2233 Wisconsin Avenue, NW Suite 525 Washington, D.C. 20007

(202) 687-0880 Fax: (202) 687-3110 facsimile

www.georgetown.edu/research/ihcrp

Chairman Chabot, Congressman Nadler, and Members of the Committee, thank you for the opportunity to testify here today on behalf of the Health Privacy Project. I am Joanne L. Hustead, Senior Counsel for the Health Privacy Project and Assistant Research Professor at Georgetown University’s Institute for Health Care Research and Policy. The Health Privacy Project is part of the Institute for Health Care Research and Policy.

I. OVERVIEW OF THE HEALTH PRIVACY PROJECT

The Health Privacy Project’s mission is to press for strong, workable privacy protections in the health care arena, with the goal of promoting increased access to care and improved quality of care. The Project conducts research and analysis on a wide range of health privacy issues. Recent Project publications include: Genetics and Privacy, American Journal of Law & Medicine, 28 (2002) 285-307; Genetics and Privacy: A Patchwork of Protections, published by the California HealthCare Foundation (2002); Implementing the New Federal Health Privacy Rule in California (set of three guides for various types of health care providers, health insurers, and health care service plans), published by the California HealthCare Foundation (2002); Exposed Online: Why the New Federal Health Privacy Regulation Doesn’t Offer Much Protection to Internet Users, published by the Pew Internet & American Life Project (2001); Privacy and Confidentiality in Health Research (2001), commissioned by the National Bioethics Advisory Commission; Best Principles for Health Privacy (1999), which reflects the common ground achieved by a working group of diverse health care stakeholders; The State of Health Privacy (1999), the only comprehensive compilation of state health privacy statutes (an updated version of these state-by-state summaries can be found on our Web site (www.healthprivacy.org)); Report on the Privacy Policies and Practices of Health Web Sites (2000), which found that the privacy policies and practices of 19 out of 21 sites were inadequate and misleading; and “Virtually Exposed: Privacy and E-Health,” published in Health Affairs, Vol. 19 (#6) 140-148 (2000).

The Project also staffs the Consumer Coalition for Health Privacy, comprised of over 100 major disability rights, disease, labor, and consumer advocates as well as health care provider groups. The Coalition’s Steering Committee includes AARP, American Nurses Association, Bazelon Center for Mental Health Law, National Association of People with AIDS, Genetic Alliance, National Multiple Sclerosis Society, and National Partnership for Women & Families.

II. SUMMARY OF TESTIMONY

The purpose of this testimony is to examine the extent to which certain existing federal laws protect the privacy of genetic information in the insurance and employment sectors. The protections in the insurance sector stem from two aspects of the 1996 Health Insurance Portability and Accountability Act (HIPAA) - the HIPAA privacy regulation and the HIPAA “nondiscrimination” provisions. To assess privacy protections in the employment sphere, it is necessary to begin with an assessment of the privacy protections (and gaps) in the Americans with Disabilities Act (ADA). This hearing correctly focuses on both collection and use of genetic information, because collection and use are inextricably linked. The best way to protect individuals from inappropriate uses of their genetic information is to prevent collection of their genetic information in the first place.

Health Plans and Insurers. The HIPAA privacy regulation protects genetic information to the same extent that it protects other types of health information. There are significant limits to what the HIPAA privacy regulation can and does accomplish. For example, the HIPAA privacy regulation does not generally prohibit the entities subject to the privacy regulation from collecting genetic information from individuals or from requiring people to provide genetic information or undergo genetic tests. Nor do the HIPAA nondiscrimination provisions. The privacy regulation permits health plans and insurers to use protected health information, including genetic information, for a broad range of health care purposes, including medical underwriting. The HIPAA nondiscrimination provisions prohibit some underwriting uses of medical and genetic information, but many gaps remain, especially in the individual insurance market. HIPAA does not directly regulate employers; instead, it reaches group health plans that are sponsored by employers.

Employers. There is no federal law that explicitly regulates the collection, use, or disclosure of genetic information by employers. In fact, employers can, consistent with federal law, obtain vast amounts of medical and genetic information about employees (and, in some cases, their dependents). Because of the ADA’s wide applicability, it is the most important federal law to consider when evaluating medical and genetic privacy in the workplace. It establishes a regime where access to medical information and use of medical information hinge on when the information is requested and the context in which it is used. Unfortunately, the ADA permits employers to collect more medical and genetic information than is necessary to assess whether an individual can perform essential job functions. Moreover, due to narrow and limiting court decisions, it is increasingly likely that the ADA will fail to protect individuals from adverse employment actions on the basis of such genetic information.

