The Future of Healthcare Could Be a Privacy Nightmare
The Amazon healthcare effort and CVS-Aetna merger raise lots of questions.
Andrew Harrer/Bloomberg via Getty Images; Christopher Dilts/Bloomberg via Getty Images
Update 10/10/18: The Justice Department has approved the $69 billion merger of CVS and Aetna on the condition that Aetna sell its Medicare Part D drug plan business; Aetna announced on September 27 that it had already reached an agreement to do so. The Washington Post reports that the merger will allow CVS to turn its locations into medical hubs for basic care.
Last Tuesday, Amazon, JP Morgan, and Berkshire Hathaway announced that they were coming together to do…something related to healthcare for their 1.2 million employees and could possibly expand to the public. We don’t know whether they’ll provide health insurance, offer health clinics at company buildings and/or Whole Foods stores, or just use their size to negotiate better prices with existing insurance companies.
Despite the fact that we have next to zero information about what AmazonCare would actually be, the news still sent healthcare stocks falling and led to optimistic predictions and double-takes from doubters. And it has been freaking me out for the past week.
Why? Millions of Americans are hooked on Amazon and its two-day shipping. We use it to order toiletries and home supplies, watch movies, and even get our groceries delivered. The site recommends products to you based on your order history. If the parent company is somehow involved in healthcare, it’s not that hard to imagine a world in which Amazon would use people’s health data to suggest products—or even actively try to stop people from buying “unhealthy” things.
Is that imagined scenario something that could actually happen or more Black Mirror territory? I talked to a few privacy and health law experts about Amazon—as well as CVS, since CVS pharmacy and health insurer Aetna announced plans to merge in December. While that deal is still pending, it’s also a privacy minefield of healthcare-meets-retail. Initially, they made me freak out even more, but they also reminded me that there are still a lot of unknowns.
I asked Frederik Zuiderveen Borgesius, a privacy researcher and at the Free University of Brussels, what privacy issues could arise if a company like Amazon, with loads of purchasing data, were to offer its own health insurance. “We could think of some pretty scary hypothetical scenarios,” he says. “You could imagine that if you buy too much unhealthy stuff, some company that also offers health insurance—depending on the law—that they could say your premium goes up.” On the other hand, if you buy a lot of healthy foods, maybe you get a discount on your plan.
Peter Swire, a privacy expert at the Scheller College of Business at Georgia Tech and the White House coordinator for the Health Insurance Portability and Accountability Act (HIPAA) privacy rule under President Clinton, says HIPAA wouldn’t govern information that’s imported from outside sources, like your Amazon purchase history.
“As far as I can tell, the Amazon website could use its information about the customer to inform its health insurance affiliate about the customer,” Swire says. “In other words, I’m not aware of rules that stop data from outside the healthcare system from being used by the health insurance company.” It would come down to state laws, he says. (For what it’s worth, Amazon is said to be hiring a health privacy expert.)
Watch More from VICE News:
And hypothetically, a company that acts as both a health insurer and a grocery store could try to get people to buy healthier foods, Zuiderveen Borgesius says. “Some people would say that’s cool because you’ll live healthier, other people would say it’s scary. I see both points.”
He compares it to car insurance companies that offer discounts if you let the company monitor your driving. Progressive and State Farm do this in the US; State Farm uses a mobile app while Progressive offers an app or a plug-in device for your car.
Granted, people consent to this tracking in exchange for saving money. Amazon users would not have to consent in order for their shopping data being sent to an Amazon-run health insurance company, at least not under HIPAA rules. The company could make this optional to assuage privacy fears (which you might feel particularly sharply if you’re ordering things like pregnancy tests and prenatal vitamins), but Zuiderveen Borgesius says you could question how freely given such consent would be.
“At some point people start realizing, ‘if I don’t opt in then I make myself suspicious.’ If 80 percent or 50 percent of the people say ‘yes, monitor my grocery shopping,’ because people know they are healthy shoppers anyway, then everybody who doesn’t opt in for whatever reason—for instance because they care about privacy—they look suspicious,” he says. “They’ll basically look like an unhealthy eater.” (This is not a perfect system either: If people buy lots of healthy food at the grocery store but hit up Amazon for, say, their favorite European chocolate, that’s an incomplete picture of what they’re eating. “They could profile you incorrectly,” Zuiderveen Borgesius says.)
“Probably the safest way to go about it is to have separate databases, separate companies that don’t mix this information,” he says. The joint news release said it would be an independent company and Bloomberg reported that group is looking for a CEO for its health venture so at the very least, it does seem like it would be a separate entity. Amazon did not respond to Tonic's emailed requests for comment.
In my above gummy bear example, in which Amazon is making a recommendation based on a user’s health history, Amazon would actually need consent—Karen would have to opt in to sharing her medical records with the retailer in order for Alexa to know that she has, say, diabetes, and to tell her to order something else.
If Amazon had that authorization, it would be able to use people’s health information to nudge them toward specific products, says I. Glenn Cohen, a Harvard Law School professor who specializes in health law policy and editor of the forthcoming book Big Data, Health Law, and Bioethics. And, no, an Amazon health insurance company could not require people to provide their health information to the site in order to get coverage, Swire says.
“I emphasize again, we’re building hypothesis on hypothesis here,” Borgesius says. “I don’t think they even know themselves what they’re going to offer. The press release just looks like the three parties came together and agreed that there’s a problem and are going to see whether they can do anything about it. It’s completely unclear what they will do.”
Instead of insurance, the company might go the route of opening pharmacies or health clinics in Whole Foods stores, which it owns as of August. Pharmacies are subject to HIPAA rules, as are any clinic that takes health insurance; a Whole Foods health clinic would have to not accept insurance (e.g. people pay totally out of pocket for care) in order to get around the privacy rules.
Here’s where the CVS-Aetna merger differs from the Amazon venture and why it scares me: If the deal goes through, the pharmacy/retail clinic chain and the health insurer will literally be the same company, which makes data sharing between the branches a lot easier.
“It would no longer be third-party [data] sharing that requires affirmative consent from the patient,” Swire says. Still, there are HIPAA rules that companies must follow for internal data use, like only sharing the minimum amount necessary and only sharing with people who need access to do their jobs.
CVS shoppers know that they’re likely to be bestowed with no fewer than five coupons on the end of their receipt. If you have Aetna insurance, could the coupons on your receipt be targeted based on your medical history or your visit to a CVS Minute Clinic? The answer is yes, unless your state prohibits “kickbacks” or inducements to purchase health services or supplies.
“Typically there are not such state laws,” says Mark Hall, professor of law and public health at Wake Forest University. “So, what you describe could happen in many states,” for people who have Aetna insurance.
I asked Cohen and Hall about a hypothetical scenario in which someone with Aetna insurance declines an HIV test at their annual physical—could CVS print them a coupon for an at-home test? The same answer applies: It depends if your state has anti-kickback laws, but also some states give special privacy protections to HIV tests, Cohen says. Hall added that mental health conditions are often protected as well.
When reached for comment, Carolyn Castel, vice president of corporate communications for CVS Health, provided the following statement:
Protecting personal health information is a top priority for CVS Health to best serve and retain our customers. Aetna will be an integral part of CVS Health; however, it will run as a separate business. It will have the proper protections and divisions to ensure the confidentiality of patient information. We operate today with firewall protections, and are comfortable with how to obtain efficiencies while also protecting patient information.
Like Zuiderveen Borgesius said, some people might find super-targeted coupons or product recommendations helpful, while others will think they’re creepy. If recent news is any indication, this debate over shopping data will be part of our new healthcare reality.