Amazon Clinic, Amazon's new virtual care offering, gives Amazon access to complete patient files and tells users that their health information "may be re-disclosed" during sign-up, The Washington Post reported May 1.
During a users' sign-up process for Amazon Clinic, patients must consent to their information possibly being re-disclosed, according to the Post. In addition, Amazon Clinic's website mentions that if patient information is redisclosed, it "will no longer be protected by HIPAA."
Amazon Clinic, which asks users to enter personal information such as photographs of conditions, could use health information for other purposes such as marketing, although the Post report found no evidence it is doing so.
Christina Smith, spokesperson for Amazon, said the company doesn't use consumer data for any purposes in which the consumer doesn't consent to.
But under Amazon Clinic, it tells users that it can use their data "to facilitate services from other providers."
"HIPAA authorization does not seek consent for the use and disclosure of [personal health information] for HIPAA marketing purposes, and we don't use the data that way," Ms. Smith said.
Amazon doesn't make this distinction on its privacy page for Amazon Clinic, however, according to the Post.
This means user information could be disclosed to other medical providers — or to any business that wants to provide services to its users.