Even as the world bounces back from the Covid-19 pandemic, research has shown that more and more people are taking their healthcare into their own hands. The internet is a big part of how they do it. Telehealth companies that provide direct-to-consumer medications and related services saw their profits climb swiftly during the pandemic, but even as in-person medical visits have once again become the norm, these companies have continued to thrive.
In traditional healthcare, patients typically see a primary care provider who can recommend treatment, medication or otherwise, with their full health status and history in mind. Although traditional healthcare institutions have been caught bending to the interests of big pharma- a major factor in the U.S. opioid crisis- there are regulatory measures in place to prevent this. New-fangled telehealth companies do not have the same guardrails.
The mere fact that these companies deal with people's health data might make customers think that it will be covered by HIPAA, the U.S. federal law that requires healthcare and insurance providers to protect sensitive health information from being disclosed without patient consent. But just because you're sharing your health data does not mean it's protected. In fact, Hims & Hers' privacy policy mentions that it is not a "covered entity" under HIPAA. This suggests that the company is collecting demographic data and medical information, as well as images and messages, all on behalf of the diagnosing providers and with no guarantee of privacy protection under U.S. law.
【MORE】