Amazon wants to sell me drugs

I ordered groceries. Now I’m getting prescription drug recommendations. When Amazon recommendations feel like a HIPAA violation The weirdest thing happened to me recently. I ordered some groceries on Amazon Fresh. When you check out, Amazon recommends more things you might like to buy, usually related to your purchase. But this time, Amazon offered up “Treatments for High Cholesterol” along with a link for an Amazon One Medical consultation as well as links to prescription medications. That’s weird, because my doctor and my wife are the only people who know about my cholesterol numbers. They’re pretty good, too! But there are certainly data points, including my age, my food preferences, and my past purchases, maybe even [news stories I’ve read elsewhere on the web](, that might suggest [I’d be a good candidate for a statin](, the type of cholesterol-lowering medication Amazon recommended to me. And while I’m used to Amazon recommending books I might like or cleaning products I might want to buy again, it felt pretty creepy to push prescription drugs in my direction. It’s entirely possible that the Amazon recommendations I saw on this particular grocery order were random. The next time I ordered groceries, the app recommended bacon, not statins. At first, I thought it may have been a test or a mistake on Amazon’s part, but when I asked what was behind the recommendations, the company confirmed that it was a feature, not a bug. “Amazon displays products that may be related or similar to the current item purchased,” Amazon spokesperson Samantha Kruse said in an email. “Protected health information from Amazon Health Services, including Amazon One Medical and Amazon Pharmacy, is not used to market or advertise general merchandise in the broader Amazon store.” In other words, Amazon might use information from your purchases to suggest prescription medications, but it won't use your protected medical information to try to sell you other stuff. Regardless, seeing Amazon target me for a health condition draws attention to the unnerving amount of information Amazon has gleaned from my online activity — as well as the fact that [Amazon is a health care company](, one that can collect troves of data and push customers toward treatments accordingly. It may not be surprising that Amazon is operating with an extremely powerful amount of data about us and what we buy. But in the past four years, Amazon has launched its own pharmacy business and bought One Medical, a primary care startup that could connect Amazon customers directly with doctors. It’s clear that Amazon’s health care ambitions are huge. We don’t yet know exactly how that will change the Amazon shopping experience for everyone — but maybe my recent shopping experience was a preview. Before I get too riled up about Dr. Amazon, let’s take a closer look at what the retail giant knows about its customers and how. Amazon is famously known as the Everything Store, where you can buy everything [from battery acid]( to, well, [statins](. Like most websites, Amazon also collects data about your activity on the site, like the things you buy, the things you don’t buy, and the things you consider buying. It creates a profile based on those interests and uses algorithms to recommend things that you might like to buy next. Amazon [is proud of these algorithms](. (The total amount of data that Amazon collects about you [extends well beyond your shopping habits, by the way](.) Then there’s [Amazon’s booming ad business](. The company’s advertising arm [now rivals]( the Google and Meta duopoly that has dominated online advertising for years, thanks in part [to the massive amount of data Amazon has]( about what people buy, what they watch, where they live, and so forth. Amazon [says]( it uses “cookies, pixels, IP addresses, and other technologies” to target these ads, which is why you can find Amazon tracking bugs on websites [all over the web](. These trackers could, for example, know if I looked up a health-related question on WebMD and use that data to tailor recommendations on Amazon, according to [Christo Wilson](, a computer science professor at Northeastern University. “There may be an Amazon tracker lurking on the page, monitoring what you’re doing, and that’s how you can potentially have these kinds of freaky advertising,” Wilson told me. Or maybe it was a pattern in my purchase history. My grocery order that triggered the cholesterol medication recommendation included shredded cheese, salsa, tomatoes, flour tortillas — and, notably, ground chicken. Was this a tell? It is, after all, a heart-healthy alternative to ground beef and taco night was on the horizon. But does that make me an obvious target for a cholesterol consultation with Amazon One Medical? And either way, should my Amazon purchases be associated with Amazon’s health care services at all? Amazon One Medical is a relatively new service. Amazon