Here is a great summary of a nefarious HIPAA circumvention from Geoffrey Fowler writing at the Washington Post:
The doctor will sell you now.
Your intimate health information may not be as private as you think if you don’t look carefully at the forms you sign at the doctor’s office.
There’s a burgeoning business in harvesting our patient data to target us with ultra-personalized ads. Patients who think medical information should come from a doctor — rather than a pharmaceutical marketing department — might not like that.
But the good news is, you have the right to say no. I’ll show you what to be on the lookout for.
Several Washington Post readers recently wrote to Ask Help Desk about a consent form they were asked to sign while checking in for a doctor’s appointment. Most of us just hurriedly fill out whatever paperwork is put in front of us, but these eagle-eyed readers paused at this:
'I hereby authorize my health care provider to release to Phreesia’s check-in system my health information entered during the automated check-in process … to help determine the health-related materials I will receive as part of my use of Phreesia. The health-related materials may include information and advertisements related to treatments and therapies specific to my health status.'
But Phreesia doesn’t just make money by selling its software to doctor’s offices. It also has a business in selling ads to pharmaceutical companies that it displays after you fill in your forms. And it wants to use all that information you entered — what drugs you take, what illnesses you’ve had in the past — to tailor those ads to your specific medical needs.
I can understand why pharmaceutical companies might want this. The ads remind you to ask your doctor about whatever drug they’re pushing right before you go into the exam room. With access to your data, Phreesia can ensure that its advertising messages are shown to the most receptive audience at the moment they’re seeking care....