Amazon buys US healthcare chain One Medical for $3.9bn Amazon is acquiring One Medical, a company operating a chain of primary care clinics, for $3.9 billion in an all-cash deal, as it ramps up efforts to expand its consumer healthcare offerings. Amazon announced it was gobbling up the biz and all its data for $18 a share on Thursday; the final cost includes paying off One Medical …
To avoid that, all they'll need do is show that data transfer is only INTO the HIPPA controlled medical system, if that happens to include a regulat data dump from the corner shop...
The healthcare provider* will send regular medical updates with helpful purchasing lifestyle suggestions to patients.
Give it a few years and the non HIPPA Amazon will have enough personal data to render the regulatory separation meaningless.
* email is from Medicalone not Amazon so it's all good and above board. (until we get a rebrand to amazonmedical)
"I do not see any strategic logic to Amazon getting into healthcare clinics."
ANSWER: Amazon has proven that big money is made by bringing misery through cost optimization. HMOs, the crappiest form of care denial, have shown Bezos another way to inflict greed.
"Excuse me, Mr. Johnson, is that urine yours or mine?"
Don't expect the ICO UK to keep the likes of EMIS, TPP, and other companies under control regarding personal health data when ICO already refuse to keep parts of the Health Service under control.
The ICO are not just a waste of space as "enforcer" for Data Protection law, they are actually complicit with some organisations' which continue to break data protection law on a large scale.
In the past few weeks ICO have really shown their contempt for Data Protection law.
[Background Info: the Northern Ireland Electronic Care Record (NIECR) is the sharing of personal health data between 500+ organisations in NI (including all GP Practices, Community Pharmacists, Community Optometricists, and Independant Sector health orgs i.e. private hospitals) by creating a central "database" that they all have access to. The NIECR central system is operated by Business Services Organisation (BSO), a "arms-length" body of the Northern Ireland HSC (aka NHS NI). NIECR has operated since July 2013. It is similar to the proposed NHS England GPDPR sharing that was delayed last Spring after public complaints]
Below is a quote from a BSO email to ICO last month which confirms that all Northern Ireland GP Practices have, since NIECR's launch in July 2013 to the present day, not actually agreed to/signed the NIECR Data Sharing Agreement (DSA) that makes any such sharing lawful.
BSO also gave a vague "intention" to ensure that GP Practices actually sign the DSA at some, *undefined*, future date but meanwhile GP Practices will continue to share personal health data unlawfully with NIECR in the meantime.
BSO to ICO:
> The other issue that we discussed briefly was the mechanism for seeking the agreement of GPs for the revised Data Sharing Agreement. When the Data Sharing Agreement had been drafted we had sought to get a signed acknowledgement from each GP practice of the new Data Sharing Agreement. This proved a difficult administrative processes, given the number of individual GP practices. I would acknowledge that this was never followed through from our side. We will seek to create a more robust tool for seeking GP agreement when we have finally agreed the Data Sharing Agreement revision that is currently under way. This is required both to ensure that GP Practices are aware of their responsibilities as outlined by the Data Sharing Agreement. <
The ICO case officer's response, after receiving BSO's email, to me regarding this aspect of my complaint was:
> BSO has confirmed to the ICO that when the data sharing agreement had been drafted, they had sought to gain a signed acknowledgement from the GPs involved; however, this proved to be a difficult task and was not followed through. That being said, the organisation has advised that when the revised data sharing agreement has been agreed upon, they will create a tool in which they can seek GP agreement.
With this in mind, we do not intend to take any further action at this time with regards to this. <
So ICO have proof (a clear admission) that since July 2013 to the present day no GP Practice in Northern Ireland has ever agreed to/signed the NIECR DSA to make their sharing of health data lawful despite their sharing of said data occurring on a daily basis for *9 years* and ICO is going to take no action!
BSO have given a vague "commitment" that NIECR will attempt to come into compliance with Data Protection at some undefined date in the future but NIECR will continue operating unlawfully as before in the meantime. As all the participant organisation in NIECR operate as Joint Controllers then they (all 500+ orgs) are all *jointly* legally liable for the unlawful data sharing.