Given these shortcomings in existing federal law, the enactment of additional legislation targeting the collection and use of genetic information by insurers and employers would provide additional and significant privacy protections.

III. THE NEED TO PROTECT THE PRIVACY OF MEDICAL AND GENETIC INFORMATION

Medical information constitutes the most sensitive and personal information. Genetic information, which is a subset of medical information, is particularly sensitive because it reveals unique and immutable attributes, because those attributes are not just personal, but shared by family members as well, and because this information has the potential, in some circumstances, to give us (and others) a frightening (or reassuring) glimpse into the future. Faced with potential discrimination, loss of benefits, and stigma if their health information, including their genetic information, falls into the wrong hands, people are withdrawing from full participation in their own health care.

According to a national survey released by the California HealthCare Foundation in 1999, 15 percent of adults say they have done something out of the ordinary to keep medical information confidential. These privacy-protective behaviors include paying out-of-pocket despite having insurance coverage, doctor hopping to avoid a consolidated medical record, not seeking care to avoid disclosure to an employer, and giving incomplete or inaccurate information in a medical history. A 1997 survey documenting people’s fears about genetic discrimination showed that 63 percent of people would not take genetic tests if health insurers or employers could obtain the results, while 85 percent believed that employers should be prohibited from obtaining information about people’s genetic conditions, risks, and predispositions. A recent study involving genetic counselors documents that fear of discrimination is a significant factor affecting willingness to undergo testing and to seek reimbursement from health insurers.

IV. FRAMEWORK FOR ASSESSING THE ADEQUACY OF MEDICAL PRIVACY LAWS

There are four basic components to protecting the privacy of medical or genetic information:

·   Access (Who should have access to a person’s genetic information, under what circumstances, and for what purposes?)

·   Use (How should those who obtain such information be allowed to use it? What uses should be prohibited?)

·   Disclosure (To whom should those who create/obtain/receive genetic information be permitted to disclose it, and for what purposes?)

·   Storage/security (What safeguards and safety precautions must be in place to make sure that medical or genetic information is not obtained, used, or disclosed inappropriately?)

Because this hearing concerns the collection and use of genetic information by insurers and employers, this testimony will focus on the first two: access and use.

The access component involves whether and when one person or entity can request or require that an individual divulge genetic information or undergo genetic testing. Policy makers may very well conclude that the divulging of genetic information in some circumstances is appropriate (e.g., voluntary treatment-related disclosures) yet totally inappropriate in others (e.g., requiring genetic tests as a precondition to applying for health insurance).

The use component encompasses how people or entities should be allowed to use a person’s genetic information. The concept of use implies not only permissible uses but impermissible ones as well. Thus, as part of an effort to protect the privacy of genetic information, health care professionals may be permitted to use genetic information for treatment purposes, while health insurers may be prohibited from using such information for medical underwriting (i.e., deciding whom to insure and at what price).

Laws that achieve the latter (prohibiting certain uses of genetic information) are often referred to or categorized as genetic “nondiscrimination” laws rather than as privacy laws. Yet, viewed through the lens of the four components listed above, protecting privacy is, in part, about allowing certain uses while prohibiting other uses, including discriminatory uses of genetic information.

The best way to prevent discrimination of all kinds is to use a two-pronged approach. First, where possible, cut off access to information about the characteristic at issue, whether national origin, religion, disability, or genetic predisposition. This exemplifies a strict “privacy” approach. Second, prohibit the use of any information obtained despite shutting down the flow of information. Rather than treating privacy laws or policies as separate from nondiscrimination laws or policies, or as addressing different harms or promoting different values, it makes sense to consider both together under the expansive privacy rubric laid out above.

V. THE HIPAA PRIVACY REGULATION

The medical privacy regulation was issued by the U.S. Department of Health and Human Services (HHS) in December 2000 in response to a mandate from Congress dating back to the 1996 HIPAA law. It is a milestone in federal law. It is the first - and only - federal law to protect the privacy of medical information in the hands of private health care providers and health plans. HHS published final modifications to the regulation on August 14, 2002. Most entities that must comply with it have until April 2003 to do so.

