It may be well past Halloween, but this week I saw something that turned my skin white with fright.
For a second, try and imagine getting a mailing or an email from a healthcare system, payer, or pharmaceutical company addressed to you about a condition that you have. Or imagine logging on to your patient portal and seeing an advertisement for some hospital-sponsored preventive measure that somehow pertains to you or your family’s history. Imagine targeted ads in healthcare and perhaps you’ll get as scared as I was the first time I watched the 1978 classic, Halloween.
What got me intrigued on this topic was a recent report from The Columbus Dispatch that spotlights two healthcare systems that are mining patient data to send out certain mailings about various preventative measures they should take and programs they should participate in. OhioHealth, a seven-hospital system, and Mount Carmel, a four-hospital system in the Columbus area, are the two systems in question.
The impressively thorough report says OhioHealth has used the data to send out mailings to those patients with heart disease or a history of heart disease. Mount Carmel sends patients reminders on “mammograms, colorectal screenings, health fairs and seminars on joint replacement.”
As the article notes, nothing about this is illegal. Both systems are encrypting the patient data and it doesn’t violate HIPAA (The Health Insurance Portability and Accountability Act of 1996).
Targeted ads have recently been a source of debate in the world of search and social media, specifically with Google and Facebook. Even healthcare providers, who have paid for advertisements to appear on Facebook for people in their area, have gotten embroiled in this controversy.
The world of online targeted ads in healthcare is not a novel concept. Ethical debates over whether using patient data to market a healthcare system’s services is the right thing to have been going on for several years in various platforms. In 2003, the federal government said that in the case of healthcare systems using this data for purpose of furthering or managing the treatment of an individual, such as directing them to treatments, is exempt from HIPAA’s stern marketing rule.
Even though there is a fine line that must be walked, which the providers seem to acknowledge in The Dispatch piece, this practice is done quite a bit. The article cites a report from health IT vendor, Medseek (Birmingham, Ala.), that says 25 percent of hospitals are using customer-relationship marketing (CRM) techniques. Another study had it at about 20 percent.
With the rapid adoption of EHRs and easier access to this data, I bet this number will increase over time. There may be too much temptation. Call me a cynic, but I think even “secure” patient portals, will be used as a platform for CRM.
As I said, there is technically nothing with this practice. It’s perfectly legal. Yet, something about it doesn’t feel right. Hospitals and healthcare systems will say they are doing this for the betterment of the patient. Who am I to question their intentions?
It’s a fair argument and I understand most hospitals have a limited marketing budget. I just feel there is an ethical responsibility from providers to tell patients in advance and at the least, give them the chance to opt-out. Actually, in a perfect world there would be an opt-in scenario. Of course, that’s about as likely as Christmas in July.
Patients concerns and fear for the privacy of their data is one issues facing health IT leader. Targeted ads thanks to EHRs and other digital health patient information? That will likely make patients like me downright spooked.
Would love to hear what our readers think of this intriguing debate. Leave comments below or on Twitter (@HCI_GPerna).