draw .io is closed source.

Yeah, it’s definitely a problem, and genetic information could end up getting linked. Even if a person thinks they might not have DNA in any existing database, whether criminal, medical, or otherwise, there’s no telling what might happen in the future. I can think of a few different ways a person might involuntarily, through no fault of theirs, get their DNA forcibly taken with no legal recourse.

Every path here will have some tradeoffs. But the odds of getting linked are probably much lower outside your home country.

I voted you down because HIPAA absolutely does include privacy provisions, and requires written consent for data use in the way I described above.

My best recommendation would be to go to a testing lab and provide a fake name. It should work. I’ve never been ID’d at any doctor’s office, and one time did even receive healthcare under a fake name with no trouble. Of course, that means your insurance won’t cover anything, but that’s the unfortunate reality of US healthcare. Also, they probably won’t delete your data. HIPAA includes no right to be forgotten, and in some cases, may even mandate retention for several years.

Sorry I don’t have a better solution. I think your best bet is to distance this genetic data as much as possible from your real identity.

Alternately, you could try going somewhere outside the US.

I completely agree that HIPAA is dead. One time when I went to a new doctor’s office, totally unaffiliated with any doctor I’d ever seen before, the doctor instantly pulled all my medical records from several other places. They didn’t even get my verbal permission; they just did it. If that’s the level of security on these databases, and doctors are allowed to access them on old unsupported Windows computers, then it’s almost certain that the databases have tons of undetected data breaches. They’ve probably been scraped completely by multiple attackers.