Article Text

Original research
How the commercial virtual care industry gathers, uses and values patient data: a Canadian qualitative study
  1. Sheryl Spithoff1,2,
  2. Brenda McPhail3,
  3. Leslie Vesely4,
  4. Robyn K Rowe5,
  5. Lana Mogic4,
  6. Quinn Grundy6
  1. 1Women's College Research Institute, Women's College Hospital, Toronto, Ontario, Canada
  2. 2Department of Family and Community Medicine, University of Toronto Temerty Faculty of Medicine, Toronto, Ontario, Canada
  3. 3Faculty of Social Sciences, McMaster University, Toronto, Ontario, Canada
  4. 4Women's College Hospital, Toronto, Ontario, Canada
  5. 5Department of Biomedical and Molecular Sciences, Queen's University, Kingston, Ontario, Canada
  6. 6Faculty of Nursing, University of Toronto, Toronto, Ontario, Canada
  1. Correspondence to Dr Sheryl Spithoff; sheryl.spithoff{at}wchospital.ca

Abstract

Objectives To understand and report on the direct-to-consumer virtual care industry in Canada, focusing on how companies collect, use and value patient data.

Design Qualitative study using situational analysis methodology.

Setting Canadian for-profit virtual care industry.

Participants 18 individuals employed by or affiliated with the Canadian virtual care industry.

Methods Semistructured interviews were conducted between October 2021 and January 2022 and publicly available documents on websites of commercial virtual care platforms were retrieved. Analysis was informed by situational analysis, a constructivist grounded theory methodology, with a continuous and iterative process of data collection and analysis; theoretical sampling and creation of theoretical concepts to explain findings.

Results Participants described how companies in the virtual care industry highly valued patient data. Companies used data collected as patients accessed virtual care platforms and registered for services to generate revenue, often by marketing other products and services. In some cases, virtual care companies were funded by pharmaceutical companies to analyse data collected when patients interacted with a healthcare provider and adjust care pathways with the goal of increasing uptake of a drug or vaccine. Participants described these business practices as expected and appropriate, but some were concerned about patient privacy, industry influence over care and risks to marginalised communities. They described how patients may have agreed to these uses of their data because of high levels of trust in the Canadian health system, problematic consent processes and a lack of other options for care.

Conclusions Patients, healthcare providers and policy-makers should be aware that the direct-to-consumer virtual care industry in Canada highly values patient data and appears to view data as a revenue stream. The industry’s data handling practices of this sensitive information, in the context of providing a health service, have implications for patient privacy, autonomy and quality of care.

  • Telemedicine
  • Information technology
  • QUALITATIVE RESEARCH
  • MEDICAL ETHICS
  • Organisation of health services

Data availability statement

Data are available on reasonable request. The study interview guide is available as online supplemental file. Other data are available on reasonable request. Interview transcripts are not available to protect participant privacy.

http://creativecommons.org/licenses/by-nc/4.0/

This is an open access article distributed in accordance with the Creative Commons Attribution Non Commercial (CC BY-NC 4.0) license, which permits others to distribute, remix, adapt, build upon this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited, appropriate credit is given, any changes made indicated, and the use is non-commercial. See: http://creativecommons.org/licenses/by-nc/4.0/.

Statistics from Altmetric.com

Request Permissions

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.

STRENGTHS AND LIMITATIONS OF THIS STUDY

  • Our qualitative study explores the data handling practices of the virtual care industry, a topic that has implications for patient privacy, autonomy and quality of care but has received little attention to date.

  • Our study methodology is well suited to generating a deep understanding of a complex situation involving multiple stakeholders.

  • Study findings are grounded in evidence from a variety of participant perspectives and triangulated with company documents, increasing study trustworthiness.

  • The study focuses on Canada, and differing political, legal and social contexts may affect the applicability of our findings elsewhere.

Introduction

Over the past decade, and accelerating with the COVID-19 global pandemic, companies around the world have started offering virtual care directly to patients—direct-to-consumer virtual care.1–10 Virtual care, also called telemedicine, refers to the remote provision (both synchronous and asynchronous) of clinical services.1 Telehealth is a broader term than virtual care and telemedicine; in addition to clinical services, it includes the remote provision of non-clinical health related activities such as provider training and healthcare administration.11

Direct-to-consumer virtual care is a type of patient-initiated virtual care delivered by for-profit companies via a proprietary software platform.12 The services allow patients to obtain rapid and convenient access to virtual care without having a prior relationship with the clinician. (Despite the ethical, legal and policy implications of referring to patients as consumers,13 14 we have opted to use the term ‘direct-to-consumer’ at it is widely used both by the virtual care industry and by researchers).3 12 15–17 Direct-to-consumer virtual care has also been referred to as ‘walk-in virtual care’,18 19 ‘direct-to-consumer telemedicine’3 15 20 and ‘private video consultations’.10 21–23 Example of these services include Maple (Canada)18 24 ; Curon (Japan)25; Push Doctor (United Kingdom (UK)26; Medaviz (France)27 and Teladoc (USA).12

