CVS Comes Up With More Legal Mumbo Jumbo Relative to Privacy And HIPAA To Allow More Access to Data For Sale, Offering a Mere Pi
Posted Aug 21 2013 5:06pm
Here we go again with the data selling epidemic, and when you think about it, what generates all of this today, money. In this case it’s more data for sale and the ability to query additional data bases. I have said many times that Walgreens makes about a billion a year on selling data only and of course one would guess that CVS is right up there with them. They all do it. I said a while back that we needed to take HIPAA out of the HHS silo and republish the provisions in other areas to easy access for consumers is there. We have a lot of new entities now that fall under the provisions of HIPAA, so this makes perfect sense.
Again I tell folks if you don’t understand the privacy statements, then don’t go there if you don’t have too. I realize there are incentives and sometimes it’s difficult when the dollar amounts are substantial. We just had one grocery chain in California, Albertsons, get rid of the their cards for collecting data. Now don’t think they are totally good guys here with dropping this entirely, it’s probably just that they found a cheaper way to get data and analyze it. Cerberus Capital Management just bought the grocery/drug chain not too long ago and I might guess it could be cheaper to buy Visa and MasterCard records from the banks and run queries, like the insurers do. We have no real regulation here so we end up with “laws with no balls”…you can read below where I wrote about this blinding lack of a path to regulate and thus now we have CVS looking at the legal wording here trying to get around HIPAA in a “legal verbiage” way to selling more data.
Christopher Steiner says it pretty well in this video about “algorithms taking over the world” and the verbiage here with CVS is to allow more algorithms to operate “legally” but still screw you as a consumer. Again when you see that Walgreens is up around a billion a year for “easy money” from algorithms that mine, query and sell, you can pretty well figure out why the manufacturing tangible business in the US suffers with everyone flipping algos for profit. If you want more on how some of this works, visit the Algo Duping page for more on models and studies that are tweaked and created for profit only with no concern of how the end consumer is affected.
Here’s how insurers like Blue Cross and United use the data they purchase and I might add too that United cuts a few fat hogs with selling data and they have been doing it longer than most. Why keep an entire group of data scientists on board when you can buy the data and not worry about collecting it yourself and of course this means more money for the banks.
See how your purchases other than prescriptions can be queried with other purchases you make in the store and one could look at a person being a diabetic and buying a candy bar for a simple example, however that candy bar might not be for you but when they query data, they assume it is for your consumption and this is the danger here with data telling stories that might not be realistic and true.
Time for a path to regulate data sellers as this game will go on and on with the data scientists that can figure out how to have an algorithm function without violating any English or other language as it is written, it’s all in the interpretation which is pretty scummy anymore as there can be many interpretations just as there can be many models, and thus so we need digitally centric laws and need to starting licensing (and taxing ones who profit) with selling data. This is the biggest crock of garbage out there and they call this “law”? Better start looking at the models as that’s what CVS is crafting here and see how much new data they can suck in for sale.
Next time HIPAA laws are reviewed and rewritten, better get some technologists and quants on board to find the loopholes up front before the lawyers figure out how to create additional privacy statements that continue to dupe. The current FTC deal about collecting data is totally useless as well. Government should hire some quants that can tell them how this works soon! It’s a technology farce that hurts all of us. BD
Since February, CVS Caremark has been pushing its pharmacists to enroll customers in a prescription-drug rewards program.
The benefit to customers is the opportunity to earn up to $50 a year in store credits that can be used to buy shampoo, toothpaste or other products.
The benefit to CVS is persuading pharmacy customers, through questionable means, to give up federal privacy safeguards for their medical information and permitting the company to share people's drug purchases with others.
"It's very troubling," said Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse in San Diego.
Walgreens and Rite-Aid have their own rewards programs for prescription drugs . But officials at each company said they don't require customers to relinquish federal privacy protections.
Among the site's frequently asked questions for the program is, "Why do I need to sign a HIPAA Authorization?"
The answer: "The HIPAA Authorization allows CVS/pharmacy to record the prescription earnings of each person who joins the ExtraCare Pharmacy & Health Rewards program."
That last step is where you encounter a screen saying you acknowledge that "my health information may potentially be re-disclosed and thus is no longer protected by the federal Privacy Rule."
CVS takes the liberty of assuming you know that HIPAA and the "federal Privacy Rule" are one and the same, although it has nowhere made the connection clear.
What is it about CVS' program that necessitates customers abandoning their federal privacy rights? CVS isn't saying.
But $50 worth of store credits is hardly fair compensation for such a marketing prize.