from requesting or requiring genetic information of an individual or family member of the individual. Specifically, the employment provisions of GINA (Title II) prohibit employers from discriminating against applicants and employees based on their genetic information or the genetic information of their family members.

GIPA (410 Illinois Compiled Statute 513), which was passed in 1998 and later amended in 2008 to align it with GINA, provides that genetic testing information is “confidential and privileged” and prohibits requiring as a condition of employment that applicants or employees provide genetic information.

GINA and GIPA define “genetic information” the same as in the Health Insurance Portability and Accountability Act (HIPAA), to include an “individual’s genetic tests,” “the genetic tests of family members,” and notably, “the manifestation of a disease or disorder in family members.”

Further, both laws allow aggrieved parties to collect damages. GINA allows for compensatory and punitive damages. Much like BIPA, GIPA allows the collection of actual damages or per violation damages ($2,500 per negligent violations and $15,000 for intentional or reckless violations), whichever is greater.

Recent Developments

GIPA sat mostly dormant until a recent blitz of lawsuits against employers that require applicants or employees to undergo pre-employment physicals to establish they are medically qualified, or return to duty examinations. The theory behind the lawsuits is that a GIPA violation occurs if the doctor asks for family medical history and the employer did not affirmatively advise that providing such information is not a job requirement. This theory argues that it makes no difference that genetic information is not actually needed or required for the limited purpose of the physicals, nor reported to the employer. This is an untested theory that the courts will have to resolve. If it is resolved against employers then the exposure could be very substantial because the statutory damages are much like those under BIPA.

These lawsuits may have been spurred by the 2022 Illinois federal court decision in Bridges v. The Blackstone Group in which a judge for the U.S. District Court for the Southern District of Illinois ruled that an “aggrieved” party under GIPA “may seek redress against any ‘offending party’ who compels the disclosure of their personal data, whether that ‘offending party’ compels the data directly from [p]laintiffs or from a non-party in possession of their data.” The district court’s opinion was affirmed in May 2023 by the U.S. Court of Appeals for the Seventh Circuit.

Additionally, the U.S. Equal Employment Opportunity Commission (EEOC) has focused enforcement on pre-employment medical exams and family medical history inquiries under genetic information privacy rights under GINA and the Americans with Disabilities Act. In October 2023, the EEOC announced that an employer agreed to pay $1 million to settle an enforcement action that included allegations that it required hundreds of job applicants to disclose family medical history during the hiring process.

Next Steps

In light of these new potential legal risks with GINA, GIPA, and other privacy laws, employers that require physicals may want to consider reviewing their policies and practices so as to remove the predicate for this new theory regardless of how the courts resolve it.