Patients appear to value direct-to-consumer virtual care services, although much of the research has been commissioned by companies in the industry.9 16 23 28 29 In a 2021 survey of working Canadians, commissioned by a company with a virtual care platform, 70% stated direct-to-consumer virtual care services would allow them to be more proactive about their health and 82% stated that these services would help them ‘avoid missing work or school’.30 Studies examining virtual care in general (not direct-to-consumer virtual care specifically) indicate that patients benefit from better access, convenience, cost savings and positive health outcomes.24 31 32 Direct-to-consumer virtual care, however, may also present risks to patients. Studies report that these services disrupt continuity of care and can lead to overdiagnosis and overtreatment.12 18 33–41

Organisations, such as the College of Family Physicians of Canada,42 and scholars18 43 have also raised questions about the virtual care industry’s data handling practices. Many companies that collect personal information in other industries, use the data to create profiles of individuals and conduct targeted marketing.44–48 Others share or sell the data to third parties.49–51 Although the healthcare industry’s data practices have received little attention, a recent study found that almost all hospitals in the US share data with third-party advertisers.52 These types of data practices may cause harm from, for example, the exposure of sensitive information47 or from secondary data uses that incorporate social biases and lead to discrimination.53–55 It is unclear, however, if the commercial virtual care industry is engaging in these practices and what the implications might be for patients. Thus, our research objective was to understand and report on the direct-to-consumer virtual care industry in Canada, focusing on how companies collect, use and value patient data. As the effects of technological advances are not uniform across society,56 57 we sought to understand the potential implications for patients, the general public and structurally marginalised groups. This is particularly important in Canada, a diverse society founded in colonialism and struggling with ongoing structural racism.58–60 A better understanding of the situation and its implications will inform discussions about these models of care and provide mechanisms to minimise risks.

Methods

Design

We used qualitative research methods to collect and analyse data. Our methods were informed by situational analysis, a constructivist and critical grounded theory methodology.61 In situational analysis, the data collection methods and analytical approach explore individuals’ experiences, perspectives and situatedness. The goal is to generate a deep understanding of a complex social situation, comprising individuals, institutions, discourses, and technologies, and their inter-relationships. We triangulated two forms of qualitative data: individual interviews with key informants affiliated with the commercial health data broker industry in Canada and publicly available documents on websites of companies with a virtual care platform operating in Canada. The study authors have expertise in qualitative methodologies and experience examining the impact of new technologies and commercial interests on health and healthcare. We reported our methods using the Standards for Reporting Qualitative Research62 (see online supplemental appendix 1).

Patient and public involvement

We involved BM, the Director of the Canadian Civil Liberties Association’s (CCLA) Privacy, Surveillance and Technology Programme, to help ensure that civil society perspectives, grounded in the public interest, were included in our study. She was involved with all aspects of the study from design to knowledge translation. The CCLA is a national, nongovernmental civil rights organisation that advocates for people living in Canada—particularly those who face social exclusion—in the courts, at parliamentary committees and through the media. We have also shared a report with our preliminary findings with study participants.

Setting

Canada has a single-payer universal healthcare system with a federal requirement for provinces and territories to publicly fund a basket of essential services, such as physician visits and hospital care.63 Even though funding for these essential services is public, much of the delivery of care is private.63–65 Most physicians are self-employed and bill the provincial payer for patient care services. Physicians are responsible for covering the costs of software systems to manage patient records and to provide virtual care.64–66 Prior to the onset of the pandemic, few physicians were able to bill for virtual care services unless they used provincial software systems that were primarily for providing specialist services in remote areas.67–69 Since the onset of the pandemic, some provinces and territories have started to fund direct-to-consumer virtual care services; in others, patients pay out-of-pocket or are covered through their employer or private insurance.18 24 70 71 Nurse practitioners in Canada, although able to diagnose and treat medical conditions with prescriptive privileges, are not permitted to bill the public health system.65 72 73 They are typically hired by hospitals or medical clinics and paid a salary for their services.

In Canada, a private sector company’s collection and use of data are governed by federal privacy legislation,74 unless a province has private sector legislation that has been deemed substantially similar.75–77 Federal privacy legislation defines personal information as ‘information about an identifiable individual’74 and personal health information as a subset of personal information concerning ‘the physical or mental health of the individual,’ including ‘information that is collected incidentally to the provision of health services to the individual’.74 78 Currently, federal legislation does not provide explicit protections for deidentified data. When a company is acting on behalf of a healthcare professional to provide a health service, its activities are governed by provincial health privacy legislation as well as by federal privacy legislation, unless a province has health privacy legislation that has been deemed substantially similar to federal legislation.79 In recognition of the rights of the many Indigenous Peoples within Canadian borders, some organisations are starting to incorporate Indigenous Data Sovereignty directives into data handling practices.80 These directives affirm Indigenous Peoples’ right to sovereignty, including a community’s right to control, use and gain communal benefit from the data.81 82

