Do Tech Giants Violate HIPAA by Tracking Trends?

Original story posted on: September 16, 2020

The Social Dilemma of Health (SDoH).

In March 2018, the world was shocked when it became public knowledge that Cambridge Analytica, a company based in the United Kingdom, had used data from Facebook to impact the presidential election in the United States. It turned out that they had also provided data to the groups supporting Brexit in the U.K.

It should not be a surprise that Facebook had shared data on its users for profit. Facebook said they allowed some access to Cambridge Analytica, but the company had used survey questions to hack into Facebook data, in a manner not intended by Facebook. I am dubious about this claim. The old saying in technology is that if the product is free, then the user is the product. 

The business models of Facebook, Twitter, Instagram, and TikTok are similar in that the service to users is free. Companies that wish to advertise on these platforms get the benefit of placing the user’s eyeballs on screens where advertisements are seen. 

First, advertisers get access to the age, race, sex, and lots of other demographic information on the people that click on the advertisers’ “landing pages” from the social media platform. This is the information companies get when you simply access their site. 

Media companies like Facebook also know what social groups you joined and, critically, with whom you are connected. They create user “profiles” with various amounts of sensitive data. 

In the case of Cambridge Analytica, they obtained 87 million Facebook user profiles. Included with these profiles were Facebook pages each user “liked.” Also included in the profiles were the user’s date of birth and location.     

In the case of Google, in exchange for answering users’ Internet searches, the company has information not just on what was searched for, but in many cases, on every location users have been, sometime for years.

Let’s go back to our first observation about social media companies. Users are the product. While Facebook apologized for the Cambridge Analytica breach, what they didn’t say was that they had stopped collecting and selling this data in some fashion.    

In the case of healthcare, I ask the question: does having data, even if it is saved in grouped data, violate the Health Insurance Portability and Accountability Act (HIPAA)? If the manufacturer of a drug used to treat hemophilia knows the number of people searching for its drug by ZIP code, directly or indirectly, does this violate at least the spirit of HIPAA? 

I understand that Facebook and Google hope you believe that they do not maintain data at an individual level. They say that the data they sell to advertisers excludes individual data. I would argue that by simply reviewing enough of the data they sell, advertisers could match data to individuals. This is how collection companies perform “skip tracing:” finding people to collect unpaid accounts. 

I think it is time to look at how much data technology companies have that may constitute a violation of HIPAA. I also think it is time not to consider just individual data, but how data summarized into grouped data may violate HIPAA.  

Timothy Powell, CPA CHCP

Timothy Powell is a nationally recognized expert on regulatory matters, including the False Claims Act, Zone Program Integrity Contractor (ZPIC) audits, and U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) compliance. He is a member of the RACmonitor editorial board and a national correspondent for Monitor Mondays.

This email address is being protected from spambots. You need JavaScript enabled to view it.

Related Articles

  • CDC Declares Racism a Public Health Threat 
    The CDC stance finally affirms how serious a threat racism is for population health.   The date of April 8 is important in my world: not only is it my beloved grandmother’s birthday (for the record, she would have been…
  • SDoH: Eviction Moratoriums Extended to June 2021
    Loopholes in rental and lease agreements may force individuals and families into crowded living situations. I value when our Monitor Monday and RACmonitor  listeners reach out to me on social media; many did after last week’s broadcast and article on…
  • Kaiser Family Foundation Brief Highlights Ongoing Employment, Poverty Challenges
    More people are expected to struggle with ongoing hardships. There continues to be considerable news focused on ongoing health disparities and inequities. First, the Kaiser Family Foundation recently released a report titled One Year in the Pandemic: Implications of COVID-19…