Senators Demand Answers on Amazon Clinic’s Data Privacy Policies

Senators Demand Answers on Amazon Clinic’s Data Privacy Policies

June 26, 2023

In recent weeks, Amazon’s foray into the healthcare industry with its low-price health service, Amazon Clinic, has garnered attention from lawmakers and privacy advocates. Concerns have been raised about the potential intrusion on patient privacy and the way Amazon collects and uses customer data. Democratic Senators Peter Welch (D-Vt.) and Elizabeth Warren (D-Mass.) penned a letter expressing their privacy concerns on Amazon Clinic’s use of customer data and demanding answers about the platform’s data practices. The letter comes amidst news that Amazon is delaying the launch of a significant expansion of its Amazon Clinic telemedicine service due to the raised privacy concerns.

Amazon Clinic data privacy policies questioned by senators

Senate Investigation on Amazon Clinic Data Privacy Leads to Delayed Expansion  

Amazon had planned to announce a 50-state launch of synchronous care, providing treatment via live video before the event was delayed over lawmakers’ concerns. An Amazon spokesperson denied there was any “delay as a result of an external inquiry.” However, information from a direct source obtained by POLITICO says that the company is pushing back the promotional campaign until July 19 due to the senators’ concern on Amazon Clinic’s use of customer data. The two senators released a joint statement saying they hoped that the delay “is a sign that Amazon has taken our concerns about data collection and use practices seriously.”

Does Amazon’s Low-Cost Health Service Have a Hidden Price?

Amazon Clinic, introduced by the tech giant, offers users affordable access to healthcare by allowing them to communicate with clinicians through online messaging and receive prescriptions for various medical conditions at a mere $30 fee. The service has been available in 33 states, operating on asynchronous care. Patients fill out a form to receive treatment for conditions like urinary tract infections, acid reflux, pink eye, emergency contraception, and birth control. The convenience and low-cost appeal of Amazon Clinic have attracted users, but the hidden cost of privacy has raised significant alarm bells.

Senators Demand Answers on Amazon Clinic’s Data Privacy Policies

HIPAA Compliance and Patient Rights on Amazon Clinic Raises Concerns

The Washington Post investigated the legal form that Amazon Clinic requires patients to sign and showed that it revealed troubling aspects. Patients are asked to authorize the “use and disclosure of protected health information,” granting Amazon access to their “complete patient file.” The information may be “re-disclosed,” voiding its protection under the Health Insurance Portability and Accountability Act (HIPAA). This specific authorization form has raised eyebrows as it seemingly pushes patients to waive some of their federal privacy protections, leading the Electronic Privacy Information Center (EPIC) lawyers to express their concerns.

Senators Demand Answers on Amazon Clinic Data Privacy

Senators Peter Welch and Elizabeth Warren cited The Washington Post’s investigation and the legal form’s implications in a letter to Andy Jassy, Amazon’s President and CEO. The letter may be viewed on Sen. Welch’s website. The senators expressed concerns that Amazon Clinic is “harvesting” health data from patients. They asked for a detailed explanation of the data collected, its usage, and whether any data is being used to promote or sell other Amazon products or services. The letter highlights the need for transparency and clear communication to ensure patients understand how their data is being utilized. It also references a previous case where the Federal Trade Commission fined a digital pharmacy, GoodRx, $1.5 million for similar findings.

Senators Demand Answers on Amazon Clinic’s Data Privacy Policies

Amazon’s Defense On Data Privacy Concerns

In response to the privacy concerns, Amazon has defended its data practices. A spokesperson quoted on POLITICO stated that their data is protected by privacy practices and complies with HIPAA. 

“Amazon Clinic has stringent customer privacy policies, and complies with HIPAA and all other applicable laws and regulations. We’re focused on building products and services that our customers love, and we look forward to continuing to bring Amazon Clinic to even more customers to help address their everyday health care needs,” the spokesperson said. 

Potential misuse of health information

Amazon’s potential misuse of patient health information raises valid concerns. While the company denies using customer data for unauthorized purposes, the authorization form’s lack of clarity about specific intentions should raise apprehension among privacy advocates. There are concerns that data could be used for upselling other services, targeted marketing for Amazon’s advertising business, building artificial intelligence, patient-risk models, or even shared with third-party providers, potentially leading to data privacy violations.

The need for strong privacy protection in healthcare

The case of Amazon Clinic underscores the need for strong privacy protections in the digital age. Patients benefit from limitations on what data tech companies can collect and use, safeguarding their most sensitive health information. Waiting for abuse to occur before taking action is not a solution. Instead, clear regulations and laws should be in place to address the challenges posed by digital businesses and emerging technologies.

Prioritizing Privacy in Healthcare

As Amazon expands its presence in the healthcare industry, the importance of trust and privacy protection cannot be understated. The senate investigation on Amazon Clinic data privacy, along with the delayed launch of Amazon Clinic’s expansion, reflect broader anxieties about data privacy and its potential misuse.

Patients need clear and transparent communication about how their data will be used and assurance that their privacy is protected. As digital health services evolve, regulatory frameworks should be in place to safeguard sensitive health information and ensure that patient privacy remains a top priority.

Kent Cañas

Kent is a content strategist currently specializing in HIPAA-compliant online fax. Her expertise in this field allows her to provide valuable insights to clients seeking a secure and efficient online fax solution.

More great articles
is doximity hipaa-compliant
Is Doximity HIPAA-Compliant?

Is Doximity HIPAA-compliant? Find out if this medical networking platform meets the necessary security and privacy standards required by HIPAA.

Read Story
Protecting Patient Privacy: HIPAA Consent Best Practices
Protecting Patient Privacy: HIPAA Consent Best Practices

Find answers to some frequently asked questions regarding HIPAA consent rules, patient rights, and provider responsibilities.

Read Story
critical RCE vulnerability in Paceart Optima
Critical RCE Vulnerability in Medtronic Paceart Optima System: Mitigation and Security Recommendations

A critical RCE vulnerability has been found in the Medtronic Paceart Optima System, a possible target for cyberattacks.

Read Story
Subscribe to iFax Newsletter
Get great content to your inbox every week. No spam.

    Only great content, we don’t share your email with third parties.