Actually your doctor could sell every bit of medical they want to, just like CVS. But just like CVS, they'd have to get your permission. Unlike CVS, they don't have this frequent shopper card that nobody ever reads the fine print.
It was the Twilight Zone, and the title was "To Serve Man".
| > CVS now sells your personal medical info to drug companies | > for marketing purposes, if you buy any drugs from CVS. Your | > doctor can't legally do that, but there's no law about CVS | > selling their business records. Privacy regulations, which were | > never important before computers, simply haven't caught | > up. And they may not, given the power of lobbyists. Selling | > data and targetting ads is already a massive industry. If | > you think of CVS and imagine how many similar cases there | > may be, there's a good chance that companies like | > LexisNexis know more about you than you do... far more. | > Their memory is perfect. | > | > | Actually your doctor could sell every bit of medical they want to, | just like CVS. But just like CVS, they'd have to get your permission. | Unlike CVS, they don't have this frequent shopper card that nobody ever | reads the fine print.
Loyalty cards are a separate issue. There are various wrinkles in this. CVS was sued for marketing directly to doctors:
There have been issues with selling data directly to drug makers. Maybe it's anonymized and then de-anonymized. Maybe it isn't. In any case, there's no permission involved:
There's also an issue with medical data sold by gov't agencies, which then sell it to data miners:
In other words, there are various ways around permission requirements, if they even exist.
It's unclear to me in all this what the exact law is related to doctors, CVS and permission. My understanding was that a doctor cannot sell data, but a non-medical business can. I may be wrong. If you know otherwise, or more, I'd be interested to see the links that explain it.
The two major (federal) ones is the Health Isurance Portability and Accountability Act. (The best resource is
| > It's unclear to me in all this what the exact law | > is related to doctors, CVS and permission. My | > understanding was that a doctor cannot sell data, | > but a non-medical business can. I may be wrong. | > If you know otherwise, or more, I'd be interested | > to see the links that explain it. | > | > | The two major (federal) ones is the Health Isurance Portability and | Accountability Act. (The best resource is |
Those links seem to be for vast plans to regulate health plan medical records and digitization standards. I was talking about specific information about specific laws, or lack thereof, governing the sale of medical data. I thought I had read in one of the CVS articles that doctors could not legally share data, but that other businesses could get around that. As one can see from my links, they are getting around it one way or another. What's not clear from my links is whether they can just sell the data directly in a legal way, without getting permission.
All medically related privacy laws flow from one of the two at least at the federal level. At least under HIPAA (I havent worked as much with HITECH, although that would talk about data transmission from electronic health records. The holy grail is Personal Health Information (PHI).
There's more than one. So far, this industry has very little regulation as to what they can collect, who they can collect it from, what they have to tell you that they've got on you, what they have to remove upon request, and to whom they will provide access, or not.
If you work for a medium-to-large employer, odds are one of their sources is your employer. They provide information to the data collection companies for free in exchange for free access to their databases when conducting their background checks.
I retired more than 10 years ago.... I was in the IT business, LOL!
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.