The privacy regulation had significant shortcomings when it was first released in final form in December 2000. One of the most notable shortcomings is the limited range of entities that must act to protect patient privacy. It does not directly regulate all people or entities that have access to protected health information, such as employers (except possibly in their potential role as health care providers), pharmaceutical companies, workers’ compensation insurers, and many researchers. Another significant shortcoming is the lack of a federal private right of action for people whose privacy rights are violated. These shortcomings reflect the limited authority given by Congress to HHS in HIPAA.

Due to final modifications released in August 2002, the HIPAA privacy regulation has been furthered weakened. The Health Privacy Project is particularly concerned by HHS’ decision to eliminate the provider consent requirement and to open up people’s medical files for marketing activities without prior authorization. While HHS claims to have strengthened the marketing provisions by requiring prior authorization for marketing, the Department has done quite the opposite: HHS has defined the term “marketing” in a way that effectively legalizes some of the most egregious marketing tactics of the chain drug stores and their partners, the pharmaceutical industry.

A. The HIPAA Privacy Regulation and Genetic Information

The HIPAA privacy regulation will protect the privacy of genetic information, with one important caveat: it will only protect genetic information to the extent that it protects other health information. Because there are limits to what the HIPAA privacy regulation can and does accomplish, the enactment of additional legislation targeting genetic information could provide additional and significant privacy protections.

Although the HIPAA privacy regulation singles out only one type of health information for special treatment - psychotherapy notes - genetic information will be protected by this regulation as long as it meets the definition of “protected health information.” This term - protected health information - is defined broadly and includes information about the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual. HHS, in the preamble accompanying the final regulation, confirmed that “the definition of protected health information includes genetic information that otherwise meets the statutory definition.” See 65 Fed. Reg. 82621 (Dec. 28, 2000).

Under this definition, information about genetic tests, services, or counseling will clearly be protected, as will information about an individual’s family history - an important component of genetic information. Although the definition of protected health information does not explicitly refer to family history, HHS clarified in the introductory preamble to the regulation that medical information about a family member contained within an individual’s medical record is information about the individual. See 65 Fed. Reg. 82493 (Dec. 28, 2000).

Health care providers that provide general medical services and that create or receive genetic information, as well as specialists that provide genetics services, perform genetic tests, or interpret genetic test results, will have to comply with the HIPAA privacy regulation if they otherwise meet the definition of a covered provider. The essential prerequisite for providers to be “covered” is that they transmit claims-type information electronically using HHS-prescribed standard formats. This may mean that genetic information compiled, or genetic testing performed, in a research context will not be protected by the HIPAA regulation. Protection of genetic information in the research context will depend on whether the researcher is functioning as a health care “provider” and, if so, whether the researcher (or the institute that employs him or her) bills insurance companies electronically for health care services.

Falling within the scope of the HIPAA privacy regulation means that genetic information will be protected to the same extent as other health information. Within the confines of the HIPAA privacy regulation, genetic information is not treated differently than other types of protected health information. Thus, providers and health plans can, without consent or authorization, use and disclose protected health information, including genetic information, for treatment, payment, and health care operations purposes (the latter is especially rather broadly defined). As with other health information protected by this regulation, some uses and disclosures will require the opportunity to opt out in advance, some will require specific individual authorization, and other uses and disclosures can proceed without authorization or the opportunity to opt out. One of the more controversial aspects of this regulation is that it will permit health care providers and plans to use (and disclose to a business associate) protected health information to send commercially motivated communications, including communications paid for by a third party, recommending that the patient use the third party’s products or services. We consider such communications to constitute marketing, but the regulation defines them as not marketing.

It is important to note that the HIPAA regulation will not prevent covered health plans from requesting that individual plan members provide genetic information to the plan or from requiring applicants for insurance to provide genetic information or undergo genetic tests as part of the insurance underwriting process. The regulation will, however, impact health plan or insurer requests that a covered health care provider disclose a patient’s genetic information. How the privacy will impact those requests depends upon the context, specifically the purpose of the request. For example, an insurer seeking genetic information about an insurance applicant from a covered health care provider would need to provide the health care provider with an authorization signed by the applicant. Also, the regulation’s “minimum necessary” standard should prevent a health plan from insisting that a covered health care provider disclose to it the results of a genetic test involving a plan member when the results of that test are not necessary for the health plan to reimburse the provider for conducting the test.

