Senators Demand Answers on Amazon Clinic’s Uses of Customer Data

Posted by Steve Alder

Two Democratic senators have demanded answers from Amazon about how it uses the data of customers of Amazon Clinic after an investigation by the Washington Post revealed individuals wishing to enroll in Amazon Clinic are required to sign away some of their privacy rights in order to use the service.

Amazon Clinic was launched in November 2022 and provides virtualized healthcare services. Amazon advertises the service as “a virtual healthcare storefront through which telehealth services are offered,” with those telehealth services provided by third-party healthcare providers. The Washington Post was contacted by a reader who requested an investigation of Amazon Clinic over the terms and conditions of its sign-up form. When enrolling for Amazon Clinic, users are required to provide consent to allow the use and disclosure of their protected health information. The form states that after providing consent Amazon will be authorized to have access to a complete patient file, may re-disclose information contained in that file and that the information disclosed will no longer be subject to the HIPAA Rules. While the terms are voluntary, individuals have no option of using Amazon Clinic if they do not agree to the terms and conditions.

Senators Peter Welch (D-VT) and Elizabeth Warren (D-MA) recently wrote to Amazon’s President and Chief Executive Officer, Andy Jassy, and expressed their concern that Amazon may be harvesting the health data of Amazon Clinic customers. The senators have demanded answers about how Amazon uses customers’ health data and whether Amazon is using the data collected from Amazon Clinic customers to sell them other Amazon products or services.

The form provided by Amazon Clinic is essentially a HIPAA Authorization, which is required by HIPAA-regulated entities before any disclosures of protected health information are possible that are not expressly permitted by the HIPAA Privacy Rule. The HIPAA Privacy Rule also prohibits conditioning care on signing an authorization to disclose patient information. The senators point out that the HIPAA authorization that Amazon Clinic customers are required to sign does not state how patient data will be used or shared. Essentially the signing of the authorization form gives Amazon full access to customers’ health data and allows the information to be used and redisclosed as Amazon sees fit. Amazon Clinic’s terms and conditions state that customer data is not used for any purposes that its customers have not consented to, yet no information is provided about why customer health data is collected and how that information will be used.

The senators explained that the Federal Trade Commission (FTC) recently fined telehealth provider GoodRx for failing to inform consumers that their health data was disclosed to third parties for advertising purposes, and in addition to paying a financial penalty, GoodRx has been prohibited from using manipulative methods – termed dark patterns – to obtain users’ consent to use and share their health information. “Amazon Clinic customers deserve to fully understand why Amazon is collecting their health care data and what the company is doing with it. Congress is also evaluating legislative efforts to protect health data in the context of emerging technologies,” wrote the senators.

The senators have asked Amazon to provide further information on its privacy practices by June 30, 2023, including a sample of the contract between Amazon and the third-party telehealth providers that have signed up with Amazon Clinic, a list of data elements collected from consumers that sign up for the service, a list of the data elements that are shared with other entities within Amazon Group, and a list of all uses of health data. Amazon was also asked whether any collected health data is used by its analytics and algorithms or for marketing, is sold to third parties, or is provided to federal, state, or local law enforcement authorities.

The post Senators Demand Answers on Amazon Clinic’s Uses of Customer Data appeared first on HIPAA Journal.

Why You Should Invest In HIPAA Compliance: Free Webinar Next Week

Posted by Steve Alder

Are you aware that it is possible to implement your HIPAA compliance in such a way as to provide a return on investment? Whereas, putting HIPAA compliance on the back burner can be detrimental to the organization.

Everyone knows that running a healthcare business is expensive. HIPAA-regulated entities have a ton of things to get done to ensure the organization runs smoothly and the highest possible standards are maintained.

Different departments within organizations will seek investment to cover the cost of any additional hardware, software, and staff required. With so many competing priorities, budgets are usually stretched. Nevertheless, investments like these can result in significant improvements to operational efficiency and productivity.

Webinar: HIPAA Pays Off: Why You Should Invest in Compliance

Would you like to understand how you can recoup some or all of your HIPAA compliance costs?

The HIPAA compliance specialists, Compliancy Group, will be hosting this webinar to explain why you should invest in HIPAA compliance and how it will benefit your organization.

Attendees will learn how and why investing time and money into HIPAA compliance can result in a positive year and will be provided with real-life examples of HIPAA-regulated entities that have invested time and money into their HIPAA compliance programs and reaped the benefits.

Thursday, September 14, 2023

11:00 a.m. PT ¦ 12:00 p.m. MT ¦ 1:00 pm CT ¦ 2:00 pm ET

Host: Compliancy Group

Speaker: Liam Degnan, Compliancy Group, Director of Strategic Initiatives

Use the form on the right to register for the webinar

The post Why You Should Invest In HIPAA Compliance: Free Webinar Next Week appeared first on HIPAA Journal.