5 privacy concerns for Amazon's healthcare efforts

A number of privacy issues will arise as Amazon continues its push into the healthcare space, Hall Render attorneys Jeffrey Short and Todd Nova told BankInfoSecurity.

Here are five privacy concerns Amazon faces, according to Mr. Short and Mr. Nova:

1. With Amazon's acquisition of PillPack and its partnership with JPMorgan Chase and Berkshire Hathaway, the e-commerce giant is becoming a hybrid entity, Mr. Short explained. HIPAA lays out rules that entities with multiple functions must follow, meaning Amazon needs to create barriers around each of its operations to ensure that health information doesn't pass from one business area to another.

2. HIPAA permits pharmacies to de-identify patient information and make it available elsewhere. This means Amazon could acquire demographic intelligence about people that take certain medications and use it to draw conclusions about their purchasing behaviors, leading to more targeted marketing practices. The information could flow in a similar way from Amazon into the pharmacy.

3. Mr. Nova adds that these issues are not unique to Amazon — companies like Express Scripts and CVS also have mail-order pharmacy operations and are subject to the same regulations. However, he notes, that Amazon's scale makes regulatory oversight more challenging.

4. Privacy protections already exist for group health plans similar to Amazon's venture with Berkshire and JPMorgan. However, what makes their initiative different is its potential to offer multiple covered functions. This means the venture must know where patient information comes from, how it is used and how to properly transmit it. It is possible the venture could turn employees' data into protected health information, or it could remove identifiers so HIPAA doesn't apply.

5. Another privacy concern with the Amazon, Berkshire and JPMorgan venture involves what information an employer can provide to the insurance side of its operations to better manage employee health, Mr. Short said. This could involve social determinants of health, and there are rules and regulations governing ways to bring these data points together.

Click here to access BankInfoSecurity's full interview with Mr. Short and Mr. Nova.

More articles on cybersecurity:

Man guilty of 2014 hacking of Boston Children's Hospital computer network
SamSam ransomware has extorted $5.9M from victims since 2015
Hackers deface a Kaiser website

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months