I have a regular prescription I have gotten refilled at Kaiser Permanente for years. I use their online site and get my meds mailed to me.
It may have been 2 years ago or so, but the process stopped working and wouldn't accept my confirmation after giving my credit card info. I've got a handful of privacy tools on my browser. I finally gave in and temporarily white listed the pharmacy and still cleared out any trackers. Sent the web admin a basic, "WTF, folks?" and got a BS non answer.
Fast forward to maybe November or December last year. Refill time, and the trackers were even worse. I kind of need my meds though. So I created a new account on my computer, and ordered my meds.
Then I filed a complaint of a possible HIPAA violation, starting at https://www.hhs.gov/hipaa/filing-a-complaint/index.html and was polite, factual, and provided some non hysterical examples of how a prescription could indicate a specific health issue with resulting advertising or PII release to parties not needing it.
I received an email at the end of February. I was probably not the only person that sent a complaint, but the end result is that KP is being investigated.
I went through a similar gauntlet with kaiser as well.
This was years ago, but I complained that kaiser had trackers throughout its website for doubleclick and googletagmanager. (nowadays they don't use those domains and go directly to google.com, I assume because people don't block that)
I complained.
To be clear, the tracking links traverse the entire website - communication with your doctor, test results, prescriptions, even the complaint form I filed out.
I got the same sort of non-answers. I pushed and pushed and finally, I did get an answer - "the website is a convenience".
I blocked the trackers, and pretty soon to continue to use the website, I had to agree to the privacy policy.
I didn't agree. I stopped using the website.
But they wouldn't let me delete my account. (I think california law allows you to ask.) I called multiple times. I still have an account and get emails from them.
I do wonder whether it's possible to inject harmless stubs for these trackers so you don't have to deal with the bureaucracy of filing a complaint though. Then again, stubbing helps a few techy people, filing a formal complaint helps everyone.
It may have been 2 years ago or so, but the process stopped working and wouldn't accept my confirmation after giving my credit card info. I've got a handful of privacy tools on my browser. I finally gave in and temporarily white listed the pharmacy and still cleared out any trackers. Sent the web admin a basic, "WTF, folks?" and got a BS non answer.
Fast forward to maybe November or December last year. Refill time, and the trackers were even worse. I kind of need my meds though. So I created a new account on my computer, and ordered my meds.
Then I filed a complaint of a possible HIPAA violation, starting at https://www.hhs.gov/hipaa/filing-a-complaint/index.html and was polite, factual, and provided some non hysterical examples of how a prescription could indicate a specific health issue with resulting advertising or PII release to parties not needing it.
I received an email at the end of February. I was probably not the only person that sent a complaint, but the end result is that KP is being investigated.
Yay.