Ben Sutherly reports:
You might not know it when you seek care from some of central Ohio’s hospital systems, but your health information makes you a potential marketing target.
OhioHealth and Mount Carmel Health System routinely mine health data from their patients’ records to decide who should receive certain mailings. The approach — sometimes called “ customer-relationship management” — has been used for six years by OhioHealth and two years by Mount Carmel. Ohio State University’s Wexner Medical Center hasn’t used it, but it plans to take another look at the tactic soon, a spokesman said.
Read more on The Columbus Dispatch. It seems patients can opt-out, but have to actively opt-out instead of the hospitals being required to obtain opt-in consent to such mailings. Once again, something may be legal under HIPAA, but I think this is wrong and patients should have to request or at least provide informed consent to such mailings, other privacy and security protections notwithstanding.