We’ve heard the news of Big Tech getting slapped with fines over anti-trust lawsuits for sharing consumers’ personal information to target adverts. Circle of Legal Trust will break down how these companies are ravaging consumers’ privacy, data security, and personal information to make millions of dollars.
Telehealth Companies Sell “Protected” Personal and Health Data to Big Tech and Data Brokers for Adverts
WorkIt Health, the most trusted provider of telemedicine opioid and alcohol treatment, came under serious scrutiny after its users came to know how the company used their “protected” health information.
Millions of Americans trusted WorkIt Health with their opioid and alcohol treatment and would receive a video consultation allowing them to receive prescription medications such as suboxone.
Many people did not know that WorkIt Health was sharing their deepest sensitive and secret personal information in the form of electronic health records with Facebook, which would exploit such data to promote products and services. WorkIt Health was not the only company violating customer trust by giving big tech companies personal and health data access.
Investigative Research Reveals Top 50 Telehealth Companies Spreading Electronic Health Records
STAT and The Markup, an American nonprofit news publication, launched a joint investigation into 50 direct-to-consumer telehealth companies where the findings would shock most readers.
No matter how confidential your information the telehealth companies want you to believe is, it comes with a hidden cost: leaking customer medical data to large advertising companies.
Out of the 50 companies, more than 35 sites forwarded patient data, including personal information and sensitive health data, to media and advertising companies. Almost all of them had trackers from various companies, including Meta, Google, TikTok, and other large tech companies.
Companies Have Control over All the Data Mining, and There’s Nothing You Can Do About It
Companies can choose where they want trackers on their websites and how they can configure them. Different pages on a company’s website may have trackers, with some websites sharing URLs and IP addresses to link particular information to a person or a household. These details alone should scare anyone!
STAT and The Markup completed forms for 50 telehealth sites using fictional accounts and dummy details to determine the type of data shared with other companies. The investigation used several internet tools, one of which included Chrome DevTools, that allowed the investigation to examine network traffic between trackers.
The investigation findings revealed that WorkIt Health sent personal information and responses about self-harm and drug/alcohol use to Facebook. According to the results, the following are the top tech companies that received data from telehealth companies for various purposes:
- Google (47 sites)
- Facebook (44 sites)
- Bing (27 sites)
- TikTok (23 sites)
- Snapchat (15 sites)
- Pinterest (11 sites)
- LinkedIn (9 sites)
- Twitter (7 sites)
The investigation revealed companies that collected a wide range of information from websites that sell anything, including addiction treatments and antidepressants. When STAT and The Markup shared their findings with the 50 telehealth companies, WorkIt Health responded quickly, stating that they changed its use of trackers. An email sent by a WorkIt Health representative mentioned how the company took the privacy of its patients seriously.
Meta’s spokesperson also responded to the findings stating that advertisers should refrain from using Meta’s business tools in such a way.
Health Insurance Portability and Accountability Act Does Not Regulate Telehealth Companies
Although some advocates who practice health law favor sharing data, according to healthcare experts, sharing sensitive information with big tech companies threatens patients’ privacy and could even violate business laws. If you’re wondering what the Health Insurance Portability and Accountability Act does about such companies, they don’t do anything because they don’t regulate telehealth companies, leaving an ethical grey area that such businesses exploit.
When sharing confidential information with telehealth companies, patients believe their data is safe and protected by privacy regulations administered by Health Insurance Portability and Accountability Act (HIPAA). For example, when you sign up to WorkIt Health and fill out their forms, you’ll come across a section that promises to keep confidential information safe and private through the company’s HIPAA-compliant software.
One of the primary reasons patients use such online services is because they believe they’re receiving the privacy they need pertaining to their health concerns. However, the reality is far more complex. It is challenging for the average user of such websites to know whether or not the company they’re providing their data to safeguards such information.
On an individual basis, we believe that such information must receive all privacy, and companies should safeguard it with their life since that’s what they promise. But in reality, companies state that they don’t legally have to protect health information, and they take advantage of the grey area of the law where HIPAA does not have much or any jurisdiction.
Telehealth companies act as middlemen that connect patients with affiliated providers covered by HIPAA. What that means is that HIPAA does not cover these telehealth companies, so they can pass it on to anyone they like, but information received by the affiliated providers receives protection under HIPAA.
Being the middleman is the grey area that telehealth companies enjoy and make money off. The illusion of reasonable protection and privacy is enough for many patients to share their sensitive information and medical concerns, creating a serious privacy risk that can be dangerous for the average consumer.
