The long-awaited, long overdue final GINA regulations were published in the Federal Register on November 9, 2010. We currently are digesting, deciphering and dissecting them. We will provide more comprehensive analysis to you very soon, focused on the most important provisions we believe directly affect most employers. These regulations will become effective January 10, 2011; HROI has scheduled a briefing on GINA for December 2, 2010, at 8:00 a.m. at the Lathrop & Gage Conference Center, 2345 Grand Boulevard, 22nd Floor, Kansas City, Missouri. More details will be forthcoming in the next few days at

In the meantime, see below for information on two hot topics addressed by the new regulations: Accessing Social Media Sites and Safe Harbor Warnings that protect you from liability.

Title II of the Genetic Information Non-Discrimination Act (GINA) restricts employers (among others) from “requesting, requiring, or purchasing genetic information,” and outright prohibits any USE of an employee’s (or applicant’s, or a former employee’s) “Genetic Information” in employment decision-making, and requires any “Genetic Information” lawfully acquired to be treated strictly confidentially. The term “Genetic Information” is much broader than just the results of genetic testing; it includes, among other concepts, an employee’s “family medical history.”

Prohibited vs. “Inadvertent” Acquisitions

Unless a specific exception applies, the Final regulations generally prohibit an employer from “requesting, requiring, or purchasing genetic information of an individual or family member of the individual.” Although the proposed regulations had articulated a prohibition against “deliberate acquisition,” based on objections received from employee advocates that the word “deliberate” improperly connoted a level of intent not required to create liability, the modifier “deliberate” has been REMOVED.

The final regulations instruct that a prohibited ‘‘request’’ includes, “conducting an Internet search on an individual in a way that is likely to result in a covered entity obtaining genetic information; actively listening to third-party conversations or searching an individual’s personal effects for the purpose of obtaining genetic information; and making requests for information about an individual’s current health status in a way that is likely to result in a covered entity obtaining genetic information.”

Nevertheless, EEOC recognizes that not all acquisitions of “Genetic Information” violate GINA.

Among other recognized exceptions, where an employer “inadvertently” requests or receives “Genetic Information,” it is not illegal. (USE of “Genetic Information” for employment decisions, even if lawfully/inadvertently acquired, is always prohibited.)

The new final regulations clarify two points on this dichotomy, which we have been awaiting with keen anticipation.

Accessing Social Networking Sites?

First, is “Genetic Information” gleaned through accessing a social network site (for example, where the employee’s Facebook page discloses a family member’s diagnosis of cancer) a prohibited or “inadvertent” (and thus, allowed) acquisition?

The long-awaited answer: INADVERTENT – as long as the person accessing the profile has the creator’s permission to access it.

“Safe Harbor” Warnings

Second, can you guard yourself from liability from a prohibited acquisition when “Genetic Information” you did not request nevertheless is provided to you? (For example, you get family medical information, or even info about the employee’s genetic testing, in response to a request for medical certification for a leave, or when you receive the results of a lawful post-offer, preemployment medical examination.)

The final regulations provide a safe harbor from liability IF you affirmatively warn a provider NOT to provide you that information – even if they ignore you and do it anyway. (Remember, you can never USE that information for employment decision-making, and you must treat it confidentially.) The EEOC’s “model language” is as follows:

The Genetic Information Nondiscrimination Act of 2008 (GINA) prohibits employers and other entities covered by GINA Title II from requesting or requiring Genetic Information of employees or their family members. In order to comply with this law, we are asking that you not provide any Genetic Information when responding to this request for medical information. “Genetic information,” as defined by GINA, includes an individual’s family medical history, the results of an individual’s or family member’s genetic tests, the fact that an individual or an individual’s family member sought or received genetic services, and Genetic Information of a fetus carried by an individual or an individual’s family member or an embryo lawfully held by an individual or family member receiving assistive reproductive services.

Alternative language may be used, however, “as long as individuals and health care providers are informed that Genetic Information should not be provided.”

Even in the absence of such a protective warning, you may avoid liability if the original request was not made in a way that was “likely to result in …obtaining genetic information.” Thus, for both ADA and GINA purposes, the narrower the inquiry the better.