Identification of platforms

To identify platforms providing direct-to-consumer virtual care in Canada, we conducted systematic keyword internet searches (eg, [“virtual care” OR “virtual care platform” OR “telemedicine” OR “online doctor”] AND “Canada”). We defined virtual care as ‘any interaction between patients and/or their circle of care occurring virtually, using any form of communication or information technologies, with the aim of facilitating or maximising the quality and effectiveness of patient care’.83 This definition has been used by a number of Canadian organisations including the Canadian Institute for Health Information,84 Digital Health Canada85 and the Canadian Medical Association.69 We defined direct-to-consumer virtual care as virtual care services provided through a proprietary software platform operated and controlled by a for-profit company. We defined direct-to-consumer as virtual care as patient-initiated care that is not integrated into ongoing, comprehensive care. We limited our analysis to platforms that provided physician and/or nurse practitioner virtual care services as these services typically fall within essential services funded by provincial public payers.63 We excluded platforms operated by for-profit and public entities as these entities have different governance structures and objectives than for-profit companies and operate under different legal frameworks86–89 making direct comparison of the impetus and nature of data collection practices more challenging. We excluded platforms that solely provided remote monitoring or other services that did not involve direct communication with a physician or nurse practitioner. We also excluded platforms that were not accessible to the general public. We verified our findings with a recent environmental scan of these platforms in Canada.1 For each platform, we searched the Mergent Intellect database to identify the parent company, ownership (privately held or publicly traded) and corporate structure90 and used the Builtwith Technology Lookup online tool91 to generate a technology profile for each platform. For a description of the platforms, see online supplemental appendix 2.

Data collection

We had two sources of data—interviews with individuals affiliated with the commercial virtual care industry in Canada and company documents—that we collected and analysed simultaneously. We used a purposive sampling strategy92 to recruit interview participants and sample documents. To start, we relied on a maximal variation typology to provide a variety of perspectives.92 We sought to include a range of companies in terms of size; location (eg, Canada, the USA); type of services (eg, primary care, mental health); participant roles at company; as well as a range of types of documents (eg, promotional material, privacy policy). As our analysis progressed, we transitioned to a theoretical sampling typology92 where our ongoing analysis directed further sampling. To recruit participants, we contacted individuals through contact information in the public domain or through the LinkedIn messaging system. To identify publicly available documents, we searched the company’s public website to identify relevant documents such as promotional materials, data-sharing policies, privacy policies and consent procedures.

Telephone interviews were conducted by LV. The interview guide included questions to help us understand the commercial platforms; the key entities and their interrelationships; the collection, use and storage of different forms of patient data collected through the platform; and the potential benefits and risks for patients, communities and structurally marginalised groups (online supplemental appendix 3). The guide was modified iteratively as needed, as data collection and analysis proceeded. Interviews were transcribed by a professional transcriptionist. All identifying information was removed from the transcripts and audio recordings were deleted following transcription and transcript verification. Participants were given pseudonyms and are described by these pseudonyms in this manuscript.

Analysis

Data collection and analysis occurred simultaneously.61 Each transcribed interview and sampled document was uploaded into qualitative research software, NVivo, for preliminary line by line coding by LV and SS. As coding continued, SS and LV used a constant comparative method where they compared new data to the analysed data, identified related codes, wrote memos and adjusted the preliminary codes as needed. The collected and analysed data directed further recruitment and interviewing as well as additional sampling of documents.

During coding, LV and SS wrote memos describing analytic ideas, lines of inquiry and directions for data collection and analysis. They also created situational and relational maps to visualise the whole of the context of commercial virtual care, drawing connections and specifying the relationships between each element in the maps (eg, companies, platforms, databases, software tools, discourses, social and political elements, key events).61 SS and LV wrote memos based on the maps to develop categories and theoretical concepts to understand the virtual care industry in Canada in the broader context and to generate fresh insights and identify areas for further analysis.

Consistent with situational analysis,61 LV and SS used the reworked maps and related codes to create categories that focused on explicating actions and processes. These categories were used to generate theoretical concepts. Theoretical concepts are higher-level categories central to the analysis that subsume and connect other categories and are connected to each other.

The core research team (SS, LV, BM and QG) met regularly to review the ongoing analysis. SS and LV concluded data collection and analysis once they had identified important theoretical concepts; produced ordered maps; and had fully described the situation, with newly collected data not leading to significant modifications in maps and the conceptual understanding of the situation (online supplemental appendix 4). We then reported the findings in narrative form, presenting the range of experiences related to these core concepts.

Results

We analysed 18 key informant interviews, conducted between October 2021 and January 2022 (table 1). Participants included two academic researchers, one data analyst, three chief executive officers, three vice presidents, three directors, one engineer, two digital health consultants, two subcontractors, four physicians, one privacy officer and one privacy consultant (several participants had multiple roles). Nine participants were employees of companies with a direct-to-consumer virtual care platform and nine individuals were affiliated with the industry as academics, consultants and/or third-party subcontractors. We also analysed 31 documents from 14 companies with a virtual care platform.

