Amazon's PillPack acquisition gives it access to sensitive health information

Amazon recently purchased online pharmacy startup PillPack, giving the e-commerce giant access to information about people's health conditions and sparking privacy concerns, The Wall Street Journal reports.

Amazon already collects its customers' personal data by analyzing their purchasing behaviors — a practice that is legal among marketers. As it looks to mine data on its PillPack customers, Amazon will face tougher regulations. Laws like HIPAA ensure medical information is collected and stored in a highly secure manner, and gives patients the rights to their own health data. Its a federal regulation much stricter than Amazon is accustomed to. 

"Prescription drug information is highly personal information — it can tell if someone has cancer, if they have a sexually transmitted disease," Julie Roth, a healthcare regulatory attorney with Spencer Fane LLP, told WSJ.

Moreover, companies can't sell patient data. They can, however, share that information with marketers, provided the patient consents.

Still, some argue patients may not realize what they are consenting to, since consent could be given by simply checking a box at the bottom of a privacy disclosure.

"Nobody reads the notice of privacy practices," said Ryan Stark, senior privacy attorney with the law firm of Page, Wolfberg & Wirth. He added that Amazon may need to keep PillPack separate from the rest of its business or else ensure its data collection practices comply with HIPAA across the board.

An Amazon spokesperson told WSJ it will comply with HIPAA and other regulations. In January 2018, the company began fielding applications for a HIPAA compliance lead, but it is not clear whether that job listing had anything to do with its PillPack acquisition.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars