Cheap DNA Testing Is Giving Some Insurers Even More Ways To Deny Coverage [UPDATED]

from the yet-another-third-party-records-repository dept

[Update: after this post was published, Eric Heath of AncestryDNA emailed us with concerns about the post’s content, considering the recent update to the site’s terms of service. As Heath points out in a post at Ancestry’s blog, the terms have been rewritten to make it explicit what Ancesty does and does not do with customers’ submitted DNA:

First, we very clearly state that AncestryDNA does not “claim ownership rights in the DNA that is submitted for testing.” You own your DNA; this sentence helps make it clear that nothing we do takes, or has ever taken, that ownership from you.

Second, we’re clear that because you are owner of your DNA, we need you to grant us a license to your data so that we can provide our products and services to you and our other users, as well as develop new products and services. You can revoke this right at any time by requesting we delete your data or your account.

Third, we explicitly state that we will not share your genetic data with employers, insurance providers or third party marketers without first getting your consent. We already follow this procedure, but this language makes our commitment to you explicit.

The whole blog post and Ancestry’s response to comments are worth reading. It appears the language restricting legal action to arbitration remains, but on the whole, it appears Ancestry is addressing the issues raised by Joel Winston’s post.]

Joel Winston — current consumer protection lawyer and former New Jersey attorney general — is offering up the periodic reminder that terms of service are rarely written with the user’s best interests in mind. Winston highlights the demands makes in exchange for using its paid service. Two-thirds of those highlighted are standard operating procedure for far too many services. [h/t War on Privacy]

The first is the perpetual license users grant for exploitation of their DNA data. Again, this sort of thing can be found at many services heavily-reliant on users’ contributions. And many of those not only want your money, but the opportunity to sell off data as well.

Specifically, by submitting DNA to AncestryDNA, you agree to “grant AncestryDNA and the Ancestry Group Companies a perpetual, royalty-free, world-wide, transferable license to use your DNA, and any DNA you submit for any person from whom you obtained legal authorization as described in this Agreement, and to use, host, sublicense and distribute the resulting analysis to the extent and in the form or context we deem appropriate on or through any media or medium and with any technology or devices now known or hereafter developed or discovered.”

It’s not particularly heinous. (Yes, I’m damning it with faint damnation.) But it’s no better than countless other services, and this one deals with DNA, which is arguably more personal than, say, tweets… or coarse demographic info. It would be nice to know this up front. can claim it does inform users of this, but it’s part of a lengthy Terms and Conditions which contains enough dense language and boilerplate legalese to deter all but the most detail-oriented from reading it all the way through.

Opting out is, of course, much more difficult. As Winston notes, several hoops must be jumped through to pull your DNA out of this broad “agreement.” It also takes the company 30 days to handle users’ requests, and it doesn’t affect any studies, etc. the company has already supplied with your DNA data. It also may involve phone calls, which is super fun in the age of digital communications that leave a better, more easily-verifiable paper trail.

On top of that, there’s the arbitration clause, which will ensure users have as little leverage as possible should they be unhappy with Ancestry’s services or handling of DNA data. This, too, is sadly a part of too many terms of service agreements. Arbitration forces users to play on the company’s playground, rather than the more neutral field created by filing a civil complaint. This sucks, but once again, it’s nothing that’s unique to

What’s most disturbing about Ancestry’s growing DNA collection is something Glyn Moody highlighted here a couple of years ago.

According to an article on, Ancestry now has over 800,000 samples, while 23andMe has a million customers (Ancestry says that a more up-to-date figure is 1.2 million members in its database). Those are significant holdings, and it’s only natural that the police would try to use them to solve crimes; both companies confirm that they will turn over information from their databases to law enforcement agencies if served with a suitable court order.

Customers’ DNA info — processed by — becomes nothing more than a third-party record. The company says it only complies with court orders, but there’s a lack of specificity in that statement. A court order may be nothing more than a subpoena, rather than a search warrant. Third-party records have a lowered expectation of privacy, which means warrants aren’t a necessity.

What makes this even more problematic is the company’s willingness to hand over “familial” DNA — in other words, DNA that isn’t necessarily yours but comes from the same gene pool. Mixing this together raises the chance of false positives, which is never a good thing when someone’s freedom is on the line.

And it’s not just limited to police snooping. Ancestry is making this information available to private parties (see the perpetual license above), which could have adverse effects on people who’ve never used the service.

