Critics: Oregon COVID-19 symptom checker raises privacy concerns
In a clash between good intentions and consumer privacy, a COVID-19 symptom checker website promoted by the city of Portland and Multnomah, Washington and Clackamas counties is raising concerns with prominent privacy and consumer advocates.
Unveiled in an online press conference organized by Multnomah County April 9, the website c19oregon.com asks for information about pre-existing health conditions and current symptoms before assigning a color-coded risk level to the user. Those determined to be high-risk are asked for their email address and phone number so they can be contacted by health officials.
Aaron Patzer, a high-tech entrepreneur, built the site as spinoff of his latest investor-backed startup, only to be contacted by local officials to adapt it to their purposes at a cost of $10,000 a month.
In an interview from his office in Auckland, New Zealand, Patzer maintained that he has no plans to sell data shared with the site, and that data will be protected.
"We are not monetizing the data from the United States, Oregon," he said. "We have no plans to do so. We will not do so."
The company hopes to spread the Oregon website mode around the country, using the government-backed website to promote similar arrangements elsewhere.
Advocates asked to review the website's privacy protections, however, called them insufficient and said its marketing provisions appear to go beyond public health purposes. They say that public agencies should not be promoting a website without ensuring the safety of consumers' data.
Others, like Pam Dixon, executive director of the World Privacy Forum, go further. "I think this tool is very problematic. And it's troubling that the county would promote a tool that has these … problems," she said.
Lee Tien, a senior staff attorney who specializes in privacy law for the San Francisco-based Electronic Frontier Foundation, said that when officials partner with private companies, "I think the government has a deep obligation to protect the privacy of sensitive information that is being shared for health and medical purposes. I worry that all of these (C19oregon.com-style) websites will opportunistically collect data from ordinary individuals without proper safeguards, partly because the cities, counties or states aren't making sure that this data is protected."
As of April 16, 40,000 people had visited the site, and 24,000 of them completed its survey of symptoms, according to Patzer.
Company founded by high-tech entrepreneur
Patzer, now 39, founded Mint.com at the age of 25, then sold it for $170 million. He founded some other companies, then moved to New Zealand where he founded Vital Software with the help of his sister, an epidemiologist and health researcher, and her husband, an emergency room doctor at Emory University School of Medicine.
Launched publicly about 18 months ago with $5.2 million in backing from venture capital firms, the company tries to market a web tool to hospitals, known as Vital ER, to assist with patient flow in emergency rooms.
The firm set up C19check.com as a philanthropic endeavor to help people, Patzer said. It also could be helpful in "brand building," said his California-based spokeswoman.
The Vital symptom-checker website uses an algorithm approved by the Centers for Disease Control, which operates its own symptom checker. It is among several such sites set up by private companies including a sister company of Google, Verily, and Web MD.
The Vital version is cell-phone friendly and has received high marks for usability and capacity.
Patzer says its health data will be "de-identified," meaning it won't be linked to other information to pinpoint an individual's identity. While he was criticized for selling data from his former company, Mint, he says that was anonymous data, aggregated from many users.
"I am an advocate of privacy," he said. "The intent is to use the (C19oregon.com) data exclusively for tracking how coronavirus spreads."
Local officials sought help
In late March, at a time when dire projections of the disease's impact in Oregon had the region bracing for overwhelmed hospitals, Lt. Rich Chatman of Portland Fire & Rescue and Multnomah County Emergency Medical Services director Dr. Jon Jui learned of the C19check.com site with the help of a local web developer.
They asked Patzer to customize it for Oregon agencies, including translating it to 15 languages and including a zip code so people with worrisome symptoms could be directed to the hospitals with emergency rooms that were not overwhelmed. Clackamas and Washington counties have signed on — their logos appear on the site — and Columbia County is expected to join as well, Chatman said.
Chatman said the website is intended to relieve any emergency rooms that are overwhelmed by the number of COVID-19 patients.
"That's how people die," he said.
He said Portland spearheaded the contract with Vital Software using a streamlined purchase-order process to save time, and will issue other contracts to pay for the language translation and advertising of the site.
Chatman said he understands why people would be asking questions about privacy. "I get it. It was something that I was tracking early on. Privacy is very much a concern that is reasonable any time you're getting on a piece of computer software to provide details about your medical history or symptoms."
He said privacy concerns are why the plan moved away from a text-messaging model, and he's comfortable that government wouldn't have any information other than zip code and age.