Table 1

Study participants: roles and pseudonyms

Data generates revenues

Documents and participants‘ interviews indicated that patient data were highly valued by the virtual care industry and used to generate revenues. Data helped companies to improve and expand services, promote other products and services and/or third party products and services; and, in some cases, adjust patient care pathways to promote pharmaceutical products.

A data gold rush

Darcy, an executive at a consulting company, explained how companies in the virtual care industry believed ‘the future is data.’ Darcy characterised the expansion of companies into virtual care as a ‘gold rush’ to gain access to data. The pandemic sparked an ‘explosion’ in the use of virtual care services in Canada, and companies were eager to get involved (Alex, executive, company with virtual care platform). This led to the creation of many new start-ups and initial public offerings as well as mergers and acquisitions among existing companies. In Gabe’s view, an employee at a consulting company, the ‘great interest in the data’ led to public offerings for Canadian start-ups ‘at hundreds of millions of dollars.’ Ira (employee, company with a virtual care platform) stated, ‘During the pandemic, if it says ‘Telemedicine’ on it, you’re getting investors and you’re getting bought up.’ Elliot (an academic researcher) explained that the ways companies use data may vary.

I think it depends on the company. But I do know for sure, for most of them, monetization—so that data is part of their business model. I think they might have different levels of maturity, but I think for most of them that is part of their business plan.

Elliot went on to explain how a smaller or less mature company may not have enough data to make it worthwhile to ‘clean-up’ and do the ‘groundwork needed to monetise the data.’ But that this monetising data would be among the company’s long-term goals.

Data category determines use

Participants described the different categories of data collected by companies with virtual care platforms. These different data categories appeared to determine how data were used by the company. The first category was personal health information, a subset of personal information under Canadian federal privacy legislation. According to participants, companies described personal health information as the data collected by physicians and nurse practitioners during the provision of care. This included a patient’s ‘medical information, how many consults [they’ve] had, what the outcomes were’ (Pat, executive at a company with a virtual care platform).

Participants described another category of data: registration-related data. These were data—for example ‘name, phone number, email address, gender, birthdate’ (Privacy policy, Canadian company)—collected when individuals accessed the platform, submitted inquiries or registered with the platform. Registration-related data, according to participants, were placed in the personal information category, but not the personal health information category, by companies. Another category, that companies also placed in the personal information category, was user data. These were data collected from individuals as they browsed the website or app. This category included information such as:

Information about how, when and where you use our website; the hardware and software you use to interact with our website; your device identifier; your mobile network information; the settings you use on our website; your network location; your IP [internet protocol] address; and information about the webpages you visited prior to coming to our website. (Privacy policy, Canadian company)

A final category was deidentified personal information, including deidentified personal health information. Participants, and company privacy policies, explained how companies would remove identifiers like name and date of birth and modify other identifiers, like postal code, to produce this type of data.

According to participants, the data categorised as personal information (eg, registration-related data, user data) and deidentified personal health information were on the ‘business side’ (Alex). These data were a company ‘asset’ (Laurie, employee at a company with a virtual care platform) that could be ‘monetised’ (Darcy). We describe in detail how companies used these data in the sections below.

Data that companies placed in the personal health information category were treated differently. Some companies only used these data ‘for the primary purpose, which is to provide that patient with a virtual exchange with their physician’ (Kari, executive, consulting company). Others used the information for commercial reasons but, when working with third parties, shared analytics or deidentified patient information rather than identified patient data. Finn (employee, company with a virtual care platform) and Hao (executive, company with a virtual care platform) provided examples of how the companies they worked for used this information to adjust patient care pathways with the goal of increasing uptake of a pharmaceutical product. In both cases, their companies provided the pharmaceutical company with analytics rather than patient data. (We expand on these processes below.) More companies may be seeking to follow suit. Jamie, an executive at a company with a virtual care platform, described how their employer, a large corporation with ‘multiple industries’ and ‘multiple platforms’, was trying to get ‘a view of the consumer’ and wondering: ‘Can we use [personal health information]?’ and ‘How do we use [personal health information]?’.

Improving and expanding services

Participants described how companies used patient data to improve and expand services. Qi, an employee at a company with a virtual care platform, explained how their company evaluated the increased volume of calls during the pandemic to determine the nature of the health concerns and ensure the platform could meet patient needs. Similarly, Mani, an executive at a company with a virtual care platform, explained how data were used to detect areas with ‘consumer’ demand, such as marriage counselling, but no (or insufficient) services. Mani described using data this way as a win-win—companies made additional revenues while also ‘improving or building new services’ for patients.

Promoting products and services

Many participants described how patient data were used for ‘marketing and selling other services depending on the profile of the patient’ (Kari), often through email communications or advertising on the virtual care platform. Laurie explained how the profiles were created—‘If you are frequently looking up dermatology terms on our app, we might offer additional services around dermatology for you.’ For large companies, the profiles contained aggregated data from multiple sources.

Your name, email address, and home address may be shared within the [Company X] Family and matched to your existing customer profile… This information may be used to…Help us and the [Company X] Family provide better recommendations of [Company X] products and services that may be of interest to you and exclude those that are not relevant.

