Merger of CVS, Aetna raising privacy concerns for some
Analysts say the recently proposed merger of CVS Health and Aetna has the potential to save money while improving wellness, saying it offers a framework to treat routine care in pharmacies so primary care physicians can focus on sicker patients.
For Deborah Peel, founder of the Patient Privacy Rights advocacy group, the initiative is more about two corporate giants trying to become members of the “Silicon Valley model of surveillance data.”
CVS and Aetna have separately amassed massive amounts of data on individuals across the nation and will be collecting more, which means that patients will have diminishing control over their data, she asserts. But CVS and Aetna are just examples, as many other businesses collect large amounts of data on consumers.
The giant Equifax data breach demonstrated that privacy protections are not being adequately controlled, and large entities can’t be trusted with individuals’ health data, according to Peel. “With the Equifax breach, people realize privacy is out of control,” she contends.
Peel calls for a new “distributed system” for health data where information about a patient should stay with the patient, a doctor and a hospital. “We should be the only holders of data about ourselves, with rare exceptions. The two people who need your health information are you and your doctor, and not insurers and companies—they want to sell your data.”
In 2018, Patient Privacy Rights plans to conduct a pilot test to find the right processes for giving individuals control over their health records, then press government entities to put pressure on those organizations that are engaging in bad privacy practices.
Patient Privacy Rights also wants to further empower individuals to better protect their information—for example, they advocate putting encrypted health information on a smartphone; sharing data with researchers to be used only one time and then destroyed; and enabling anonymous participation in research projects.
The bottom line, Peel says, is that if most entities accessing individuals’ data without consent are doing good work, “Why are they not asking you? We have to stop submitting to this business model—it’s a destroyer of democracy.”
In discussing potential privacy risks posed by the CVS-Aetna combination, the companies say they will work hard to protect consumer information.
“While it is too soon to discuss specifics related to these issues, you can be assured that protecting personal health information and client competitive information is a top priority for CVS Health,” says Carolyn Castel, its vice president for corporate communications.