HIPAA Mashups? Really? Read on...
Gastrol Oil in the UK recently went live with it's customized billboards, that display the type of oil your car needs based upon a database look up from the UK's Driver and Vehicle Licensing Agency (DVLA). See video for Castrol Oil Billboard Ad.
The DVLA apparently sold licensing data to a third party, and this third party sold the data to Gastrol. In a statement, the DVLA said it did not sell Castrol the data and denied providing any data to Castrol or receiving any fee in relation to the marketing campaign.
So what's this have to do with HIPAA Mashups?
Consider this imaginary scenario:
"Average Mary Jo Citizen who happens to have high cholesterol, makes use of a free GPS service in her car. It's free because she allows splash banner advertising occasionally on her car's mini-LCD screen. This morning, when Mary started her car, an advertisement for LoCHOLS, a new Cholesterol-Lowering Drug that recently hit the market was displayed on her car's navigation screen."
In the future, could a HIPAA Mashup on Mary be done to enable such an ad? Well, let's also imagine the following:
"Mary's high speed internet service is free because she allows her ISP to track her internet surfing history in a large database. This allows the ISP to provide customized ads to Mary's homepage. Recently, Mary database records indicated that she has been surfing for Weight Loss Clinics and Health Clubs in her local area.
Mary's grocery convenience card that she uses to get discounts at the local grocery store tracks all of her purchases. The grocery store's database shows that Mary, despite her best efforts to watch what she eats, has recently increased her purchases of potato chips, fatty meats, and her favorite "Muffin Top Cakes". Mary also opted in to receiving special store coupons via email, by allowing 3rd parties to send her advertisements to her home.
Mary has also been receiving birthday wishes from a number of local restaurants that have birthday clubs. The restaurants make use of the same market leading CRM database application for managing interactions with customers. It turns out that Mary just had her 55th birthday.
MinHealthCo, a third party service provider contracted by the Department of Health and Well Being in the US to educate consumers on preventative healthcare to help reduce costs, has subscribed to all three databases mentioned above. MinHealthCo analysis concludes Mary might be a good candidate LoCHOLS, because Mary is concerned about weight gain, eats foods with high fatty content, and has recently turn 55, a key risk threshold for high cholesterol in women."
HIPAA Mashups Enable Targeted Healthcare Ads??
So what are the legal and regulatory considerations of this imaginary scenario? How much of this is a stretch?
Can such a scenario be enabled with proper controls and yet meet the needs of government, businesses, and consumers? What ethical or privacy dilemmas are are stake?
Please let me know your thoughts.
Mark Brooks
Comments