Do Tech Giants Violate HIPAA by Tracking Trends?

The Social Dilemma of Health (SDoH).

In March 2018, the world was shocked when it became public knowledge that Cambridge Analytica, a company based in the United Kingdom, had used data from Facebook to impact the presidential election in the United States. It turned out that they had also provided data to the groups supporting Brexit in the U.K.

It should not be a surprise that Facebook had shared data on its users for profit. Facebook said they allowed some access to Cambridge Analytica, but the company had used survey questions to hack into Facebook data, in a manner not intended by Facebook. I am dubious about this claim. The old saying in technology is that if the product is free, then the user is the product. 

The business models of Facebook, Twitter, Instagram, and TikTok are similar in that the service to users is free. Companies that wish to advertise on these platforms get the benefit of placing the user’s eyeballs on screens where advertisements are seen. 

First, advertisers get access to the age, race, sex, and lots of other demographic information on the people that click on the advertisers’ “landing pages” from the social media platform. This is the information companies get when you simply access their site. 

Media companies like Facebook also know what social groups you joined and, critically, with whom you are connected. They create user “profiles” with various amounts of sensitive data. 

In the case of Cambridge Analytica, they obtained 87 million Facebook user profiles. Included with these profiles were Facebook pages each user “liked.” Also included in the profiles were the user’s date of birth and location.     

In the case of Google, in exchange for answering users’ Internet searches, the company has information not just on what was searched for, but in many cases, on every location users have been, sometime for years.

Let’s go back to our first observation about social media companies. Users are the product. While Facebook apologized for the Cambridge Analytica breach, what they didn’t say was that they had stopped collecting and selling this data in some fashion.    

In the case of healthcare, I ask the question: does having data, even if it is saved in grouped data, violate the Health Insurance Portability and Accountability Act (HIPAA)? If the manufacturer of a drug used to treat hemophilia knows the number of people searching for its drug by ZIP code, directly or indirectly, does this violate at least the spirit of HIPAA? 

I understand that Facebook and Google hope you believe that they do not maintain data at an individual level. They say that the data they sell to advertisers excludes individual data. I would argue that by simply reviewing enough of the data they sell, advertisers could match data to individuals. This is how collection companies perform “skip tracing:” finding people to collect unpaid accounts. 

I think it is time to look at how much data technology companies have that may constitute a violation of HIPAA. I also think it is time not to consider just individual data, but how data summarized into grouped data may violate HIPAA.  

Print Friendly, PDF & Email
Facebook
Twitter
LinkedIn

Timothy Powell, CPA, CHCP

Timothy Powell is a nationally recognized expert on regulatory matters, including the False Claims Act, Zone Program Integrity Contractor (ZPIC) audits, and U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) compliance. He is a member of the RACmonitor editorial board and a national correspondent for Monitor Mondays.

Related Stories

Leave a Reply

Please log in to your account to comment on this article.

Featured Webcasts

Leveraging the CERT: A New Coding and Billing Risk Assessment Plan

Leveraging the CERT: A New Coding and Billing Risk Assessment Plan

Frank Cohen shows you how to leverage the Comprehensive Error Rate Testing Program (CERT) to create your own internal coding and billing risk assessment plan, including granular identification of risk areas and prioritizing audit tasks and functions resulting in decreased claim submission errors, reduced risk of audit-related damages, and a smoother, more efficient reimbursement process from Medicare.

April 9, 2024
2024 Observation Services Billing: How to Get It Right

2024 Observation Services Billing: How to Get It Right

Dr. Ronald Hirsch presents an essential “A to Z” review of Observation, including proper use for Medicare, Medicare Advantage, and commercial payers. He addresses the correct use of Observation in medical patients and surgical patients, and how to deal with the billing of unnecessary Observation services, professional fee billing, and more.

March 21, 2024
Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets

Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets

Explore the top-10 federal audit targets for 2024 in our webcast, “Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets,” featuring Certified Compliance Officer Michael G. Calahan, PA, MBA. Gain insights and best practices to proactively address risks, enhance compliance, and ensure financial well-being for your healthcare facility or practice. Join us for a comprehensive guide to successfully navigating the federal audit landscape.

February 22, 2024
Mastering Healthcare Refunds: Navigating Compliance with Confidence

Mastering Healthcare Refunds: Navigating Compliance with Confidence

Join healthcare attorney David Glaser, as he debunks refund myths, clarifies compliance essentials, and empowers healthcare professionals to safeguard facility finances. Uncover the secrets behind when to refund and why it matters. Don’t miss this crucial insight into strategic refund management.

February 29, 2024
2024 ICD-10-CM/PCS Coding Clinic Update Webcast Series

2024 ICD-10-CM/PCS Coding Clinic Update Webcast Series

HIM coding expert, Kay Piper, RHIA, CDIP, CCS, reviews the guidance and updates coders and CDIs on important information in each of the AHA’s 2024 ICD-10-CM/PCS Quarterly Coding Clinics in easy-to-access on-demand webcasts, available shortly after each official publication.

April 15, 2024

Trending News

Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →

SPRING INTO SAVINGS! Get 21% OFF during our exclusive two-day sale starting 3/21/2024. Use SPRING24 at checkout to claim this offer. Click here to learn more →