According to Pat, the services were often ones that an individual ‘might normally pay out-of-pocket, like seeing a psychotherapist.’ Private pay services often have a higher mark-up compared with publicly funded health services and were described by Laurie as ‘sell-up conversions’—purchases a patient makes beyond the initial service they were seeking.

Some participants described how data were sometimes used to market third-party products and services. Alex described how these partnerships with third parties for targeted advertising might work,

If an individual is coming through our service looking for mental health resources, how do we lean them into some of our partnerships with corporate counselling services? So, that’s kind of where that data is going to help [companies] build these partnerships.

Thus, companies with virtual care platforms were looking for opportunities to match the services and products of their business partners to an appropriate patient. Accordingly, the privacy policy for a Canadian company stated ‘We generally process and may disclose your Personal Information … in order to enable our advertisers to provide you with more personalised content and track the effectiveness of certain advertising campaigns.’In some cases, according to Okena (employee, subcontracting company), companies engaged a ‘facilitator’ or ‘middle-man’ company (like the one Okena worked for) to identify third parties who may want to advertise through the platform.

Adjusting patient care pathways

Some participants described how the companies they worked for analysed data collected as a patient interacted with a healthcare provider—and adjusted patient care pathways—to increase uptake of products or services. Finn described how their ‘data-driven’ platform was paid by a pharmaceutical company to promote its drug. Finn’s company used the virtual care platform to send patients reminders, or to provide more information on the pharmaceutical company’s drug, and then ran analyses to determine which methods were most effective at increasing patient uptake. Finn further explained how the platform, at the behest of the pharmaceutical company, would conduct ‘A/B testing’ by putting out a new version of software to a percentage of patients to see if the new version improved uptake of the drug, or other metrics important to the pharmaceutical company, compared with the old version. Patients were not informed the platform was conducting these analyses.

Similarly, Hao described how their company sent reminders through the virtual care platform to patients, encouraging them to get a vaccine, as part of a partnership with a pharmaceutical company. These messages appeared to come from the ‘clinic’—the virtual medical service. Hao explained that pharmaceutical companies were interested in marketing through the platforms because ‘Consumers just kind of ignore stuff on [television] now. And pamphlets, they might not read that when they’re at the clinic. But when a clinic actively engages the patient about the healthcare issues, it might work.’ Thus, since these recommendations and reminders were coming from a trusted source, patients may be more likely to respond to the promotional messages. According to Hao, the platforms also offered pharmaceutical companies a way to track the impact of their marketing programmes—‘did [the patient] view the ad, assets and education material.’ These metrics were not available when companies used television or pamphlets to promote products. According to participants, the promoting products for third parties through the platform could be done without sharing identified patient data. Hao noted, ‘[The pharmaceutical company] was pretty upfront about not receiving patient sensitive data.’ Rather the company wanted ‘anonymised data’ with ‘how many did this, how many did that,’ to determine the success of promoting the vaccines through the platform.

Operating within industry norms

Participants described these data handling practices as expected, necessary or even appropriate (according to some participants), indicating the practices fell within industry norms. Companies took steps to protect the privacy and security of data they placed within personal health information category, to align with societal expectations and protect their reputations.

Appropriate and/or expected data handling practices

Participants generally felt these data uses were as to be expected, or even appropriate, for companies in the private sector. Laurie explained, ‘As a private company, we need to make money, so we would be looking for additional services to recommend to you.’ Darcy agreed, [Companies with a virtual care platform] can’t be faulted for [using data for commercial purposes], that’s a business and every business does it. So, I think that’s interesting and not too terribly surprising.’ Similarly, Alex stated, ‘But I don’t think it should be a surprise to anyone in healthcare or the corporate world that this is how these entities function.’ Alex explained that these companies are doing what every other company that collects personal information does—using the data to make money. These views indicate that the companies with virtual care platforms were following industry-accepted norms for data handling practices.

Minimising reputational risks

Participants described how companies were concerned about their reputations and sought to follow ‘best practices’ (Canadian Company, privacy policy) by prioritising privacy. Mani described how companies viewed protecting the privacy of patient data as ‘fundamental’ to their business. According to Darcy, companies employed strict privacy protections to ‘engender trust’ from patients; data breaches could be devastating to a private sector company. Laurie explained further, that ‘as a private company, if we have our name connected to one of these missteps, that’s the end for us. Individuals aren’t going to trust our brand, we’re going to have a lot of blow-back from it.’ Similarly, Qi described how a ‘data breach’ could be ‘really detrimental’ to their company. Thus, according to participants in the industry, companies prioritised privacy because of the risks a data breach presented to a company’s reputation and survival.

‘Money off patients’ backs’

Even though participants saw the data handling practices as falling within industry norms, some also brought forward concerns. They were worried that these data handling practices came at patients’ expense. They described how the practices could interfere with healthcare choices and put patient privacy at risk. Some also described risks to groups or communities that shared characteristics.

Implications for clinical decision-making and healthcare choices

Elliot described how the targeted advertising and ‘A/B testing’ of patient care pathways to increase uptake of pharmaceutical products could interfere in the patient care journey, with implications for patient health. In Elliot’s experience, these types of experiments had ‘the ability to influence…the patient’s decision-making and healthcare choices, perhaps more than ideal.’ Finn noted that platforms may not provide the ‘best recommendations for your actual life in sort of a positive way’ but rather may be ‘totally abused’ for commercial gain. Darcy stated, ‘I would like my care journey to be governed by what’s the best care for me, not who paid the most amount of money to get in front of me for my attention.’ Cam described the use of data to promote products and services as companies making ‘money off [patients’] backs.’

Giving up ‘a little bit of privacy’

Some participants also expressed concerns about how companies handled patient data, in particular the data companies excluded from the personal health information category—registration-related information and user information. Qi worried about patients giving up ‘a little bit of privacy’ to access virtual care services. QI expressed that ‘I don’t think that that’s necessarily right. I don’t think we should have to give up that, in order to have access to [virtual care].’ Darcy felt that registration-related information should also be treated with the same protections as the data categorised as personal health information as the data were collected from a patient seeking a health service. Darcy also expressed concerns about the sharing of user information with analytics companies because ‘it’s not going to be a stretch to figure out that I have X, Y, Z health conditions’. Finn explained how even though companies viewed the user data as low risk, analytics companies, such as Google Analytics and Facebook, were able to use identifiers, like IP addresses in shared data, to link the shared information to a unique profile in their database. The analytics companies then resell the information they acquire ‘in the form of ads to other people’ (Finn).

Participants had a range of views on risks associated with de-identified data. Some felt de-identification ‘virtually eliminated’ privacy risks (Bala, employee, consulting company). Others explained how deidentified data could lead to privacy loss as the deidentification process was ‘subjective’ (Elliot) and ‘some people are pretty flexible with it’ (Finn). Further, if companies ‘combine and share’ datasets, the extra information also increases the risk of reidentification (Gabe). Elliot also noted, that even without reidentification, deidentified data could cause harm by increasing stigma against certain communities. Elliot provided the example of how analysts could use the data to promote the idea that ‘everyone from X group has X disease, because they don’t exercise and it’s their fault.’ Elliot called for community oversight and patient participation in research to avoid problematic uses of data.

Enablers of access to patient data

Participants and documents provided insights into why patients may consent to these data handling practices. These included confusing and vague privacy policies; difficulty opting out of data uses; a lack of other options for care; and high levels of trust in the Canadian healthcare system.

Problematic consent processes: legalese and difficulty opting out

Participants described how patients may not understand how their data were being used. Qi explained how ‘legalese’—language for someone who has a legal background but incomprehensible to others—and vague descriptions of data flows and uses in privacy policies presented barriers to a clear understanding of data uses. These vague descriptions, according to Alex, were the result of complicated data flows between entities designed to maximise data uses. Participants also pointed to patients’ state of mind—focused on an urgent medical concern—as a barrier to understanding how data were used. Gabe, an employee at a consulting company noted,

At the point of care or point of contact, most individuals are worried about their rash or their cough or their daughter’s sickness and they’re not really thinking about what happens with that information over the long term, how it’s leveraged and what it could be used for.

Participants also described how consent processes made it difficult for patients to opt-out of commercial data uses (eg, using data to promote other products and services). Elliot explained,

I think part of the problem is, …you don’t have a choice, you still have to access that service. So, it’s kind of the fact that, you are supporting this other [commercial use] that you may or may not agree with, simply through accessing a healthcare service.

Privacy policies aligned. Most instructed patients on how to opt-out of receiving marketing messages, but did not give patients the ability to opt-out of other commercial uses of data, such as the development of new products and services and the creation of targeted advertising. To avoid most of these uses of their data, a patient’s only option may be to ‘stop using the websites’ (Privacy policy, Canadian company). Thus, to access health services, patients have little say in how their data are used.

Lack of other options

Patients’ may also agree to data sharing practices because they have a lack of other options for care. In participants’ views, health systems in Canada had significant ‘challenges’ (Mani, executive, company with a virtual care platform). They characterised the system as lacking rapid and convenient access to primary care providers, particularly during the pandemic. Participants felt that concerns about access to care had been downplayed by those in power, such as physicians, who were instead focused on ensuring continuity of care. Elliot, an academic researcher, explained: ‘patients care about [access and convenience]. And we can’t just keep saying to them, ‘Oh, you know, continuity wins above all, even if you have to wait to see the person for three days’.’ In Reid’s view (an employee at a consulting company), the provincial health systems ‘just didn’t have the resources, or time, or motivation before the pandemic to build [virtual care platforms]…and when they had the motivation [during the pandemic], they didn’t have the resources.’ According to Laurie, an employee at a company with a virtual care platform, the healthcare software produced by provincial and federal governments had been ‘slow to the market,’ ‘unstable’ and ‘a bit risky.’ Further, Reid explained, primary care physicians or hospitals were not going to create virtual care platforms on their own, as they lacked resources and were parts of a ‘very disparate, disjointed’ system with constant ‘pressure to reduce costs [and] improve clinical experiences.’

(Misplaced) trust

Further, some participants felt that patients might not even be aware of these commercial uses of their data. Participants described how patients might trust that ‘security and privacy are taking place’ because they are accessing a health service in Canada (Darcy). Similarly, Reid explained how trust in the Canadian healthcare services and systems may lead patients to ‘assume privacy and security are taking place’ when using a commercial virtual care platform. According to Alex, ‘when [patients] hear virtual care and they hear licensed physician in Ontario or licensed physician in your region’ they assume their data are being protected.

Discussion

Participants described how the Canadian virtual care industry used patient data—in particular, data collected as patients accessed virtual care platforms and registered for services—to generate revenue through marketing of other products and services and through data-driven partnerships. In some cases, virtual care companies were funded by pharmaceutical companies to analyse data collected when patients interacted with a healthcare provider and adjust care pathways with the goal of increasing uptake of a drug or vaccine. Participants generally described these data practices as within industry norms—appropriate and/or expected for companies operating virtual care platforms. Some expressed concern about patient privacy and the impact of data uses on structurally marginalised communities. Others were worried that data practices gave industry, in particular the pharmaceutical industry, increased influence over patient care. Participants described how patients may have readily shared their data because of their trust in Canada’s health systems and because consent processes also made it difficult, or impossible, for patients to opt-out of many commercial uses of their data. Further, patients may have felt they had little option but to use these services; participants described gaps in access to primary care laid bare during the COVID-19 pandemic.

Our analysis highlights potential issues with commercial virtual care platforms’ data practices due to their provision of healthcare services and collection of health or health-adjacent data. Patients are in a vulnerable position when they seek care,93–95 and, according to participants in our study, view the platform as a trusted entity since it provides a health service within a health system that has high levels of trust. Within this context, people may be more susceptible to marketing messaging and less able to act in their own self-interest free from undue influence.54 83 96 97 Our finding that some companies are promoting pharmaceutical products through virtual care platforms by adjusting patient care pathways is worrisome as it permits industry to directly influence clinical care.98 Adjusting patient care pathways and evaluating the impact on quality of care has the potential to improve health outcomes.99–102 However, studies show that pharmaceutical industry influence over medical care prioritises a company’s commercial objectives rather than quality patient care and has caused substantial patient harm.56 98 103–106

The data practices may also contribute to widespread sharing of sensitive health information. According to participants, companies often shared registration-related information (eg, names, emails) and deidentified information with corporation subsidiaries and, in some cases, third parties, including advertisers. Many companies also shared user data (eg, IP addresses, device identifiers) with advertising and analytics companies, like Facebook. Although each individual piece of data may not provide much information, advertisers and data analytics companies amalgamate data from a broad range of sources and create comprehensive profiles of an individual.45 46 For example, a patient’s registration information from a virtual care platform that provides mental health services, combined with their browsing history and social media accounts, can provide insights into an individual’s mental health status. In 2010, Aviva, an insurance company, purchased consumer data from a data broker and reported that the digital traces accurately predicted health risks.47 Meta, Google and other data brokers have reported similar findings.45 47 The information in these profiles, therefore, may affect an individual’s ability to access health insurance and employment opportunities.45 53 These data sharing practices in our study do not appear to be unique to Canada. A recent American investigation found that almost all telehealth websites used trackers and shared user information (eg, browsing history, IP address) with advertising platforms. Many sites also shared names, emails and addresses with these platforms and some shared answers to medical questionnaires.107

As noted by participants, even if data are deidentified, they can still cause collective harm to groups that share certain characteristics.45 47 54 57 108 109 For example, data on Indigenous Peoples are often used in ways that increase stigma by focusing on items ‘related to Indigenous difference, disparity, disadvantage, dysfunction and deprivation’110 while removing findings from their social context of dispossession, colonialism and structural anti-Indigenous racism.82 110 If companies using these data may incorporate these problematic inferences into algorithms without considering the social context, they can cause harm. A US study found that a widely used algorithm, produced by a health technology company, discriminated against black patients. The algorithm distributed health resources based on risks scores, but at any given risk score black patients were far sicker than white patients.111 The algorithm relied on past use of resources to predict future need and, since black patients generated lower health costs, likely because of barriers to care such as systemic discrimination and lower incomes, they were allocated fewer health resources.

Our study provides insight into why patients may agree to these uses of their data when accessing a virtual care platform in Canada. In alignment with other research,47 our study demonstrates that consent processes often do not provide individuals with ‘meaningful control over their data’.112 Processes were complicated and made it difficult, or impossible, for patients to opt out of many commercial uses—uses unnecessary for clinical care—of their data. Further, as noted by participants, high levels of trust in the Canadian health system and healthcare providers113–115 may have meant that patients did not carefully examine platforms’ privacy policies. Our research also raises the ethical question of whether it is appropriate to require patients to agree to these data uses to access a (often publicly funded) healthcare service. Further, the risks of commercial virtual care fall disproportionately on the 4.6 million Canadians (about 12% of the population) who do not have a primary care provider,116–118 and who may feel they have no choice but to use these commercial services.