B. The HIPAA Privacy Regulation and Employer-sponsored Group Health Plans

As noted above, employers are not covered entities under the HIPAA privacy regulation. The regulation does, however, attempt to limit disclosures of protected health information, including genetic information, by group health plans and insurers to employers that sponsor group health plans. This is important because of the legitimate concern that many have about their employer having access to private medical information. The HIPAA regulation goes as far as it can to protect workers and their dependents from inappropriate disclosures to employers/plan sponsors and from inappropriate uses by employers/plan sponsors, but it does not shut down the flow of information. Only Congress can close this pipeline.

The HIPAA regulation permits group health plans and insurers to share protected health information with the employer/plan sponsor only when certain requirements are met. In essence, the employer must first amend the documents that govern the establishment of the health plan to include assurances that the employer will use the information only to administer the group health plan and will not use the information to make employment decisions. The employer/plan sponsor must also erect firewalls to separate the group health plan functions of the employer/plan sponsor from the rest of the employer/plan sponsor. Under the regulation, only employees involved in health plan administration would have access to protected health information. Employees wearing multiple “hats” could legitimately use other employees’ protected health information to administer the group health plan, but they could not use this information for any other purpose.

The HIPAA regulation may impact one other way that employers obtain protected health information about their employees. An employer that actually provides health care services to its employees, such as through an on-site medical clinic, may, with respect to the provision of such care, be a health care provider that is required to comply with the HIPAA regulation. As with all other health care providers, the provider would have to engage in standard electronic HIPAA transactions in order to be a “covered” provider under the privacy regulation. In general, providers will meet this electronic transmission prerequisite by engaging in electronic transactions with insurers, such as submitting claims for services to insurers. Since it is hard to imagine an employer’s on-site clinic engaging in such transactions, the health information created or received in these programs will generally not be protected by the privacy regulation.

VI. HIPAA NONDISCRIMINATION PROVISIONS

Unlike the HIPAA privacy regulation, other provisions in HIPAA explicitly address genetic information. These provisions are referred to as the HIPAA “nondiscrimination” provisions, and they are in a different title of the HIPAA statute than the provisions that led to issuance of the privacy regulation. These nondiscrimination provisions prevent health plans and insurers, in the group market, from refusing to enroll an individual due to that individual’s (or a dependent’s) genetic information. These provisions also prohibit charging one individual (or family) in a group more than others in the group on the basis of the individual’s (or a dependent’s) genetic information. These provisions also prohibit insurers in the individual insurance market from refusing to enroll, for any health-related reason, a subset of individuals who are leaving the group market and meet other prerequisites.

Although the HIPAA nondiscrimination provisions provide important federal protections, significant gaps remain. Even with the nondiscrimination provisions, health plans and insurers can collect genetic information, and there are a number of ways that insurers can use genetic information in the underwriting process. For example:

·   Groups health plans and insurers may request, require, purchase or otherwise collect genetic information about an applicant’s genetic information in the group and individual markets.

·   Insurers in the mid- and large-size group market may refuse to cover an entire group because of the genetic information of one individual in the group. (Under HIPAA, employers with between 2 and 50 employees are considered to be the “small group market.”)

·   Insurers in the group market may charge an entire group (of any size) more than another group because of the genetic information of one individual in the group.

·   Insurers in the individual market may deny coverage because of an applicant’s genetic information unless the individual falls within the narrow category of individual market applicants that HIPAA protects (generally those leaving the group market who meet other prerequisites).

·   Insurers in the individual market may treat a genetic predisposition as a preexisting medical condition (and refuse to provide coverage for expenses relating to it) unless the individual falls within the narrow category of individual market applicants that HIPAA protects.

·   Insurers in the individual market can set premiums based on an applicant’s genetic information.

To more fully protect privacy, each of these gaps should be filled.

