NPR recently reported that patients in hospital emergency rooms, at chiropractors' offices and at pain clinics in the Philadelphia area may start seeing ads from personal injury law firms looking for business by targeting patients with mobile online ads.
The technology behind the ads, known as geofencing, or placing a digital perimeter around a specific location, has been deployed by retailers for years to offer coupons to customers while shopping. Bringing it into health care spaces concerns privacy experts.
It sounds like digital ambulance chasing to me.
"It's really, I think, the closest thing an attorney can do to putting a digital kiosk inside of an emergency room," says digital marketer Bill Kakis, who runs the Long Island, N.Y.-based firm Tell All Digital. Kakis says he recently signed deals with personal injury law firms in the Philadelphia area to target patients.
Law firms and marketing companies from Tennessee to California are also testing out the technology in hospital settings.
The advertisers identify someone's location by grabbing what is known as "phone ID" from Wi-Fi, cell data or an app using GPS. Once someone crosses the digital fence, Kakis says, the ads can show up for more than a month — and on multiple devices. To Kakis, this is just digital target marketing. In his sales pitch to potential clients in an e-mail, he calls the technology "totally legit."
But Massachusetts' attorney general, Maura Healey, disagrees. "Private medical information should not be exploited in this way," Healey says. "Especially when it's gathered secretly without a consumer's knowledge, without knowledge or consent." Healey's office was the first in the U.S. to go after geofencing technology snaring people while they are seeking medical care.
Prosecutors reached a deal last year with a Massachusetts-based digital advertising firm that was sending advertisements from a Christian pregnancy counseling and adoption agency to people who entered Planned Parenthood clinics. When patients would go to the clinics, they would cross a digital fence and get advertisements such as "You have choices" and "Click here for pregnancy help."
Healey's deal claiming violations of the state's consumer protection act for the ads being allegedly "unfair and deceptive" resulted in banishment of the digital firm from Massachusetts. Directing ads at people for seeking medical care is really a kind of digital harassment, Healey said. "We just want to make sure that companies aren't exploiting information in violation of existing privacy laws with respect to health information that's so sensitive," she says.
These ads certainly seem unsavory to me, but are they illegal? University of Minnesota professor Bill McGeveran says not necessarily, at least not yet. The federal heath privacy law known as HIPAA, for instance, would not apply to these location-based mobile ads. "It applies to hospitals and clinics and doctors and insurance companies, not to the lawyers and the marketers working on their behalf," he says. "HIPAA is targeted only to certain particular actors in the health care industry, so there's lots of digital marketing and record-keeping that's outside of HIPAA."
McGeveran says prosecutors can try novel uses of state consumers protection laws, like Healey did. But it is unclear how those claims would hold up on appeal.
Kakis did not want to say which personal injury law firms have signed on with his marketing firm and which hospitals are impacted. He will say, though, that the geotargeted campaigns in the area of health care are one of the fastest-growing parts of his business. "Within a few weeks, we pretty much had every hospital taken up in the downstate New York area," he says.
It certainly seems to me that these targeted ads are an invasion of privacy – and they prey on people when they are at their most vulnerable. If it isn't illegal, it sure ought to be.
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology