My wife got a box of Enfamil Fedexed to our door as a promotion on what would have been the due date of our baby. Unfortunately, she miscarried at 3 months.
They knew this because marketers get near real-time access to prescriptions, hospital admissions and other things.
You should care because your information will be sold or traded, and behaviors can be correlated against medical and other outcomes.
Are you a divorced dad who has moved within 90 days and play daily fantasy sports? I can buy a list that will find you for $250. You are a risk for opioid addiction and may get denied service in the future for medical issues. Or you may attract advertising tailored to get you to gamble or drink more, when you are at your most vulnerable.
If what you are saying is true (I'm genuinely asking), that sounds like behavior that should absolutely be made illegal and severely punished.
I try to maintain a "lite" internet footprint (no facebook, only social media is LinkedIn, I use a VPN when I can) ... it's a little disturbing to think that someone can just purchase my buying history and use it as, essentially, an attack vector to serve me ads or gaslight me into buying stuff I don't really want or need.
Yes, you are. The events surrounding what happened to my wife was very painful (an ectopic pregnancy that nearly killed her), and a thoughtless reminder was very unwelcome. I still feel violated and betrayed.
In our case, I found out the marketing list from Enfamil and bought it for my zip code. I complained to the hospitals’ privacy officer and the state regulator and found that everything was legal.
In our case, the hospital pharmacy issued drugs to her indicative of a pregnancy. The pharmacy or insurer provides that information in real time to data brokers. The pharmaceutical companies assign quotas and send salespeople for certain drugs. There are other ways for data to get out that we’re not certain of. Perhaps the insurer “anonymizes” and sells subrogation information. Or the lab. In any case, they knew that my wife was admitted to an OB floor of a hospital, but didn’t know the outcome.
It’s not going away. The US government uses these same techniques with companies like Google to combat extremism or terrorist conversions — they actually use factors like this to target potential recruits with counter-information via ads.
> I complained to the hospitals’ privacy officer and the state regulator and found that everything was legal.
Both of those are the wrong venue for complaint on this issue; the hospital privacy officer exist to protect the hospital from liability and will never confirm to an outside party, especially a complaining party, that an act is a violation of the hospital’s legal duty, and the state regulator isn't responsible for enforcing federal law.
The right place for complaint is the federal Department of Health and Human Services Office or Civil Rights, which is actually responsible for enforcing the privacy provisions of HIPAA. Or getting your own attorney.
It's not a HIPPA violation because they give the information to one of their "partners", and you agree to this in all the crap that gets signed.
I went to a Norton Hospital Immediate Care Center and paid cash because I didn't have insurance at the time. Because I paid cash, Norton turned all of my contact information over to a company that sells health insurance and gives loans to pay for medical services. They bugged the everlovin' shit out of me with automated phone calls until I decided enough is enough.
The Immediate Care Center denied giving any information out and were shocked this was happening, but Norton central billing knew about it, said they would remove me, but the 3rd party already had my info so it was too late.
The 3rd party were complete assholes, and when I got fired up because I wouldn't give them even MORE personal info to be removed from their call list, they said it was my fault: if I had just called them back and given them the 15-digit code, an agent would have removed me. That's also a lie, because I eventually did try that.
To protect my privacy, I told Norton my phone number had changed, and my new number was 812-555-1212, which is the 812 area code directory assistance number.
They did the same thing to my sister when she paid with cash because her husband had just changed jobs and she didn't have the new insurance info yet.
That's really awful; I'm so sorry you both had to go through that.
Would you mind sharing more information about how you found that list (esp for a given zip), and how you think they tied that information to an address? My email is in my profile, if you wouldn't mind reaching out.
I called and asked Enfamil. They readily provided the name of the marketing list. When I bought it, you had to get a minimum number of entries, which I did by targeting a couple of local zip codes.
I don’t have ready access to it now, but it had all sorts of stuff, probably about 150 columns. Stuff ranging from likely medical conditions to car owned, to stores frequently shopped to specific consumer products used.
They knew this because marketers get near real-time access to prescriptions, hospital admissions and other things.
You should care because your information will be sold or traded, and behaviors can be correlated against medical and other outcomes.
Are you a divorced dad who has moved within 90 days and play daily fantasy sports? I can buy a list that will find you for $250. You are a risk for opioid addiction and may get denied service in the future for medical issues. Or you may attract advertising tailored to get you to gamble or drink more, when you are at your most vulnerable.