bought One Medical [in 2022](, and combined it with its Amazon Clinic telehealth service [earlier this summer](. Now, Prime members can pay $99 a year to gain access to care through Amazon One Medical. For $5 a year, Prime members can get access to discounted medications [with the Amazon Pharmacy RxPass](. While I am a Prime member, I am not an Amazon One Medical customer, and I do not use Amazon Pharmacy. So, considering my choice in my healthy tacos, an algorithm might surmise that, as someone who’s proactive about his health care needs, I might be interested in Amazon’s health care offerings. When Amazon bought One Medical, [the FTC]( and [others]( raised concerns over Amazon’s creep into the health care industry and what that might mean for sensitive health data. It was around this time that the Washington Post reported that customers [signed away some of their health privacy rights]( when they enrolled in Amazon Clinic. None of this has made me feel any better about whether it was legal for Amazon to use my complex purchase history to sell me targeted health care products. As far as I know, Amazon can. HIPAA, the federal law that protects health privacy, [is narrower than most people think](. It only applies to health care providers, insurers, and companies that manage medical records. HIPAA requires those entities to protect your data as it moves between them, but it wouldn’t apply to your Amazon purchases, according to Suzanne Bernstein, a legal fellow at the Electronic Privacy Information Center (EPIC). “That background is especially important, as Amazon and other companies continue to collect, process, and use tremendous amounts of consumer health data that falls outside of HIPAA scope,” Bernstein said. “And it’s not the fault of American consumers for not necessarily knowing all that.” In the absence of any federal protections, some states have passed their own data privacy laws. While California [is perhaps most famous]( for giving its citizens more control over their data, Washington state changed the conversation around health data privacy when it [enacted its My Health My Data Act]( last year. This law defines consumer health data much more broadly, Bernstein explained, so that any information about a consumer’s past, present, or future health conditions is covered. That might mean that Washington residents have the right to some privacy when their Amazon purchases indicate a health condition. It’s so far unclear how the law might apply to Amazon, which is based in Washington. I’m still making sense of my recent brush with statins on Amazon and still have more questions than answers. Does Amazon plan to target its customers with prescription drug recommendations on a regular basis? Am I the only one who thinks that feels more invasive than convenient? Or does Amazon know what the people really want, even if it feels a little creepy at first? I can’t know the answers to these questions. One thing I do know: Taco night with heart-healthy ground chicken is a hit. —[Adam Clark Estes](, senior technology correspondent [Why Telegram’s CEO was detained in France]( Telegram’s lax content moderation policy is catching up with its CEO.   [Mark Zuckerberg wears a gold chain.]( Bloomberg via Getty Images [Mark Zuckerberg’s letter about Facebook censorship is not what it seems]( This is not a win for free speech. It’s a political grenade.   [A recent data breach included as many as 272 million Social Security Numbers, but experts say many may belong to deceased people.]( Getty Images/iStockphoto [The massive Social Security number breach is actually a good thing]( Freezing your credit files has never been easier. Here's how to protect yourself.     Getty Images [SpaceX’s risky mission will go farther into space than we’ve been in 50 years]( The privately funded venture will test out new aerospace technology.   [Thee utility workers wearing masks pose after upgrading power grid equipment for reliability in California.]( Brent Stirton/Getty Images [The hidden reason why your power bill is so high]( And a few things you can do about it.   Become a Vox Member Support our journalism — become a Vox Member and you’ll get exclusive access to the newsroom with members-only perks including newsletters, bonus podcasts and videos, and more. [Join our community](   [Listen To This] [Listen to This]( [You're lost in the wilderness. Now what?]( For decades, search and rescue teams followed an accepted playbook. Now, scientists are helping them reimagine how to find lost people. [Listen to Apple Podcasts](   [This is cool] [Why English is full of sailing terms](   [Facebook]( [Twitter]( [YouTube]( This email was sent to {EMAIL}. Manage your [email preferences]( , or [unsubscribe](param=tech)  to stop receiving emails from Vox Media. View our [Privacy Notice]( and our [Terms of Service](. Vox Media, 1201 Connecticut Ave. NW, Washington, DC 20036. Copyright © 2024. All rights reserved.