These tech companies that introduce tracking software for website owners always defend their products and pass the blame onto the user. For example, when STAT and The Markup approached the tech giants, they stated that website owners are responsible for not sharing confidential information using their business tools. But aren’t these tools primarily built for such purposes?
Some tech companies, such as Google, are always quick to let you know that they’re “investigating into the matter,” giving you a false sense of hope that something positive might come out of the investigation. In most cases, nothing ever comes out of it.
Telehealth startups have raised billions of dollars by capitalizing on the promise to keep your identity and sensitive information confidential. During the pandemic, the promise of a private prescription process skyrocketed, with Hims & Hers now becoming one of the largest American telehealth companies that sell prescription and over-the-counter drugs online, which is currently valued at over a billion dollars.
Ro, a telehealth company that connects patients with US-licensed healthcare professionals all online and a competitor to Hims & Hers, has recently raised over a billion dollars, with investors valuing the company at a whopping $7 billion. Thirty Madison, which operates many different telehealth companies, is worth over a billion dollars.
Is the premise of providing privacy and safeguarding confidential information the secret to success in creating multi-billion dollar telehealth companies in the United States? Somewhat but not entirely. You see, the industry’s rapid growth is mainly attributed to the tools used by telehealth companies, such as pixels that allow for data collection and targeting advertisements across the internet activity according to the patient’s target audience. For example, those patients who visit telehealth companies that provide prescriptions for sexual disorders such as erectile dysfunction (ED) will often find ED products advertised to them on various websites they visit throughout the day.
Visiting telehealth companies specializing in a single niche, such as mental health disorders or sexual disorders, gives advertisers access to the patient’s health and allows for effective advertisements. Answers to online questionnaires required by telehealth companies provide a broad range of valuable health and personal information, which is even more insidious as patients do not expect their private information to circulate among advertisers.
Forget about Health Care Data Protection, as Data Sharing Has Become the Norm
When you visit Thirty Madison’s Cove, they require you to fill out a form with personal data, health information, and family history. But, most patients who fill out these forms do not know that Thirty Madison’s Cove sends the information to Google and Facebook.
If a user adds a medication to their car and checks out, these tech companies receive private information such as full name, contact details, and even emails.
Even though these companies hash data, it does not stop them from identifying you and linking the personal information to your Facebook profile.
It’s how the internet works. It’s not just Facebook that carries out such unethical practices but the entire internet, which has become a victim of monetization plays. Health experts are most concerned about how these companies use personally identifiable information and sensitive data to target ads for products and services that patients may not even require or that may be dangerous to their health.
Although these tech companies argue that they do not target advertisements for particular health concerns, and that may be true (in line with their usage data policy), they have keywords and use terms close that are close proxies for health conditions.
Crackdown on Big Tech and Others over Privacy Concerns Seems like a Slap on the Wrist
Recently, regulators have begun a crackdown against telehealth companies and their indiscriminate collection and selling of private personal and healthcare information.
In July 2022, the Federal Trade Commission (FTC) warned such companies to refrain from unethical practices and selling patients’ health information to advertisers. Soon after, the FTC sued Kochava, an industry leader in mobile app attribution and analytics, alleging that the company failed to protect its consumer’s location data and sensitive health information, putting them at risk. In response to the suit, the company countersued FTC and requested the court to dismiss the complaint.
Kochava is not the only company under scrutiny in recent years. The FTC and other federal organizations slapped Meta with multiple lawsuits for breach of consumer information. Meta, over the years, has paid billions of dollars in fines against anti-trust lawsuits and continues to do so, suggesting that sharing personal information is more profitable to the company. They would rather pay fines than stop such unfair and unethical practices.
How Big Tech Is Destroying Personal Privacy and Medical Security: Key Takeaways
Big tech companies like Google, Facebook, and Apple are wreaking havoc on personal privacy and medical security. Through their massive data collection efforts, they are collecting and storing information about users’ activities, preferences, and personal information. This data is often used to target users with targeted ads and influence their behavior, making it difficult for them to protect their privacy.
Additionally, these companies are increasingly collecting and analyzing medical data, which can be used to manipulate or exploit individuals in ways they are unaware of, leading to a lack of autonomy and control over one’s medical information and can have far-reaching implications for medical decisions and treatments.
Also, these companies may not always have adequate security measures to protect this data, leaving it vulnerable to hacking, data breaches, and other malicious attacks.
Talk to Circle of Legal Trust
There is no single data protection act but a jumble of data legislation that can make it confusing to know your rights. If you’ve suffered injuries due to a data breach, contact us at (888) 494-5015 for a free consultation with our legal experts. We can help review your case and guide you on the applicable laws.