I fully expect the data to be de-anonymized and then used against people that have familial links to those who have donated their data.
"Oh, your great great-great-grandfather had <disease>, so now you're classified as a high-risk individual and you have to pay a higher monthly fee for insurance"
Only they won't tell you why you have to pay more, just that you do.
That is essentially why HIPAA exists. And the negative and limiting effects of HIPAA on clinical trials is well acknowledged and is considered as an acceptable cost of HIPAA.
HIPAA was written in 1996. The human genome project was completed in 2003, and WGS wasn't in the clinic for another decade. Nothing about HIPAA is considered or intentional in the context of current medical practice or research. It's just an old law that carries forward mindlessly like all laws do.
1. It's illegal, and insurance company employees aren't suicidal.
2. If health insurance companies wanted to break the law, they would simply violate the existing prohibition on discriminating on preexisting conditions, which gives them vastly more actionability than some tenuous, diluted link to a relative.
This is all frankly nonsensical because insurance companies charge people within tightly-regimented tiers, there's no wiggle room for mystery +30% fee increases.
Thousands of Wells Fargo employees would like to have a word with you about #1. “Illegal” is outweighed easily if there’s a bonus to be earned by doing something that everybody says you won’t be caught for doing. Plus, the company itself can’t be put in prison and the employees whose bad idea it was will probably get a slap on the wrist. And if it’s a big enough company, they won’t endanger it by truly hurting it with fines.
#2 is a pretty good point though.
"Oh, your great great-great-grandfather had <disease>, so now you're classified as a high-risk individual and you have to pay a higher monthly fee for insurance"
Only they won't tell you why you have to pay more, just that you do.