Is Your Doctor's Sign-in Program Stealing Your PHI? There's a somewhat alarmist story in the Washington Post this week on physician office registration software provider Phreesia. The implication is that your doctor's office has sold your data to pharmaceutical companies. That seems like a pretty gross mischaracterization.
Remember in the old days, whenever you went into the doctor's office, you had to fill out 5-10 pages or paperwork listing your ailments, medical history, etc.? In the old days, the doctor's staff would take those pages and stick them into a paper file; when electronic medical records came along, the staff would retype those pages into the electronic record; somewhat more recently, they'd scan them in as PDF copies.
Phreesia provides software for doctors' offices to use during patient sign-in. Patients are given an iPad or other tablet device and asked to fill in their information, which is instantaneously and effortlessly filed into the patient's electronic record. This saves doctors' offices the cost of staff time, and ensures that the information is in a more usable electronic format.
I suspect that what Phreesia charges doctors' offices for the use of the software does not cover Phreesia's costs of operations and developing the software. Why would Phreesia sell the software below its costs? Because Phreesia also gets funding from advertisers. Those advertisers are going to be companies who specifically want to get their ads to people in doctors' offices, and really want their ads going to people who might need their products (and not to people who don't need, and won't ever buy, their products).
So, does Phreesia (and by implication your doctor) sell your data to pharmaceutical companies? The Post story says, "Phreesia says it does not 'sell' your data" (Note the snarky "Phreesia says," which the Post reporter doesn't dispute). In fact, Phreesia does not, nor does your doctor. No pharmaceutical company ever sees your information. Rather, the Phreesia software has a certain number of different ads loaded. It does use your data to determine which ad gets displayed. No data is sent out to anyone.
The Post story notes that you can click "no" and you won't get targeted ads. You may still get ads, though; they'll just be randomly generated from whatever ads are loaded on the system. Even if you click yes, if you don't want to see the ad, you can just turn the tablet over, or turn it back into the receptionist's desk. Either way, once you've turned in tablet, you'll get to sit down and watch ads on the TV or in the magazines in the waiting room -- ads which are likely tailored to the specific type of patients that frequent that doctor's services).
Look, you're going to see an ad; would you rather it be something that you might, maybe, be interested in, or just some random sales pitch, or perhaps something you'll never want or need? Let's say you're (i) a woman (ii) who is not in a relationship with a man with erectile disfunction. If that describes you, there's probably a 99% or greater chance that you have no interest in seeing Viagra or Cialis ads. If I could guarantee that, even though you'll see the same number of ads as before, but none of them would be for ED drugs, would you take that offer?