Similarly, Dr. Jui of the county said the website will be valuable to local officials by identifiying hot spot zip codes, and also by reaching people who might be disenfranchised — like homeless people, many of whom have cell phones. Many of them do not have primary care providers and are afraid to go to an emergency room as they normally would because of the risk of contracting the disease there.
Jui said that government officials were cautious about what data would be shared with government.
But as for what the company itself might track or share, "I wasn't involved in the contract portion," he said. "If you're asking me the privacy issue, I can't answer that be honest with you."
He said people can use most of the site's provisions while giving a false zip code, before ever reaching the portion where they are asked for a phone number and email address.
"If you're worried about privacy, you don't have to continue on that on that webpage," he said. "You basically give a false zip code and false age."
Chris Apgar, a former privacy officer for Providence Health Plans who now is a privacy and security consultant, said he's seen other policies like the one the website uses, and it appears to protect the company from liability by disclosing that the data can be used for marketing, But, he added, "there is a potential to cause a liability for the county or the city if the county or the city is saying, 'Hey, this is this is safe, it's okay to use,' and something happens."
As of Friday, Portland and Multnomah officials did not respond to questions about whether the website had undergone legal review.
Concerns go further
One of the most worrisome areas: the site's promise about de-identifying the data it gathers is vague, saying it will only share data that is "not intended to identify you."
That would appear to fall well below the strict standard for de-identification set by the federal medical information privacy law, they said.
Tien, the San Francisco attorney, said the company's "not intended" standard "seems to fall incredibly short, and I would be very concerned that people could be identified — regardless of what the company 'intended.'"
Dixon, of the World Privacy Forum, echoed that concern that individuals using the site could be identified and linked to personal information, including by third parties not affiliated with public health. She noted that information gathered by websites, including health history, in the past has been used by insurance companies to either deny coverage or charge prohibitive rates.
"Maybe they don't understand how serious it is to use online behavioral advertising in a health-related app," she said."There's a huge data ecosystem that goes along with online behavioral advertising."
In 2010, Congress passed the Patient Protection and Affordable Care Act, which banned health insurers from using pre-existing health conditions to deny coverage or discriminate in pricing.
But the law is under legal challenge and the Trump administration has made no secret of its desire to eliminate pre-existing conditions protections as part of that.
Kevin Lucia, a former enforcement director for the federal Center for Consumer Information and Insurance Oversight, now works for the Georgetown University Center on Health Insurance Reforms. He said the potential elimination of federal protections makes it a risk to share information about health history.
"I'm always wary of giving up your privacy rights to your medical history when you have other avenues that you can probably get the same type of guidance without giving anything up," he told the Tribune. "In a future that doesn't have these protections, making available this information could be problematic for some some consumers."
In addition to the pre-existing conditions people had before the pandemic, reports indicate coronavirus can have lasting effects in serious cases, damaging lungs, kidneys and the heart as well as causing neurological symptoms.
Patzer rejects the argument, saying "we have no plans to work with any insurers."
He said Vital Software uses encryption and security audits to prevent hacking.
"Any information we share with third parties is anonymous: Country, ZIP, symptoms, warning signs, pre-existing conditions. There's nothing in there that's identifying at all. I don't know how you would reverse that information to identify a particular person," he added. "The one exception, as we've noted, is if someone voluntarily agrees to provide an email + phone to the State of Oregon for follow-up assistance."
New plans for website
The urgency behind the original reasoning for the website, to steer people away from emergency rooms, has somewhat dissipated, as emergency room visits around the state are way down.
Patzer says that may be the case now, but it could change, as many jurisdictions are considering easing social distancing measures.
"You really don't know whether, as soon as things get loosened up, it's going to surge back or not," he said.
Regardless, local officials involved with the website hope to improve the site and make it more useful in a number of other ways, such as providing a service connecting users to an advice line staffed by Oregon Health & Science University nurses.
Meanwhile, other counties around the state are being given the chance to sign up so that hospitals and other medical providers in their area will be listed on the site, depending on the user's zip code.
Jui, the Multnomah emergency services offiical, says he has no doubt about the need for the website.
"We're in the middle of an epidemic and people are dying," he said. "We just need to get to the people that are suffering."
(This article has been updated with additional reporting.)
You count on us to stay informed and we depend on you to fund our efforts. Quality local journalism takes time and money. Please support us to protect the future of community journalism.