Stop Eating That Doughnut, Your Doctor Is Watching!

Imagine your doctor shaking his head disapprovingly as you take that last bite of your morning doughnut. Since Medicare began levying penalties (up to 2%) against hospitals that have a high re-admittance rate, some health care providers have begun using credit card data from third party personal financial data providers (like Axicom and Lexis) to identify their high-risk patients in order to reduce their at-risk behaviors. Some of the at-risk factors hospitals look at include: letting a gym membership run out, fast food consumption, and frequency of smoking (or at least frequency of buying cigarettes).
In 1999, Congress passed the Gramm-Leach-Bliley Act (“GLB Act”), which specifically prohibited financial institutions from disclosing their customers’ account numbers to non-affiliated third party companies when it comes to telemarketing, direct mail marketing or other marketing through e-mail. For example, if you regularly purchase something with your credit card from a store, the store cannot just contact you about deals unless you specifically sign up for them to contact you, like a frequent buyer card. In a hospital, the invasion of privacy can be far greater than a traditional business because the hospital also has access to all of the patient’s past medical history, presumably has a relationship with the patient, and may be far more judgmental because they know whether the patient should really be eating doughnuts every morning.

In a hospital, the invasion of privacy can be far greater, because the hospital also has access to all of the patient’s past medical history, presumably has a relationship with the patient, and may be far more judgmental because they know whether the patient should really be eating doughnuts every morning.

Hospitals are not prevented from using personal financial data to contact you about your poor health habits because the financial data is not being used for “marketing purposes.” However, this practice may in fact be illegal because while the hospitals are “helping” their patients achieve better health free of charge, hospitals are actually in the business of improving their patients’ health and so this might fall under the “marketing” prohibition of the GLB Act.
Naturally, many industries using consumer financial data are hesitant to acknowledge the full extent to which the privacy data has been used. However, Axicom, one of the largest suppliers of personal privacy “data points,” has an average of 1,500 data points on more than 500 million consumers around the world. The data mining issue has gotten so impressive, that “[l]ast year Adam Sadilek, a University of Rochester researcher, and John Krumm, an engineer at Microsoft’s research lab, showed they could predict a person’s approximate location up to 80 weeks into the future, at an accuracy of above 80 percent.”
Other “non-marketing” invasions of your financial privacy can be more harmful. An auto maker could use your financial data to cross reference the amount you spend at the pump (via credit card) with current gas prices to find the amount of gas you purchased for your car, and therefore calculate the mileage you drive. The ramifications of this would be if you are driving more miles than you claim on your insurance estimate, it could invalidate their vehicle insurance in case of an accident. Additionally, one of the Affordable Care Act’s (Obamacare) goals will be the eventual elimination of a “high-risk” category for people seeking health insurance, so any concern about health insurance companies looking at your personal data will be less applicable to health insurance premiums.
Financial data sales is the norm for many credit card providers. In order to protect yourself and eat your morning doughnuts (more) privately, you should contact your credit card provider and opt out of any financial data sharing. If you don’t opt out, your doctor may call you one morning, and suggest that you try going to the gym than drinking a breakfast smoothie. Or you can always just pay with cash.