ASK HN: CVS Pharmacy Sharing Data with Facebook and/or Groupon?

3 points by 6d6b73 ↗ HN
Yesterday I had to buy a compression sleeve for my injured knee. I didn't do any searches on the internet, just went to the nearest CVS and bought one using my wife's CVS loyalty card. Today on her Facebook account she was presented with an ad from Groupon with a coupon for knee compression sleeves.

I never had problem with my knee before, I didn't do any searches for knee injuries or anything related to that before, and neither did my wife.

I was under impression that sharing of personal health data is prohibited, but it seems that if you buy stuff that's over the counter, there is nothing stopping companies from sharing it with 3rd parties.

2 comments

[ 3.7 ms ] story [ 15.6 ms ] thread
Yep, this is pretty common practice. https://adage.com/article/dataworks/data-partners-tie-mobile... is a decent writeup of a few of the ad targeting providers involved.

In general, if you don't want something tracked, don't use a loyalty card, and pay with cash. The entire point of loyalty cards is to derive value from your purchase history in any way possible. And per https://ncvhs.hhs.gov/wp-content/uploads/2018/05/NCVHS-Beyon... page 4, OTC transactions do not create PHI for the purposes of HIPAA.

I was surprised that it happened so quickly < 24 hours and Facebook is already showing ads related to my recent purchase. It looks like Facebook not only has access to data from multiple stores (which I was aware of) , but also can process them in (near) real-time .

Also, I was not aware that buying anything health-related, OTC does not fall into HIPAA. Thanks for that info.