Burda on Healthcare: I Think Your Personal Health Information Alarm Is Going Off

I’ve probably checked hundreds of boxes that said I read, accept and/or agree to a company’s privacy policy. Have I read any of the policies? Not a one. I’m taking a leap of faith that a company that says it will protect the privacy and security of my personal information and won’t share my data with a third party will do what it says. I never think twice about it because I don’t have the time to worry about it.

The recent announcements by Apple and Amazon about their healthcare ambitions, though, do make me wonder if I should worry about it.

An Apple a Day

By now, you’ve heard or read that Apple last month released what essentially is its strategic plan to penetrate the healthcare industry. You can download the 59-page plan here. Apple said it wants to diversify into a healthcare company by pursuing initiatives on two tracks:

1. A “direct to consumer” track featuring personal health and fitness devices and technologies like the Apple Watch.
2. A “direct collaboration” track with the medical community featuring new tools to help researchers make scientific discoveries, meaningful data to strengthen the physician-patient relationship, collaborations with healthcare organizations to promote healthier lifestyles and support for public health and government initiatives.

Sprinkled liberally throughout the report are reminders from Apple that it will protect the privacy and security of your protected health information, or PHI.

For example: “Our features put our users’ privacy at the center and provide users with protections including transparency and control. Data privacy is critical for sensitive health data.”

Or this one: “Health data can be some of the most personal data people have, and in keeping with Apple’s belief in privacy, we design all of our products and services so users are in complete control of their data. Health app data is never shared with any third party without the user’s explicit permission.”

Add to Your Cart

You’ve also probably heard by now that Amazon is buying One Medical, the direct-to-consumer primary-care company, for $3.9 billion. You can download the press release from Amazon about the acquisition here.

I read the press release several times, and I couldn’t find any mention of Amazon protecting the privacy and security of the PHI of One Medical patients. But I wasn’t the only one who was thinking about that issue given Amazon’s data-driven insights into my online-buying habits.

In this Perspective in the Washington Post by columnist Geoffrey Fowler, Amazon Vice President of Corporate Communications Dan Perlet tells Fowler, “As required by law, Amazon will never share One Medical customers’ personal health information outside of One Medical for advertising or marketing purposes of other Amazon products and services without clear permission from the customer.”

From my perspective, the problem with what Apple and Amazon said is that they will give consumers the choice of whether the companies can share their PHI. There is no bigger cheerleader for healthcare consumerism than me. But, if most consumers are like me, no one is going to read the fine print before they check a little box agreeing or accepting the companies’ PHI privacy policies.   

“I’ve found again and again, lots of companies find completely legal ways to grab intimate health data for marketing and other purposes with ‘consent’ few patients realized they were giving,” Fowler said in his WAPO piece.

Uncomfortable Consumers

I’m not the only one getting itchy as my technology, online purchasing and healthcare worlds collide.   

Last month, the American Medical Association released the results of a survey of 1,000 patients on data privacy. You can download the survey results here.

More than two-thirds of the surveyed patients — 67.4 percent — said they were the “least comfortable” with big technology companies having access to their patient data. That was second only to social media sites at 71.2 percent. Prospective employers were third at 62.9 percent. Further:

• 80 percent of the respondents said they want to be able to “opt-out” of sharing some or all of their health data.
• 75 percent of the respondents said they want to be able to “opt-in” before a company uses any of their health data.
• And 75 percent of the respondents said they want to be able to receive requests prior to a company using their health data for a new purpose.(Like that third one would ever happen.)

“Patient confidence in data privacy is undermined as technology companies and data brokers gain access to indelible health data without patient knowledge or consent and share this information with third parties, including law enforcement,” said AMA President AMA President Jack Resneck Jr., M.D., in a prepared statement.

The self-serving part of the AMA survey is the fact that patients said they were most comfortable with their doctor’s office having access to their PHI, cited by 75.2 percent of the respondents. Hospitals and health systems were second at 64.2 percent.

Data Breaches Are Costly

But you have to be careful what you wish for. Healthcare organizations that house all that PHI makes them rich targets for cyber criminals who covet single data sources for personal information like names, addresses, phone numbers and social security numbers.

Last month, IBM released an independently-conducted research report from the Ponemon Institute that said the average cost of a data breach in the healthcare industry was $10.1 million in 2022. That’s up from $9.2 million last year. You can download the report here.

Healthcare experienced the highest cost of any of the 17 industries tracked by Ponemon. The financial services industry was a distant second at $5.9 million per data breach. Technology companies like Apple were fourth at $4.9 million, and retail companies like Amazon were 14th at $3.3 million, if you consider Amazon more of a retailer than a tech company.

By the way, the Ponemon report was 59 pages long. Just like the Apple strategic plan. Coincidence?

Will any of this stop me from checking my heart rate, heart rhythm and blood oxygen level on my Apple Watch? No. Will any of this stop me from ordering ink cartridges or hard-to-find strike plates for really old bedroom doorframes on Amazon? No.

But when an Amazon cart page suggests that I could see a One Medical cardiologist virtually within the next 24 hours for $19.99 because of a potential AFib reading on my Apple Watch, I’m signing out.

Thanks for reading.