Amazon Health and Your Personal Data

We love Amazon for many reasons.  As the name suggests it’s a huge and veritable jungle, chock-full of fabulous finds and steep discounts. In addition, no one will ever argue the logistics are outstanding, same day shipping, fast and easy returns, no questions asked. With vast product variety and availability, there is virtually nothing you cannot find. If you are an all-in Prime subscriber like most, you can also get music and movies. 

As Amazon continues to expand, people are wondering “does Amazon sell your personal information?” The short answer is no, it doesn’t. The long answer is a bit more complicated. While Amazon doesn’t routinely sell customers’ personal data, it does share it with third parties. 

Why is all this important?  Amazon recently acquired one Medical™. If you have the app on your phone, you can now see Amazon Health as a menu item, click on it and you can sign up for virtual care through one medical™ along with some other health resources such as pharmacies and clinics, all at a competitive price given the host of available services. At the time of the sale, the Federal Trade Commission issued a statement that it would continue to watch whether the combined entity not only protects health data as defined by HIPAA but that it also obtains “consumers’ express affirmative consent” for using any such information for marketing purposes.  Amazon has assured everyone they will remain in compliance with this effort. But how will they do that? 

As we all know in healthcare, consent is routine for us. We go to the office, we get papers for HIPAA, we’re asked if it’s ok to leave voice mails and now, can we text you?   Now you can likely sign online.  We can also likely admit to ourselves after years of signing these forms, we’ve stopped reading it, even though there are requirements to update them periodically.  As noted by the FTC “Amazon and one Medical™ should make clear not only how they will use protected health information as defined by HIPAA but also how the integrated entity will use anyone Medical™ patient data for purposes beyond the provision of health care,”.  The FTC further noted that if companies’ privacy representations are deceptive, it will turn on the perspective of a reasonable consumer rather than the perspective of a HIPAA expert, essentially saying it should be understandable to the average consumer  

The benefits of integration cannot be argued.  What it does mean is that you need to be aware and careful with regard to what and to whom you provide consent. There are legitimate needs for sharing your data with a third party, specifically related to treatment, payment, and operations and this is allowed by HIPAA.  However, sharing your information with third parties for solicitation is not allowed EXCEPT if you provide explicit consent, so look (carefully!)  where that might be in the application!  



One Medical CEO pushes back on FTC data privacy concerns ( 




Renee Broadbent is Chief Information Officer at SoNE HEALTH.