Breach Preparedness , Data Breach , Electronic Healthcare Records

Amazon's Healthcare Expansion: Analyzing Privacy Concerns

Two Attorneys Spell Out the Critical Issues the Online Retailer Now Faces
Amazon's Healthcare Expansion: Analyzing Privacy Concerns
Attorneys Jeffrey Short (left) and Todd Nova of the law firm Hall Render

Amazon is greatly expanding its healthcare activities. For example, it's nearing completion of its purchase of online pharmacy PillPack, and it has entered an employee health partnership with JP Morgan and Berkshire Hathaway. As a result, the online retail giant now will face a wide variety of important new privacy issues, say attorneys Jeffrey Short and Todd Nova.

As Amazon collects, analyzes and exchanges more healthcare data, it will need to navigate privacy and breach regulations at the state and federal levels, including HIPAA, the attorneys note in a joint interview with Information Security Media Group.

"With the [federal] government's efforts around the interoperability of electronic health records - and efforts a few years ago around electronic prescribing - Amazon is putting itself right in the middle of that," Short says. "With that massive amount of movement of health data, there is an increased opportunity for a data breach."

Regulatory Challenges

With its PillPack acquisition, Amazon potentially will need to work through critical regulatory considerations "that they're probably not used to," such as utilization tracking of controlled substances, Nova notes.

"There are various data reporting obligations [such as] to state controlled substance monitoring programs," he notes. If Amazon wants to offer one-stop shopping for any type of prescription drug, it will need to take action to protect against breaches as well as prepare to de-identify and aggregate data to fulfill various reporting and information sharing obligations, he explains.

"Amazon is inserting itself into some complex regulatory models and data transfer regimes," Nova adds.

In the interview, Short and Nova also discuss:

  • Other privacy and security issues tied to Amazon's pending $1 billion purchase of PillPack, which is slated for completion by the end of this year;
  • Potential privacy and security concerns for Amazon's partnership announced earlier this year with JP Morgan and Berkshire Hathaway to create a not-for-profit company aimed at lowering the healthcare costs of their employees;
  • Issues raised by the healthcare sector's ongoing consolidation.

At law firm Hall Render's Indianapolis office, Short's practice focuses on health information technology and privacy issues in the healthcare sector, including HIPAA compliance, software development, licensing and intellectual property.

As a healthcare attorney and shareholder at Hall Render's Milwaukee, Wis., office, Nova focuses on regulatory and compliance issues, including those affecting retail and mail order pharmacies. He previously was a systems integration consultant at PricewaterhouseCoopers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.