While our culture is preoccupied with violations of consumer data privacy yielding targeted marketing for shoes, travel or food preferences, law and advertising firms are leading a more nefarious erosive charge on patient privacy. Unbeknownst to emergency room visitors, companies are setting up digital geofences around hospital perimeters that capture mobile phone entry to the premises. This initiates a cascade of events that allows marketing agencies hired by personal injury law firms, for example, to solicit patients directly with ads to their phone (while still in the ER). Though these ads can be cast while in a clinic or other medical locale, the system is sparked by arrival to the emergency room.
Think about that for a moment. Whether you voluntarily go to seek urgent health services or are taken there while unconscious, your most personal and vulnerable of life events is shared to strangers without your consent. When the choice becomes avoid the ER and risk your own or loved one’s life in an effort to preserve your autonomy, we as a society are opting for coercion as the rule of law.
And when it is directed to those most defenseless, decency has literally left the building. Digital or otherwise.
Or, thought another way. While health professionals are bound to strict standards under HIPAA laws and the oaths of medical practice, those drafting and imposing such laws are getting a pass and can violate the most basic of ethical principles that ought be also required of their profession. Since technology is advancing at breakneck pace, it is time for decency to prevail.
Geofencing, creating a virtual fence around a selected physical location, is now a mainstay of retail platforms. Despite the fact a federal agent or member of law enforcement would require a warrant to obtain such information on a citizen, companies can currently track your whereabouts no matter how sensitive and share them without penalty.
HIPAA federal privacy laws were designed to prevent such occurrences. Knowing a person is in that ER or office can disclose a particular condition without an individual’s knowledge or consent. This has major ramifications on whether a person will seek treatment - opting not to do so could further imperil them, even others depending on the medical problem.
NPR reports Massachusetts' attorney general, Maura Healey, was “the first in the country to go after geofencing technology catching people while they are seeking care.” Healey maintains
"Private medical information should not be exploited in this way...Especially when it's gathered secretly without a consumer's knowledge, without knowledge or consent." Her efforts successfully banished a digital firm from Massachusetts for being “unfair and deceptive" in their tactics likening the play to digital harassment, “We just want to make sure that companies aren't exploiting information in violation of existing privacy laws with respect to health information that's so sensitive."
States are playing catch up, creatively using existing consumer protection laws when possible, but as a whole are slow-walking curtailing the ramifications in the healthcare space. As a society, when battling disease is challenging enough, physically and emotionally, do we really want to be complicit in this form of externally imposed duress?
It is called the doctor-patient relationship for a reason, lawyers and marketing teams are not welcome in or around the exam room. When mobile phones are required for modern living (e.g. holding down a job), arm-twisting pressure and the resultant fear and anxiety it imposes does not need to become the fifth vital sign - we have seen with the current opioid crisis how well adding “pain” to that list has worked out. Violating the privacy of the most powerless - patients in distress - undermines civil society and can be a catalyst for catastrophic ends.
The stakes are too high to wait to make healthcare central to the privacy discussion. (See With Consumer Privacy Center Stage, Why Aren’t We Talking About Health Data?).