Buried in the “Informed Consent” section, which is incorporated into the Terms of Service, warns customers, “it is possible that information about you or a genetic relative could be revealed, such as that you or a relative are carriers of a particular disease. That information could be used by insurers to deny you insurance coverage, by law enforcement agencies to identify you or your relatives, and in some places, the data could be used by employers to deny employment.”

This is a massive red flag. The data “you or a genetic relative” give to AncestryDNA could be used against “you or a genetic relative” by employers, insurers, and law enforcement.

The damage being done isn’t theoretical. Glyn Moody’s piece dealt with a man who became a suspect in a 20-year-old murder thanks to his father’s DNA data (obtained by law enforcement from privately-held genetic databases). Winston’s piece also covers the law enforcement aspects of Ancestry’s license/sharing. But as the terms warn, insurers and employers could decide they want nothing to do with you, thanks to your familial DNA.

For example, a young woman named Theresa Morelli applied for individual disability insurance, consented to release of her medical records through the Medical Information Bureau (a credit reporting agency for medical history), and was approved for coverage. One month later, Ms. Morelli’s coverage was cancelled and premiums refunded when the insurer learned her father had Huntington’s disease, a genetic illness.

Startlingly, the Medical Information Bureau (MIB) used Morelli’s broad consent to query her father’s physician, a doctor with whom she had no prior patient relationship. More importantly, the applicant herself wasn’t diagnosed with Huntington’s carrier status, but she suffered exclusion on the basis of a genetic predisposition in her family.

Health care insurers are forbidden by federal law from using DNA data to deny coverage, but as Winston points out, nothing prohibits other insurers (life, long-term disability, etc.) from using this to decline coverage. And there’s nothing at all in the law preventing employers from using DNA data to screen out potential employees who might be a net loss on company-provided insurance plans.

The upside is a $99 DNA test, something that used to be prohibitively expensive. The downside… well, it’s pretty much everything else. In exchange for cheap testing, customers have to give up nearly everything. They can’t easily stop the sharing of data, have limited ability to challenge information demands by law enforcement, and zero chance to fully control the use of data you’ve handed over to Information about how your DNA data is being used isn’t easily obtained and anything insurers and employers are doing with this information is almost completely opaque. And, if you don’t like it — or feel Ancestry has managed to overstep the broad powers granted to it by its users — you’re stuck with arbitration as your only recourse.

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Cheap DNA Testing Is Giving Some Insurers Even More Ways To Deny Coverage [UPDATED]”

Subscribe: RSS Leave a comment
sigalrm (profile) says:

Re: Re:

Open source home DNA testing when?

Oxford Nanopore’s MinION system is available today, and can handle the wet-lab aspects of sample prep and sequencing, within its limitations. According to an entry level system with one set of consumables will set you back about $1000.

I don’t recall having heard anything about it being used for clinical use (at this point), but it would likely be sufficient for a research or home environment.

Additional bioinformatics pieces not handled by the MinION system can be done on AWS or Azure at this point, if you’ve got a credit card with a high enough limit and enough programming chops to build/assemble a custom pipeline.

The most difficult part is validating and then interpreting the output.

That said, if you make "informed" decisions about your future based off of unverified, unvetted DIY genomic testing results you came up with yourself on a home-based genomic sequencer, you’re setting yourself up to have a bad time.

Anonymous Coward says:

Re: Re: Re:

The free market looks after customers.

How many providers of broad band internet are available where you live?

When was the last time anyone you know had something good to say about their cell phone provider?

How’s that repair you are doing on your tractor going? See the dealer yet?

When was the last time you had your iPhone repaired at a third party shop and it worked?

Free markets might work well, but there sure are a lot of markets that are not free – nor regulated effectively. See Net Neutrality and the FCC.

Doug says:

Re: Re: Re:

Ditto to AC’s earlier post (4:43pm).

Also, customers do have it good at first blush. We are the beneficiaries of all kinds of stuff we want enough to pay for it and we benefit from innovation. However, it is all the stuff that is unlikely to affect any one customer but is almost sure to hit the company where they get no resistance from the market. This is where the market fails.

So, yes, you want mobile phone service, but do you want binding mandatory arbitration? No, but the average customer is unlikely to feel they will be affected by that, so on average the market doesn’t resist it. At least not by denying themselves mobile phone service.

The market also fails to stop the gradual creep of unwanted changes. How many of us want commercials when we go to the movie theater. I’ll bet none. But it’s a minor enough annoyance that few enough people actually forgo the enjoyment of a movie out of protest. So, we have commercials. The market is not looking after customers.

How many of us want to be put on someone’s marketing list every time we communicate with a company about anything. Yet, the best we can get is the (often phantom) chance to opt out.

