DIYbanter - View Single Post - Google is not the only one who knows all about you.

Mayayana

| CVS now sells your personal medical info to drug companies
| for marketing purposes, if you buy any drugs from CVS. Your
| doctor can't legally do that, but there's no law about CVS
| selling their business records. Privacy regulations, which were
| never important before computers, simply haven't caught
| up. And they may not, given the power of lobbyists. Selling
| data and targetting ads is already a massive industry. If
| you think of CVS and imagine how many similar cases there
| may be, there's a good chance that companies like
| LexisNexis know more about you than you do... far more.
| Their memory is perfect.
|
|
| Actually your doctor could sell every bit of medical they want to,
| just like CVS. But just like CVS, they'd have to get your permission.
| Unlike CVS, they don't have this frequent shopper card that nobody ever
| reads the fine print.

Loyalty cards are a separate issue. There are various
wrinkles in this. CVS was sued for marketing directly
to doctors:

http://www.bloomberg.com/news/articl...drug-companies

There have been issues with selling data directly to
drug makers. Maybe it's anonymized and then
de-anonymized. Maybe it isn't. In any case,
there's no permission involved:

http://www.nytimes.com/2009/08/09/bu...vacy.html?_r=0

There's also an issue with medical data sold by
gov't agencies, which then sell it to data miners:

http://www.bloomberg.com/bw/articles...s-are-for-sale

In other words, there are various ways around
permission requirements, if they even exist.

It's unclear to me in all this what the exact law
is related to doctors, CVS and permission. My
understanding was that a doctor cannot sell data,
but a non-medical business can. I may be wrong.
If you know otherwise, or more, I'd be interested
to see the links that explain it.