J.S. Kotval, Anthony Clarizia, and Patricia Salkin 
The University at Albany, State University of New York, Albany, New York 
jsk03@health.state.ny.us 

The rise of managed care as the primary method of health care delivery raises new concerns regarding the misuse of confidential medical information -- especially the misuse of DNA-based tests that predict the likelihood of late-onset, high-cost disorders. We have surveyed state and federal law related to protection of medical confidentiality, and find several gaps in the legal framework intended to protect individuals from misuse of their genetic information in the managed care setting. The occurrence of these gaps stems primarily from reliance on a patchwork of state laws, regulations and case law to protect confidential medical information through professional licensure laws, medical malpractice laws and regulations, and by direct protection of an ill-defined entity: the medical record. These measures have become inadequate to protect medical confidentiality within the context of many managed care contracts. In addition, large numbers of persons insured through managed care plans that fall under ERISA are not touched by the state policy framework and no laws directly address the mis-use of genetic information within managed care plans that have the effect of discriminating against individuals with high cost illnesses. Furthermore, the absence of uniformity among states with regards to law and public policy creates confusion for both the managed care organizations that operate in multiple jurisdictions and for the consumers that seek care in more than one state. 

In the absence of federal or state law to protect individuals from the unconsented dissemination of genetic information, there are few legal grounds for a successful cause of action against a managed care organization. Legal theories that could serve as basis for successful causes of action include vicarious liability through respondeat superior and ostensible agency theories. In assessing the merits of a plaintiff's case claiming discrimination, the courts are likely to consider issues including the structure, administration and internal procedures implemented by the managed care organization; the representations and disclosures made in contracts, brochures, and advertising; the financial incentives, cost containment procedures and utilization review procedures used by the managed care organization and, of course the selection, control and contracts between the managed care organization and the physician. Even if the plaintiff does have 'the law on his side' it would take him or her years to resolve the matter, not to mention the expenses involved, thus creating a disincentive to seek redress and creating a hostile environment for advocating consumer rights. Recommendations regarding appropriate federal and state law are being explored.