How big a breach of data protection law has to occur before ICO will actually take any action????
In the same email to ICO quoted below is BSO also acknowledging that (all agreed versions of) the NIECR DSA have never defined any lawful basis (or lawful condition) for the sharing of personal data. BSO has attempted to "read between the lines" of the DSA to then claim *last month* which lawful basis was intended from the start of NIECR in July 2013 and ICO have accepted BSO's blatant mischaracterisation of the DSA.
BSO to ICO:
> Also, within the body of the DSA, in Paragraph 4 NIECR Information Governance Model, it states that the key principles to be applied to the processing of data are "that the use of NIECR is for direct patient/service user care only" and that "information is accessed when there is a clinical/caring relationship with the patient/service user". While Public Function is not specifically mentioned it seems clear that the basis of processing was never intended to be consent. <
In order for the 360+ organisations who participated in NIECR at its launch in July 2013, through to the 500+ organisations participating in it currently, the DSA must clearly state all lawful bases and lawful conditions so that all participants are "on the same page" and have exactly the same understanding as to what they are *jointly* agreeing to (except of course for the GP Practices, Community Pharmacists, Community Optometrists, and Independant Sectors orgs who never actually agreed to anything despite participating).
The ICO case officer's response, after receiving BSO's email, to me regarding this aspect of my complaint was:
> With regards to the electronic processing of your personal data, it would appear that BSO originally relied upon Schedule 2(5) and Schedule 3(7) of the Data Protection Act 1998; and Schedule 3(8) on a case-by-case basis. Based on the information provided in response to this, we do not intend to take any further action at this time with regards to this specific aspect of your complaint at this time. <
So ICO's investigation into NIECR is a complete whitewash.
It is not that ICO are failing to do their job, it is that ICO are actively helping to cover up unlawful activity.
An employee of Amazon walks into the Clinic attach to an Amazon store.
The Doc: Only need your employee Id and ALL your history is made available. So what seems to be the problem. Oh quite a bit from the looks of your employee history and spending habits here at the store. And looking at your medical history no surprises there either. I think a regime of pills is just the ticket. Make sure you purchase them from the Amazon owned pharmacy located next Menswear. The pills are made in a country with questionable Quality Control but they are dirt cheap and considering your an employee of Amazon just within your price range.
Patient: Anne, What are you doing here, weren't you supposed to be stacking shelves in fruit & veg
Anne/Doc: Yeah, But the doc is off sick today and they wanted me cover.
"It now owns your store, your doctor, and your shopping history"
Obviously, what's next is your entire medical record - probably the most sensitive personal information anyone has.
The panopticon has arrived in the hands of Amazon. First. they wanted to be the only store on the planet, but now they want much more - they want to own us utterly.
"We think health care is high on the list of experiences that need reinvention". Well said Neil Lindsay, even if in a canned statement. Indeed. With the kinda hoops it makes people jump through, the primary healthcare system in the West forgets that people who seek it are actually sick.
The US healthcare system is just one massive money making scam, where the health provision is owned and funded by the health care insurance cartel.
If a 3rd party can come in and break up this corrupt state of affairs then great.
Just a shame its another company with a dodgy track record.
The major problem with walk-in clinics is that one gets to see a part-time doc. Laying eyes on you for the first time, the best he/she can do is to make an educated guess. Once you walk out the door, you'll never see that doc again, so there is no continuity of care.
Contrast this with the reliable model in which all of us have a family doctor who knows us, perhaps from childhood, is a compendium of experience not guesses and can prescribe or refer as necessary.
That doc is someone you can depend on. If Amazon is smart, it will emulate that system into continuity of care in which you always see the same physician and develop a genuine caring relationship.
Part of this equation is that we expect GPs to devote much of their time to being small businessmen, a rôle for which few have been trained. Most docs choose med school to help people not fret over accounting & taxes.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
