Healthcare Information Security

Patient Privacy News

Patient privacy questions pop up at health-screening kiosks

By Patrick Ouellette

- Patient data privacy concerns are no longer limited to the confines of a healthcare organization or even their own home, as an interesting report from California described the privacy issues created by health-screening kiosks. Similar questions were raised last summer when CVS ExtraCare Pharmacy & Health Rewards program called for patients to sign a HIPAA waiver.

The kiosks, located in supermarkets and drug stores, allow consumers check their blood pressure or weight and are operated by Atlanta-based SoloHealth, according to There are reportedly more than 3,500 SoloHealth stations in the U.S., with plans in place to implement another 1,500 units this year. Because more than 12,000 Californians use one every day, their data privacy should be a critical consideration. However, SoloHealth selling patient names, email addresses and phone numbers to insurers who want to market health plans directly to consumers calls into question how private the data is.

For example, SoloHealth has exclusive agreement with Anthem Blue Cross to be the sole insurance company featured on California kiosks. “We know that engaging consumers early and engaging them with our messaging helps improve the chances of them choosing Anthem as their health plan,” says spokesperson Darrel Ng, according to the report. Consumers appeared to be further misinformed when SohoHealth began telling them an “experienced professional” could reach out them to help them find a plan that meets their specific needs.

The problem is that this “professional” is an insurance broker, not a healthcare professional, which the consumer finds out after SoloHealth has their name and email. “Consumers have every reason to be shocked this is happening,” says Pam Dixon, executive director of the nonprofit World Privacy Forum, according to the report. In Dixon’s opinion, a two-page health privacy disclosure, which may only be read by clicking a blue button at the bottom of the screen, isn’t nearly enough of a warning to patients that they’re selling their private information. “The fact that they’re not being told in a clear, conspicuous and prominent manner is problematic,” she said.

SoloHealth claims that recently adding the full policy to its machines will help inform consumers of their privacy rights. “We work with retail partners, our attorneys, and our corporate sponsors to make sure that we’re totally buttoned up,” says Foster, CEO. “We have a number of very large companies that have looked at this and are very comfortable with where we are.”

At least with the CVS waiver, patients were somewhat aware that CVS would potentially sell their data. SoloHealth consumers don’t need to sign a thing and there is no clear communication that they are giving their data to insurance brokers.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks