A health tech company that helps streamline hospital and clinic check-ins has raised eyebrows for its practice of using patient data to create ultra-targeted advertising, with experts arguing language about such policies should be clearer, according to a Washington Post column published June 13.
Software company Phreesia is used in more than 2,000 clinics and hospitals across the country for more than 100 million check-ins annually. According to a statement from Phreesia provided to Becker's, the company says it never sells patient data to third parties. The Post column reported that instead of selling data, it mines it to create targeted adverts on its own system without passing it to others, which it is allowed to do, given it is not covered under HIPAA law.
However, some argue that its policies should be marked out clearly, so that patient understanding is prioritized, as it isn't immediately clear that data sharing is optional. The company declined to tell the Post what percentage of its patients decided to opt-out.
"Everybody who is trying to get you to a secondary use of your data should be required to have clear understandable consent," said Arthur Caplan, a medical ethicist at NYU Grossman School of Medicine. "You should know what you’re opting into and out of. None of this fine-print stuff."
Phreesia did accept that it could make its data sharing policies clearer.
"The way that we gather consent, that is an ongoing project and we're open to your feedback on that," David Linetsky, head of Phreesia's life sciences advertising unit, told the Post. "I think that there is room to probably make it clearer and do that in sort of plainer language and prominently at the top."
"We give patients the option to authorize the use of their data to show them relevant health information. We make it clear they can decline to authorize the use of their data, and that declining doesn’t affect their ability to complete their check-in," it said in a statement to Becker's. "They can also revoke their authorization at any time."
Also under recent scrutiny for patient data privacy, a new report shows that trackers have been detected on some hospital websites have been collecting users' information and sharing it with Facebook.