Personal Health Records: PHRs and Marketing

 Report home | Read the report (PDF) | Previous section | Next section


Perhaps the biggest single concern about commercial PHRs is the possibility that a consumer’s health information will leak into the marketing system. The terms under which a PHR operates could allow the sale or rental of consumer information in the same way that magazines, catalog companies, magazines, charities, or other merchants and activities share information with limited or no consumer knowledge or consent. Consumers generally have some sense about how readily companies and agencies pass personal information around, but they do not expect the same kind of sharing when it comes to personal health information.

HIPAA generally prevents use or disclosure of health information for marketing purposes. There are a few mostly unremarkable exceptions to the marketing prohibition, and some definitional issues cloud the picture. Nevertheless, the HIPAA marketing prohibition mostly mirrors what people expect. Physicians’ ethics prevent them from selling lists of identifiable patients to pharmaceutical manufacturers or to markets, and the HIPAA rule makes those sales legally improper.

However, the marketing prohibitions of HIPAA do not apply to PHRs that are not offered by covered entities. A 2007 study of PHR privacy policies conducted for the Department of Health and Human Services found that only 3 percent, or one in 30, of PHR privacy policies stated that explicit consumer consent was necessary prior to the vendor sharing any of the data in the PHR (See R. Lecker et al, Review of Personal Health Record (PHR) Service Provider Market, Jan. 5 2007 at 7. Meanwhile, none of the PHR privacy policies analyzed in the study expressly named the PHR vendor’s data partners, third parties, or other secondary uses of the PHR data, or whether the data was de- identified or not. Even if a PHR vendor states that it does not share information with marketers without consent, it may be still be easy for the vendor to induce consumers to give consent without actually realizing what they are doing.

Why would a PHR vendor want to disclose information for marketing purposes? The answer is simple: money. Many PHRs are free to consumers. Who is paying for the service? In some cases, it might be an employer or health plan. However, for other PHRs, marketing and advertising are the only or the primary sources of revenue. Under those conditions, commercial PHR companies can find many ways to share consumer information with marketers. The extensive sharing of consumer information – whether identifiable or not – is a standard revenue source for many Internet activities.

One example of the demand for patient information may be seen by looking at pharmaceutical manufacturers. These companies generally do not know who their customers are. They cannot find out because medical ethics and HIPAA prevent doctors and pharmacists from sharing the names of those who have prescriptions. The manufacturers work hard to find information through other methods. They want to know who uses their drugs and who uses a competitor’s drug. To find out, the companies may offer coupons for free or discounted medicine that requires consumers to provide names and addresses. Companies may offer magazines for people who have a particular disease. They may have toll-free numbers for people to call. Companies may also use websites to obtain the names and survey information from consumers. Any information that manufacturers obtain – or any other marketers for that matter – is theirs to keep, use, and disclose as they please because no American privacy law typically applies.

Even if a PHR vendor solemnly swears that it will not provide consumer information to marketers, any PHR that allows advertising on its website may facilitate the disclosure of the information anyway. Here’s a scenario that may apply in some cases. Let’s assume that advertisers want to place their ads where it will do the most good. For example, a company advertising birth control pills will not pay to place its ads where men will see them. The PHR vendor can make sure that the ad only appears on pages viewed by women, and it can do so without disclosing any personal information about the women who see the ad. The advertiser knows that anyone who saw the ad or clicked on it is registered on the website as a female.

A PHR vendor can target ads more narrowly so that they appear only to 50-plus year-old white males with diabetes, an annual income over $75,000, and a health plan that pays for drugs. The targeting itself may not disclose any personal information, depending on how it is done. However, when the user clicks on the ad, the advertiser can often infer that the user has certain the specified characteristics. If the advertiser can identify the user because of a previously set “cookie,” because of the user’s static IP address, because of another behavioral tracking activity, or because the user casually provides a name or email address to obtain more information, the specified information about the consumer can pass to a third party advertiser. The advertiser may then use the information, disclose it to others, share it with commercial data brokers, or do anything is pleases because no privacy law typically applies and because it is not typically subject to the PHR’s privacy policy.

Regardless of the PHR’s policy on marketing disclosures, advertising can provide a method for a consumer’s health information to escape into marketing files. Marketers already have millions of names of consumers categorized by specific diseases and diagnoses. Most of the information comes from consumers who provided it in response to “consumer surveys” or through other stealthy methods for collecting health information for marketing use. Health records maintained by health care providers have been unavailable to marketers directly, but commercial PHRs operated outside of HIPAA offer marketers the promise of more and better health information from consumers.

Advertising-supported PHRs are not necessarily likely to support or allow strict control over consumer information or to fully and readily tell consumers how personal information may be shared. Many PHRs will only succeed if they can sell advertising, and advertisers will seek as much detailed information about PHR clients as they can obtain. Wheedling consent from consumers for the profitable sharing of records is something that some PHRs are likely to try. Casual clicks or agreements by consumers may release the health records they have uploaded irretrievably to marketers, data brokers, and others. Many consumers may not be aware of the sophistication of how targeted marketing technologies and practices operate online or in other arenas.



Roadmap: Personal Health Records – Why Many PHRs Threaten Privacy: II. Discussion – PHRs and Marketing


 Report home | Read the report (PDF) | Previous section | Next section