The market works to find us things that are good enough to buy. But once the market has found that, there is very little pressure to keep companies from trying to exploit their customers as much as possible.

MarcAnthony (profile) says:

Tim Cushing wrote: “…there’s nothing at all in the law preventing employers from using DNA data to screen out potential employees who might be a net loss on company-provided insurance plans.”

I have a quibble with this statement. The Genetic Information Nondiscrimination Act protects against premium increases and denial of health insurance benefits by employers. It also prevents them from using genetic test results as the basis for hiring or firing decisions. This isn’t to say there aren’t ways to discriminate without appearing to use such information, but there is something in the law to prevent that particular problem, and the EEOC would act on your behalf, if you can prove discrimination.

That said, I think the boilerplate agreement is just awful and facially unconscionable, as it is completely one-sided. It also denies the author of expressed DNA—namely you, the testee—a copyright interest in your cells’ work product without any consideration.

Roger Strong (profile) says:

The Genetic Information Nondiscrimination Act protects against premium increases and denial of health insurance benefits by employers. It also prevents them from using genetic test results as the basis for hiring or firing decisions.

That said, a predisposition to cancer (like having survive it once before) will routinely force an employer to find cause to fire you, when the insurer slaps a million dollar surcharge on the company policy for carrying you.

Anonymous Coward says:

When signing up for a service, we’re often presented with a single tick box next to something like “I agree to the Terms of Service”. We all tick it, we pretty much all have no idea what’s in those terms of service – and they can change at any time. This is understandable, many of us wouldn’t understand all of it anyway.

What should be made mandatory is instead of a single tick box, the website must present a list of tick boxes, each of which corresponds to a clause in the Terms of Service (and links to that clause if the user wants to read it), and must be clicked in order for that clause to be binding.


[ ] I agree that any data I provide may be sold to third parties.
[ ] I agree to receive daily advertising to my e-mail address.
[ ] I agree that I will leave this checkbox unticked.
[ ] I agree that the DNA I provide is no longer my property.

This would put pressure on websites to prune their Terms of Service to what is actually required in order to stop users being overwhelmed by multiple pages of links, and also provide a summary of the Terms of Service. Win/Win.

Doug says:

Re: Re:

This is a nice suggestion. The hurdle is: where is the requirement to do something like this going to come from? The market hasn’t caused it to happen. The gov’t should be the ones representing us and ensuring an even playing field, but they don’t.

My opinion is that we need to reform our political system so that the government represents the citizens (the way it should), rather than deep-pocketed corporate interests.

Short of that, I keep imagining some third option like some sort of “collective consumer” bargaining unit, so that large groups of customers can band together to get enough bargaining power to stand up to companies with terms or practices they don’t like, but whose main product they do like.

sigalrm (profile) says:

Re: Re:

And the lesson is…lie when providing your name for such tests.

If the test is being performed by a company like 23andMe or Ancestry, don’t lie. Just don’t submit a sample.

Because the life/lives you could accidently ruin might not be yours.

Amber says:

The problem is no consumer protection

I would like to see “agreements” where you cannot use a service without agreeing to it, outlawed unless a consumer protection agency with its own lawyers gives it approval for use in the marketplace. Ancestry info is entirely voluntary, and someone’s life won’t be seriously impacted if they don’t participate. But credit cards? Bank accounts? Sure, they are voluntary, if you don’t want to ever travel by air, rent an apartment, buy a car, etc. However, what lawyers are protecting the consumer’s interests? None whatsoever. All the power and information are on one side. Only by a law passed that demands a voice for the other side will this change.

Ouch the Grouch says:

A blessing in disguise?

See subject line:

Having been convinced for decades (and formerly very close to the so-called health care system before that meme was established), allowing that some “doctors” are sterling fellows (and fellowettes), especially those to pursue alternative methods while avoiding being “offed” by thugs sent by the establishment, I think those who avoid main stream medicos at all costs stand a better chance than those who submit to the routine of pay and pray…

Anonymous Coward says:

Please do take the following as a joke. I know it’s not a light topic:

For only 99$ you too can find out if it’s worth living the rest of your life!

Have too many nasty positives ?
A nice, relaxing, trip to Belgium might be in order.
If that’s to expensive you could always visit California, Colorado, Oregon, Vermont or Washington.
But if you can’t afford that, a self-administered cranial dose of lead also does the job (but it’s a lot messier).
For fans of extreme sports there’s also cordless bungee as well as chute-less base jumping.

