When Enfamil Fedex’ed a case of baby formula as a “welcome baby” gift for the child that we lost to a miscarriage, I got pissed off and dug into it.
They told me where they got the lost and I bought it for my zip code for $50. So I found out which neighbors were pregnant, had diabetes, were buying a car, etc.
The medical information was sourced from “anonymized” insurance subrogation data and prescription data. They were able to correctly identify that my wife was pregnant and project the due date, but didn’t have the diagnosis or the reason for the hospital/OB admission.
The prescription data was presumably resold by pharmacies (which?) to data brokers. This was their workaround to sidestep HIPAA ("It's not medical information, it's prescription information").
This is also why pharmacies pester you for your phone number, and to participate in their loyalty programs (don't).
As far as I could tell, they could link the hospital admission, OB admission (the hospital runs a separate system for OB) and doctor to the scripts. The RhoGAM was filled by the hospital pharmacy, and other scripts were filled by CVS.
My understanding is that "anonymized" data leaks from subrogration and the PBM as well that can be un-anonymized later.
They told me where they got the lost and I bought it for my zip code for $50. So I found out which neighbors were pregnant, had diabetes, were buying a car, etc.
The medical information was sourced from “anonymized” insurance subrogation data and prescription data. They were able to correctly identify that my wife was pregnant and project the due date, but didn’t have the diagnosis or the reason for the hospital/OB admission.