Amazon’s Virtual Health Clinic Raises Patient Privacy Issues

On November 15, 2022, retail giant Amazon announced the introduction of a medical service called Amazon Clinic in 32 states that will provide virtual health care for more than 30 common health conditions such as allergies, acne, and hair loss. Providers will be diagnosing and treating patients on their smartphones through texting.

The company is working on absorbing One Medical, a human-centered and technology-powered provider of primary care. “One Medical members benefit from a dedicated relationship with their provider, a friendly and convenient in-office experience, and ongoing engagement via a dedicated app,” according to Amazon’s website. The Amazon Clinic follows the opening of Amazon Pharmacy, where patients can get their medication delivered to their door quickly, in just 2 days for “Prime Members,” if not sooner.

Such innovations in health care delivery raise concerns about patient privacy and HIPAA compliance. Andrew Tomlinson, Director of Regulatory Affairs at the American Health Information Management Association (AHIMA), noted that HIPAA focuses on the provider, not the technology solution. HIPAA states that providers are considered covered entities if they “transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard.”

“Federal privacy and security baseline standards should be developed for the protection of health information held by data holders outside of the scope of HIPAA,” Tomlinson said “Standards should take into account the data holder’s size, scope, activities, and sensitivity of the health information collected, used, and maintained as well as risk of inappropriate disclosure and misuse.”

Text-based medicine may make health care more convenient and accessible. Anyone can get a quick interaction with a clinician for a common health concern, according to Amazon. The Amazon Clinic is basically a message-based virtual care service that connects patients with virtual care options when and how they need it. Patients are allowed to choose their preferred provider from a list of reportedly licensed and qualified telehealth providers. Next, they complete a short intake questionnaire. Patients and clinicians connect directly through a secure message-based portal, giving them the flexibility to message their clinician anytime and anywhere. After the message-based consultation, a clinician sends a personalized treatment plan via the portal, including any necessary prescriptions to the customer’s preferred pharmacy.

“While we don’t know everything about how Amazon Clinic functions, they do state in their HIPAA Authorization that they are ‘in compliance with federal privacy laws, including HIPAA,’ and have stated in their FAQs that they are using HIPAA compliant technology. So, whether a patient interacts with Amazon Clinic via a phone, tablet, or computer, Amazon Clinic has stated it is a HIPAA-covered entity,” Tomlinson said.

How Amazon decides to manipulate and exploit the data may not become apparent for many years, he noted. Other concerns include the extent to which the data collected through Amazon Clinic will be used companywide. These data are highly valuable to the company’s retail arm. “AHIMA favors the development and passage of comprehensive federal data privacy,” Tomlinson said. “Some health apps entering the market exist outside of HIPAA, and comprehensive data privacy legislation would hopefully close those gaps.”

Federal privacy and security baseline standards should be developed to protect health information held by data holders outside of the scope of HIPAA, he added. In 2021, Amazon was slapped with a record $886.6 million (746 million euros) European Union fine for processing personal data in violation of its General Data Protection Regulation (GDPR) rules.

Soumitra Bhuyan, PhD, MPH, an accreditation fellow for the Commission on the Accreditation of Healthcare Management Education, said timely access to care is a long-standing issue in America and this is probably just one of many such virtual clinics to pop up. “These clinics mainly offer services for minor health issues, which may reduce our dependence on emergency departments. Patients will appreciate the speed of communication,” Dr Bhuyan said.

In the event of a natural disaster and power outage, texting-based medicine may be highly beneficial. However, there is significant concern about privacy rights and inferior care due to the adoption of virtual clinics. “When a health care provider does not see the patient in person, there is always a risk of misdiagnosis,” Dr Bhuyan said. HIPAA laws do not prohibit texting, so health care providers must be careful when transmitting confidential medical information to patients.

It is expected that text-based medicine clinics will be popular and there will be many clinicians adopting care via a text message. “It will continue to grow as we try to find ways to improve access to care and make healthcare more convenient,” Dr Bhuyan said. “It has the potential for patient-provider communications and patient engagement with the care plan and medication. More than diagnosis and treatment, except follow-up care, texting-based medicine will be used to improve patient engagement with the care plan and medication.”

This article originally appeared on Renal and Urology News