Lawrence D’Oliveiro says:

Insurance Is Fundamentally About Ignorance

Remember, the whole point about insurance is to lower the cost to individuals who suffer the misfortune being insured against by spreading it among a group of people. The scheme only works because nobody knows which individual ones among that group will actually need a payout; the actuaries can only predict that there should be a certain proportion who will need payouts, so that premiums can be set accordingly.

Anything that helps the insurance company narrow down the vulnerable group works against the interest of that group: by reducing the population likely to need that form of insurance (without actually reducing the number needing payouts, since they are still within the smaller group), that will inevitably mean raised premiums to support the correspondingly higher proportion that will need payouts.

So market forces and technological developments will naturally lead to increased premiums. The only way to counter this is with regulation. Which means the only entity really capable of managing a fair and reasonably-priced insurance scheme is the Government.

Steve R. (profile) says:

Prohibit Comapanies from Sharing Information

The simple solution, if a simple solution were ever allowed, would be to prohibit companies from sharing personal information that you have provided in any manner.

As a novel approach, if these companies share your information then you should be paid a royalty. After all, my subscription to a couple of services includes royalty fees to the content creators.

As for insurance companies being able to deny coverage based on genetic testing; it is their right based on free market principles. Insurance companies are in the business of managing risk. The greater the risk, the higher the premium.

A solution, assuming it is acceptable to the electorate, would be a government sponsored health care system that remove the insurance companies from the health care industry.

ShadowNinja (profile) says:

On top of that, there’s the arbitration clause, which will ensure users have as little leverage as possible should they be unhappy with Ancestry’s services or handling of DNA data. This, too, is sadly a part of too many terms of service agreements. Arbitration forces users to play on the company’s playground, rather than the more neutral field created by filing a civil complaint.

Arbitration clauses should be illegal.

The case where one cell phone company advertised ‘free’ phones and then charged people $36 dollars in ‘taxes & fees’ on that ‘free’ phone shows just how easy it is to abuse this crap. Their arbitration clause, and another clause banning customers from entering in a class action lawsuit against them let them get away with it, thanks to the idiots on the supreme court who sided with them.

Doug says:

Re: Re:

That’s the kind of behavior that would go a long way towards solving problems like these if more people held companies to such a high standard. Problem is they don’t, for reasons discussed at length elsewhere, but including a) people don’t read the TOS, b) people assume they’ll never be in conflict with the company and thus any arbitration clause is not relevant to them, etc.

Anonymous Coward says:

Monolithic insurance plans are part of the problem

As others have noted, it makes financial sense (albeit being morally repulsive) to use genetic testing to exclude people predisposed to consume a particular insurance benefit from plans that offer that benefit. However, it makes no financial sense to exclude someone predisposed to cancer from benefits related to a car crash. People predisposed to Huntington’s (but not yet sick) are not inherently more likely to be disabled by a car crash than others. Yet, under the current monolith scheme, insurance companies select against people who have any risk factors because they do not want to deal with insuring solely against random events.

Secondarily, does anyone think that the insurance actuaries will look at the exclusion and declare a premium reduction for the remaining customers on the basis that actively excluding "high risk" customers will bias the remaining pool to be lower risk? No, they will keep rates stable (or (more likely) rising) even as they filter the population of covered persons to reduce the likelihood of a covered condition.

Anonymous Coward says:

Did the doctor violate the law?

Startlingly, the Medical Information Bureau (MIB) used Morelli’s broad consent to query her father’s physician, a doctor with whom she had no prior patient relationship.

Unless she has some power of attorney from her father, it should be blatently illegal for a doctor to use her consent to release someone else’s medical records. Is that actually allowed?

DaB says:

Dating Sites Do Same Thing

Read the TOS & privacy stmts of popular dating sites and you’ll see they take unlimited rights (along with your membership $) to perpetually use any part of your profile submissions any way they want – no notification, additional permission, no restrictions on downstream users, ad nauseam. Many dating sites have unnamed affiliates so just imagine your paid ‘membership’ gets ported off with their modifications to another ‘niche’ dating/hook up site you would not want your face or profile to be associated with…… Let’s not forget the sale of your profile & pic to others with no restraints on their subsequent use or distribution – just imagine the possibilities!
Caveat emptor!!!!!!

Anonymous Coward says:

Re: Dating Sites Do Same Thing

Read the TOS & privacy stmts of popular dating sites and you’ll see they take unlimited rights … Caveat emptor!!!!!!

Or non-emptor in this case. There’s no indication the father authorized his doctor to release his medical records to someone else’s insurance company.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...