One Medical reportedly provides primary care on a membership basis to some 800,000 people across the United States. In its own words, it claims to be “on a mission to make getting quality care more affordable, accessible and enjoyable for all”.
But why is Amazon — the company that helps you get a cheap home projector, or a toaster — investing in this area?
What is One Medical?
With a subscription fee of just US$199 ($285) per year, One Medical helps bridge the gap between the US’s inefficient public healthcare system and people’s need for (expensive) healthcare insurance.
Get daily business news.
The latest stories, funding information, and expert advice. Free to sign up.
It provides a comprehensive set of online resources for paying members, including a mobile app to seek medical support and “24/7 access to virtual care”.
Evidently the company has done well for itself, reporting a net revenue of more than US$250 million ($358 million) in 2022’s first quarter.
Meanwhile, Amazon has been increasing its presence in the healthcare sector for some years. In 2018 it acquired PillPack, which became Amazon Pharmacy. And in 2020 it introduced Amazon Care — a virtual healthcare company that connects patients with a range of telehealth and primary care services.
By acquiring One Medical, which was a competitor, Amazon is moving further in on the US healthcare market. This isn’t dissimilar to what it did with book retailers, when it first launched as what was essentially an online bookstore.
Is it all about data?
Amazon knows a lot about its customers. Through user browsing and purchases made on its website, it collects vast amounts of data to better understand what people need and want — with the ultimate goal of selling more products and services.
Amazon also has the option to tap into a worldwide network of Amazon-branded devices, such as Echo and Alexa. Recent research has suggested Amazon uses voice data collected through Alexa to target potential customers with advertisements.
Often, tech companies claim they collect data to generate a more positive experience for customers. They might be able to present you with personalised product options, saving you time and energy.
But what about when you combine this data with more privileged and sensitive information related to your health?
Connecting the dots
Amazon isn’t just a giant online shopping mall. It’s also a leading provider of artificial intelligence (AI) services.
While there may be some legislative protections in certain jurisdictions, it wouldn’t be difficult for Amazon to connect the dots between people’s healthcare data and all the other data it already collects.
An Amazon spokesperson said One Medical customer information protected under the US Health Insurance Portability and Accountability Act (HIPAA) would be “handled separately from all other Amazon businesses as required by law”.
This does point to some basic level of privacy protection; HIPAA is designed to protect people’s personally identifiable information, medical history and other sensitive health data.
But how well Amazon can assure customers this is being adhered to will hinge on it being transparent. Without this, it will be hard for anyone on the outside to figure out the inner workings of the data handling.
The spokesperson said:
As required by law, Amazon will never share One Medical customers’ personal health information outside of One Medical for advertising or marketing purposes of other Amazon products and services without clear permission from the customer.
In regard to needing “clear permission from customers”, ideally this means Amazon will ensure the permissions process is absolutely transparent. But transparency around data-sharing requests remains a murky issue in the big tech space.
After all, voice data collected by Amazon devices can be deleted — but how many people do this? How many are aware they can?
Will Amazon start targeting Amazon Pharmacy ads for vital medications to One Medical patients who have provided “clear permission” for data sharing?
In the past, Amazon has admitted to handing over people’s personal data (collected through its Ring doorbells) to US police, without consent or warrants.
Expanding its empire?
As Amazon steps further into the healthcare space, it’s not a stretch to think it could combine its AI capabilities and Alexa voice data to target sick people with medical products or Amazon Care services.
In a worst-case scenario, we may see Amazon monopolise the US healthcare industry, with its usual practice of undercutting competitors and hard-selling to customers. It lures customers with low prices, before egging them into buying more.
Amazon Pharmacy already offers discounted drugs to Prime members. And it could be imagined those willing to pay higher fees might secure better healthcare from Amazon, opening a door into health insurance services.
The wealth of information Amazon is aggregating also makes it a more attractive target for cyber attacks and data leaks. Information that was previously held in various, disparate networks is now contained within the servers of one organisation. Criminals will inevitably take an interest.
The sensitive nature of patient information, coupled with the fact that many health organisations still use outdated digital infrastructure, means the healthcare industry is ripe for exploitation.
Could it happen here?
Luckily, the Australian healthcare system is not like the US model, where there’s no universal healthcare program.
Currently, just over half of Australian residents have private health insurance. But private health membership has declined, on and off, since the country’s publicly funded universal healthcare scheme was introduced in 1975 (as Medibank), before being replaced by the Medicare system in 1984.
Australia has more than 30 health insurers offering around 3500 different health insurance products. With this much competition, it’s unlikely Amazon will be interested in entering the Australian market with healthcare products — at least for the foreseeable future.
Mohiuddin Ahmed is a lecturer of computing and security at Edith Cowan University, and Paul Haskell-Dowland is a Professor of cyber security practice at Edith Cowan University.