In Pursuit Of Healthcare Convenience, Patient Privacy Is The Battleground

In July 2022, Amazon announced its plan to acquire the tech-powered primary care organization One Medical, citing healthcare as “high on the list of experiences that need reinvention.” But reinventing healthcare relies heavily on patient data to drive more personalized patient experiences and optimal outcomes, and Amazon has had a trust problem. Let’s peel away the layers of Amazon’s latest move.

Mo’ Data, Mo’ Problems

When Amazon’s plans to buy One Medical are fulfilled, it will acquire somewhere between 10–15 years of patient data from One Medical. The two questions now on patients’ minds are “How will my data be used?” and “Who is Amazon going to share it with?” One could argue that One Medical is legally obligated by HIPAA compliance requirements to ensure the privacy and security of healthcare data. The counter argument is that HIPPA was created almost two decades ago, meaning it did not account for the prominence of health apps, data held by non-HIPAA-covered entities, and other unique patient privacy issues that are now sparking concerns among providers and patients.

Amazon’s own history with protecting customer data has been described by its former head of security as held together by “tape and bubblegum” and that the customer experience came “at the expense of everything else.” In 2021, Amazon was hit with a $887 million lawsuit by the European privacy watchdog for failing to comply with GDPR (the EU’s General Data Protection Regulation). Amazon is vowing to do better, however. A company spokesperson told CNBC that it “will never share One Medical customers’ personal health information outside of One Medical for advertising or marketing purposes of other Amazon products and services without clear permission from the customer.” The question is whether the retail giant has enough trust equity with customers/patients to realize its vision for reinventing the healthcare experience.

A Glimpse At A Possible Future: Patient Data At Work

Amazon/One Medical needs data to deliver on its goals. That means it’ll need to decide to either embrace convenience or prioritize privacy. Forrester data shows that consumers value a good customer experience (21%) over a brand’s security and privacy reputation (14%). Here are two possible scenarios for how Amazon could use patient data to delight customers:

  1. Drive personalized healthcare through a true 360-degree view of the patient (optimistic perspective). Healthcare is moving toward orchestrating a long-term loyalty and longitudinal relationship. The more information providers can gather on a specific patient, the easier it is to deliver seamless, proactive care. This is where Amazon and One Medical have not only unlimited opportunity but also a critical responsibility. By leveraging consumer profiles and security infrastructure, Amazon and One Medical can combine patient and consumer data to provide a greater view of the patient and in turn provide more individualized care. Patients who opt in will be able to share details, habits, and information that Amazon can potentially use to enhance patient experience and improve access to care. The caveat is, ethically, this would require Amazon to be explicit about what a personalized patient journey means and how it will use patient data to improve processes. With the trust imperative front and center in healthcare, this is paramount.
  2. Drive third-party marketing and advertising for company gain (pessimistic perspective). De-identified data removes all direct identifiers from patient data and allows organizations to share it without the potential of violating HIPAA. Examples of direct identifiers include a patient’s name, address, medical record information, etc. Today, Amazon shares de-identified patient data from Halo with third parties for marketing and advertising purposes. According to Halo’s privacy policy, Amazon shares aggregated, anonymized data about its programs with third parties to help improve the content it provides for Halo members using the service. It is possible that Amazon will take a similar approach for One Medical’s patient data. In fact, polling has generally shown that consumers are wary of large tech companies with regard to data privacy.

One Medical could be “another opportunity to gather up a huge cache of personal data to use that data and those relationships to further cement Amazon’s dominance,” according to the co-executive director of the Institute for Local Self-Reliance. While Amazon’s cross-industry tentacles give it the data to develop incredible insights about consumers, it can also use this data to find very precise ways to manipulate the consumer and the economy. A deeper dive into Amazon’s algorithms shows how it could use de-identified data from One Medical.

Now is the opportune time to explore what safeguards could be put in place for patients in an Amazon/One Medical paradigm. To learn more about patient privacy in the world of retail health disruption, follow this blog or schedule a call with us. We would love to speak with you!