We came across a great article written by Abha Bhattarai that we are sharing below on the topic of maintaining privacy and security.
Read more about Amazon's move into the healthcare industry and how this affects corresponding organizations and personal data below.
We are interested in generating some discussion on this topic in our Healthcare Privacy Community. Please visit this space to join the conversation.
Amazon.com on Tuesday announced a joint partnership with Berkshire Hathaway and JP Morgan to create an independent health-care company for their employees, putting an end to months of speculation that the technology giant was eyeing a foray into the medical industry. It’s yet another endeavor for the company, which last year spent $13.7 billion to enter the grocery business with its acquisition of Whole Foods Market. (Jeffrey P. Bezos, the founder and chief executive of Amazon, also owns The Washington Post.)
But as the online retailer expands into new industries — cloud computing, drones, tech gadgets, moviemaking and now health care — some privacy experts say the company’s increasingly dominant role in our lives raises concerns about how personal data is collected and used. What happens, for example, when a company that has access to our weekly shopping lists, eating habits and in-home Alexa-based assistants also becomes involved in our medical care?
“Amazon already has huge amounts of our data — we give it to them in exchange for two-day shipping,” said I. Glenn Cohen, a Harvard Law School professor who specializes in health law policy. “But what happens when you add in actual health-care data? Many people are already concerned about who has access to that information, and this exacerbates those concerns.”
Amazon declined to comment for this report. Its announcement comes a week after the company opened its cashier-less supermarket, Amazon Go, to the public. In place of cash registers, the store has a network of cameras, scanners and infrared sensors that allow the store to automatically charge customers for items they place into their bags.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) prohibits health insurance companies and other entities from sharing personally identifiable medical data. There are also federal restrictions on using medical data for marketing purposes or to make lending decisions by banks. But, even if the new joint venture is subject to HIPAA rules, experts said there are exceptions to exactly what is covered.
“The law covers traditional health insurance and provider health care, but it doesn’t cover many of the other sources of health-related data that today’s technology generates,” said Peter Swire, a professor of law at Georgia Tech University and White House coordinator for HIPAA under President Clinton. “It doesn’t cover, for example, the books you buy about health care or the many fitness and health-care apps you may have on your phone.”
He and others added that even if companies aren’t collecting — or sharing — medical records, there are a number of other ways a patient’s habits and history could be used to glean important information about their health. (There are also signs that Amazon is considering possible privacy concerns: It recently posted a job opening on its site for a HIPAA expert who can “own and operate the security and compliance elements of a new initiative.”)
“You could say, ‘This patient uses our system to book doctors’ appointments six times a year,’ and compare that with that person’s purchase history to make certain connections,” said Cohen of Harvard. “Non-healthcare data can often be a rich source of information.”
Companies could also market cold and flu medicines to someone who always books doctor’s appointments at the beginning of flu season, he said, or recommend obstetricians to a shopper who recently ordered pregnancy tests or prenatal vitamins.
Research shows that increased access to patients’ medical records and history reduces the cost of health care. But it also raises privacy concerns, particularly as companies use predictive technology to guess which patients may end up with a certain illnesses or chronic disease, said Idris Adjerid, an assistant professor who specializes in health technology and privacy at the University of Notre Dame’s Mendoza College of Business.
“Amazon is a data-centric company that’s good at artificial intelligence and machine learning, so it doesn’t take much to see that that’s what they’ll bring to the health-care industry,” he said. “It’s all very tantalizing, but there is also a constant tension between the pros of predictive health-care data and the challenges.”
And although the joint venture is initially being formed to serve employees of Amazon, Berkshire Hathaway and JP Morgan, some analysts said the implications could be even bigger if — and when — the service is extended to the broader population.
“So much of this is unknown right now, but ultimately it would not surprise anyone if they start as a nonprofit health-care provider for 1.2 million employees, and in a few years, add it as yet another Amazon Prime benefit for general consumption,” said Stephen Beck, managing partner at New York consultancy cg42. “If we look down the road a few years, the obvious concern is data and privacy.”