VII. EMPLOYER COLLECTION AND USE OF GENETIC INFORMATION

Not surprisingly, people are extremely concerned about employer access to health information, including genetic information. When it comes to the collection and use of medical information, employers occupy a unique position because they play multiple roles. As employers, they decide whom to hire and fire. As sponsors of health plans for employees and dependents, they pay for health care services. In this “payor” role, employers have access to claims information. Indeed, according to a recent survey, a startling 36 percent of large employers have the ability to link medical care data to individual employees.

People are especially alarmed at the prospect of employers using medical claims information for non-medical employment-related decisions such as deciding which employees to promote or to lay off during a reorganization. Just over 40 percent of people surveyed are concerned about their job opportunities being affected adversely if their employer sees their medical claims information. This alarm is justified, given that people have so much to lose - their job, their livelihood, their reputation, their self-esteem, and the very health insurance that gave their employer this window into their private life.

The recent case of Terri Seargent illustrates what can happen to an employee when her employer, which provides her health insurance, learns that she has a genetically based condition. Ms. Seargent was fired from her job, despite favorable performance appraisals, after she began receiving preventative drug therapy for Alpha-1 antitrypsin deficiency and submitted claims for that therapy to her employer’s health plan.

Medical claims information is just the tip of the proverbial iceberg. There are many different ways that employers obtain health information about employees (and sometimes dependents) other than through the claims submitted to the group health plan. Other avenues for collection of medical information include:

·   Post-offer, pre-placement medical exams;

·   Periodic medical exams to assess fitness for duty;

·   On-site medical clinics;

·   Employee assistance programs;

·   Occupational safety and health examinations;

·   Workers’ compensation claims;

·   Paid or unpaid sick leave;

·   Family or medical leave; and

·   Accommodations for disability.

All of the ways in which employers may obtain health information could result in employers obtaining genetic information. For decades, some employers have performed genetic testing on their employees or obtained genetic test results, and some have used that information for employment purposes, but such practices have never been widespread.

Unfortunately, there is no solid source of empirical evidence to document how often or for what purpose employers currently obtain genetic information about job applicants or employees or require them to undergo genetic testing. What little evidence there is - the 2001 survey of the American Management Association - it is far from authoritative. Nonetheless, this survey reveals that some major U.S. firms acknowledge conducting genetic testing of employees. According to this survey, one percent of major U.S. firms test new hires or employees for sickle cell anemia, .4 percent conduct genetic testing for Huntington’s Disease, and 14 percent conduct medical examinations to detect susceptibility to workplace hazards (which the surveyors acknowledge might involve genetic testing). The three percent of major U.S. firms that perform testing for breast and colon cancer appear to be conducting genetic testing to assess predisposition to breast and colon cancer, rather than testing for presence of actual disease.

Most striking, this survey shows that 20 percent of major U.S. firms collect information about family medical history, a rich and important source of genetic information. After all, employers may be just as likely to decline to hire someone whose mother and sisters died of breast cancer in their 40s as they are to decline to hire someone who has actually undergone testing for the known genetic mutations that may indicate an elevated risk of developing breast or ovarian cancer.

One employer’s genetic testing policy recently made front page news and resulted in lawsuits brought by the U.S. Equal Employment Opportunity Commission (EEOC) and a union representing affected workers. The lawsuits challenged the testing as a violation of the ADA. The Burlington Northern and Santa Fe Railway required employees who developed carpal tunnel syndrome to undergo genetic testing - testing that the employer asserted would show whether the employee was predisposed to carpal tunnel syndrome. This testing was done without the employees’ knowledge. As part of an effort to eliminate or minimize the employer’s responsibility for workers’ compensation claims, the employer presumably intended to argue that the injuries of such “predisposed” employees were not sufficiently “work-related.” Respected leaders in the scientific community soundly denounced the genetic testing done by Burlington Northern as “junk science.” As a result of the publicity and lawsuits, the company stopped the testing and entered into a series of settlement agreements. Thus, the complex legal issues raised by this type of testing were not thoroughly hashed out in the courts.

A. The Americans with Disabilities Act (ADA)

The ADA was enacted in 1990 to protect people from discrimination on the basis of disability, and, because of its wide applicability, it is the most important federal law to consider when evaluating medical and genetic privacy in the workplace. It establishes a regime where access to medical information and use of medical information hinge on when the information is requested and the context in which it is used.

1. Collection of Medical Information and Conditional Job Offers

Under the ADA, employers are prohibited from requesting medical information about job applicants prior to an offer of employment. At this point, an employer is limited to collecting job-related information. But the rules change after an employer extends a “conditional” job offer, where such offer is contingent upon “passing” a medical examination. At this stage, employers are permitted to require a comprehensive medical examination and ask any medical questions. The employer also has the option of requiring the prospective employee to sign a blanket release authorizing his or her health care providers to provide the employer with a complete set of medical records. It is important to emphasize that employers do not need to conduct genetic testing programs in order to collect genetic information about prospective employees. All employers need to do at the conditional offer stage is require the signing of a blanket release authorizing others to disclose the individual’s medical records to the employer.

Medical examinations or inquiries at this “conditional offer” stage do not have to be related to the person’s ability to perform the job. This clearly results in employers collecting much more medical information than they need to assess the individual’s ability to perform the job.

The only aspect of the ADA that may operate to limit the frequency of open-ended post-offer medical exams or inquiries is the requirement that all entering employees be subjected to such examinations; the employer cannot pick and choose, arbitrarily or based upon some particular suspicion, which specific prospective employees shall be required to undergo the examination or answer medical questions.

While, theoretically, the employer is permitted to use this medical information to retract the job offer only if the medical examination shows that the person is unable to perform the essential job functions, the ADA only protects certain people from job discrimination: people with a current or former disability (or a record of such a disability) and those “regarded as” having a disability. The U.S. Supreme Court has consistently narrowed the scope of the ADA’s protections by limiting who fits within these disability-related categories, thus making it hard to stop an employer from using medical information to retract a conditional job offer. If the person does not fit within these narrowly defined categories, the ADA does not protect him or her. To fit within the “regarded as” prong, it is not enough to show that the employer retracted the conditional job offer because the employer perceived the person as having a disability. Instead, the person must show that a range of employers would have perceived the individual as having a disability, a difficult burden of proof indeed.

What does this mean for a healthy individual with a genetic predisposition to developing some sort of medical condition in the future? Although the EEOC takes the position that the ADA prohibits employers from discriminating against people on the basis of their predictive genetic information, it has become increasingly clear that this interpretation may rest on shaky footing. This interpretation of the ADA relies on the “regarded as” language in the ADA, which is supposed to protect people who are not presently or formerly disabled but are regarded as having a disability. A person who is not disabled, but who is genetically predisposed to have a medical condition in the future might, theoretically, be protected from discrimination under this prong of the ADA. Unfortunately, as a practical matter, people with predictive genetic information will not likely fare too well in ADA challenges because of the trend of court decisions in recent years eroding the ADA’s protections, especially the protections for people seeking protection under the “regarded as” prong.

2. ADA and the “Threat-to- Self” Issue

There is another aspect of the ADA that is relevant to whether employers can legally refuse to hire (or fire) people who have a genetic predisposition to developing some medical condition in the future. This aspect of the ADA would be relevant in circumstances where a person might develop a condition associated with a genetic mutation in response to some occupational exposure. In such a case, the employer might argue that working in the job poses a threat to the individual’s own health.

Under the ADA, an individual seeking the law’s protections must be qualified to perform the essential functions of the job. In June of this year, in Chevron v. Echazabal, the U.S. Supreme Court upheld EEOC regulations stating that a person who poses a danger to himself or herself in the workplace is not deemed qualified. The result is to give employers even more of an incentive to probe into the medical histories and medical status of new hires and employees. Employers have the green light, and in the wake of Chevron may perceive a heightened duty, to assess whether the individual might have some medical condition (or even a predisposition to getting a condition) that might be aggravated on the job. However, before making a hiring decision on the basis of such a perceived threat to the individual’s health, the governing regulations require the employer to assess the immediacy of the threat and the nature and significance of the threat.

VIII. CONCLUSION

In 1996, Congress began to protect the privacy of genetic information by including “nondiscrimination” provisions in HIPAA and by setting in motion the process that led to issuance of the HIPAA privacy regulation. But HIPAA and the ADA - even together - do not constitute a comprehensive approach to protecting the privacy of genetic information. Even in the insurance and employment sectors - the sectors impacted by these laws - much remains to be done. Bills pending in this Congress would build upon HIPAA, including the HIPAA privacy regulation, and upon the ADA to provide additional significant privacy protections for genetic information in the health insurance arena and in the employment sector.