
ASK HN: CVS Pharmacy Sharing Data with Facebook and/or Groupon? - 6d6b73
Yesterday I had to buy a compression sleeve for my injured knee. I didn&#x27;t do any searches on the internet, just went to the nearest CVS and bought one using my wife&#x27;s CVS loyalty card. Today on her Facebook account she was presented with an ad from Groupon with a coupon for knee compression sleeves.<p>I never had problem with my knee before, I didn&#x27;t do any searches for knee injuries or anything related to that before, and neither did my wife.<p>I was under impression that sharing of personal health data is prohibited, but it seems that if you buy stuff that&#x27;s over the counter, there is nothing stopping companies from sharing it with 3rd parties.
======
btown
Yep, this is pretty common practice.
[https://adage.com/article/dataworks/data-partners-tie-
mobile...](https://adage.com/article/dataworks/data-partners-tie-mobile-ads-
drug-refills-doc-visits/302937) is a decent writeup of a few of the ad
targeting providers involved.

In general, if you don't want something tracked, don't use a loyalty card, and
pay with cash. The entire point of loyalty cards is to derive value from your
purchase history in any way possible. And per [https://ncvhs.hhs.gov/wp-
content/uploads/2018/05/NCVHS-Beyon...](https://ncvhs.hhs.gov/wp-
content/uploads/2018/05/NCVHS-Beyond-HIPAA_Report-Final-02-08-18.pdf) page 4,
OTC transactions do not create PHI for the purposes of HIPAA.

~~~
6d6b73
I was surprised that it happened so quickly < 24 hours and Facebook is already
showing ads related to my recent purchase. It looks like Facebook not only has
access to data from multiple stores (which I was aware of) , but also can
process them in (near) real-time .

Also, I was not aware that buying anything health-related, OTC does not fall
into HIPAA. Thanks for that info.

