Privacy concerns arise as Amazon Clinic’s policy requires patients to grant complete access to their health information, sparking criticism from advocates.
Amazon Clinic Uses a Hybrid Primary Care Company
In 2022, Amazon made waves with its $3.9 billion acquisition of hybrid primary care provider One Medical, which offers both in-person and virtual care, for its new telehealth service. One Medical operates in 25 cities, collaborating with local hospitals and health systems to deliver specialized care, according to its website.For an annual fee of $199, subscribers can access a telehealth platform featuring convenient virtual care, online appointment scheduling, and prescription renewals with insurance-covered service charges.
One Medical claims it distinguishes itself by providing more personalized attention to patients through reduced patient loads, enabling providers to dedicate ample time to each individual.
Patient Privacy Issue
To access Amazon Clinic’s services, customers must sign an authorization different from the familiar HIPAA authorization typically used in health care settings (pdf).Welch and Warren noted that the authorization implies patient information may be redisclosed, thereby losing the protection offered by HIPAA, a federal law safeguarding patient health data. Additionally, the form lacks transparency regarding the sharing and future use of patient data.
The senators also requested that Amazon provide a sample contract with third-party providers used by Amazon Clinic enrollees and clarify if data are shared with law enforcement. “Amazon Clinic customers deserve to fully understand why Amazon is collecting their health care data and what the company is doing with it,” they wrote.
Health care clinics fall into one of the most heavily regulated sectors of data privacy in the United States, Cobun Zwefiel-Keegan, managing director of the International Association of Privacy Professionals (IAPP) in Washington, D.C., told The Epoch Times. He said clinics should comply with consumer privacy best practices, sector-specific state laws, and federal regulations like HIPAA.
Amazon’s Response to Privacy Controversy
Amazon’s HIPAA authorization allows the retention of customer Protected Health Information (PHI), such as treatment plans and visits history, on behalf of Clinic customers to support their care, an Amazon spokesperson said in an email to The Epoch Times. “This authorization ensures that providers on Clinic can provide continuity of care,” the spokesperson added.For instance, if a customer’s previous provider is unavailable upon the customer’s return to Amazon Clinic, the HIPAA authorization allows the retention and sharing of the customer’s PHI with the new provider. This facilitates efficient and effective treatment without requiring duplicate information or past visit history.
Amazon Reportedly Delaying Rollout Over Concerns
Amazon has reportedly delayed the launch of a significant expansion of its Amazon Clinic telemedicine service due to Warren’s and Welch’s concerns about the company’s privacy practices, as reported by Politico. According to the news outlet, it obtained an email from a source with direct knowledge of the situation, revealing that Amazon will postpone a promotional campaign for three weeks until July 19.Holding Companies Accountable
“Policymakers are trending toward expanding the definitions of health data and biometric data to reflect the expanding capacity to make health-related inferences about people, even from seemingly non-health data,” Zwefiel-Keegan said. “The spread of AI and the increasing ease with which datasets are combined across contexts means it is becoming easier to spin straw into data gold.”“Companies are well advised to take note of this trend and implement enhanced safeguards for the wide range of health-related data,” Zwefiel-Keegan said.