To our knowledge, this is one of the first studies to examine how direct-to-consumer virtual care companies collect, use and value patient data.107 We provide a rich analysis of a complex situation, grounded in evidence from a variety of perspectives and triangulated with company documents and situated in time and location.119 We were limited, however, to publicly available documents and thus, have likely captured a small portion of company documents describing the commercial virtual care industry. As we primarily recruited individuals through LinkedIn we may have missed perspectives from individuals in the virtual care industry who do not use the service.120 Additionally, we did not interview individuals affiliated with the third-party advertisers, an area that may have provided additional insights. Further, as the study focuses on Canada, and differing political, legal and social contexts may affect the applicability of our findings elsewhere.121

Our research provides insight, as well as a starting point, for researchers seeking to explore the data practices of the commercial virtual care industry in Canada and abroad. Researchers should seek to understand the impact of targeted marketing through healthcare platforms on privacy and patient care.122 Researchers should also explore how enhanced legal and regulatory frameworks—including Indigenous Data Sovereignty frameworks81 82 123—could better protect patient privacy and reduce stigma and discrimination. For example, researchers could evaluate frameworks that incorporate all or some of the following approaches: (1) treat all data gathered in the context of a healthcare service as personal health information; (2) require explicit opt-in consent for any non-essential uses of health-related data; (3) enhance privacy protections for deidentified data; (4) prohibit healthcare services from sharing data with entities that conduct data-matching (eg, Google, Meta and other data brokers) and (5) provide Indigenous communities with control over their data. Our analysis, therefore, will likely be of interest to patients and may assist with advocacy efforts to provide increased data protections.124 It will also be of interest to governments as they evaluate models of virtual care and update privacy legislation. Our research may also prompt medical regulatory bodies and governments to create mechanisms to prevent commercial interests from interfering with clinical care pathways.98 125 Given that companies’ data handling practices appear to fall within industry accepted norms in Canada, self-regulation is unlikely to lead to change.

Conclusions

Patients, healthcare providers and policy-makers should be aware that the direct-to-consumer virtual care industry appears to view patient data as a revenue stream, which has implications for patient privacy, autonomy and quality of care. Researchers and policy-makers should explore how commercial interests may shape care pathways and to what effect. Policy-makers should consider how other models of virtual care, as well as enhanced privacy legislation and regulation, can address these concerns. As the data handling practices appear to fall within industry accepted norms for the private sector in Canada, alternatives to self-regulation as a means to address concerns should be explored.

Data availability statement

Data are available on reasonable request. The study interview guide is available as online supplemental file. Other data are available on reasonable request. Interview transcripts are not available to protect participant privacy.

Ethics statements

Patient consent for publication

Ethics approval

We received ethics approval from Women’s College Hospital Research Ethics Board (2021-0087-E). Participants gave informed consent before taking part in interviews.

Acknowledgments

The authors thank Matthew Herder for his input into study design and the preliminary analysis and thank Women’s College Hospital Peer Support Writing Group for reviewing a draft of this manuscript and providing feedback.

References

Supplementary materials

Footnotes

  • Twitter @sheryl_spithoff, @BJMcP, @RobynKRowe, @QuinnGrundy

  • Contributors SS, BM, RKR and QG conceived of and designed the study. LV and LM made substantial contributions to the acquisition of data and data analysis. SS wrote the initial draft and all other authors critically revised the manuscript. SS is responsible for the overall content of the study and is the study guarantor. All authors give final approval for the version to be published and agree to be accountable for all aspects of the work. The authors thank MH for his input into study design and the preliminary analysis and thank Women’s College Hospital Peer Support Writing Group for reviewing a draft of this manuscript and providing feedback.

  • Funding This project has been funded by the Office of the Privacy Commissioner of Canada (OPC); Sheryl Spithoff has a Clinician Scientist Award from the Department of Family and Community Medicine at the University of Toronto. RKR is the recipient of the Queen’s Research Opportunities Funds–Post-doctoral Fellowship Fund.

  • Disclaimer The views expressed herein are those of the authors and do not necessarily reflect those of the OPC.

  • Competing interests The authors do not have financial conflicts of interest with relevant non-profit or for-profit entities to report. SS is an unpaid member of a Scientific Advisory Committee for a non-profit research network and data repository affiliated with her academic institution.

  • Patient and public involvement Patients and/or the public were involved in the design, or conduct, or reporting, or dissemination plans of this research. Refer to the Methods section for further details.

  • Provenance and peer review Not commissioned; externally peer reviewed.

  • Supplemental material This content has been supplied by the author(s). It has not been vetted by BMJ Publishing Group Limited (BMJ) and may not have been peer-reviewed. Any opinions or recommendations discussed are solely those of the author(s) and are not endorsed by BMJ. BMJ disclaims all liability and responsibility arising from any reliance placed on the content. Where the content includes any translated material, BMJ does not warrant the accuracy and reliability of the translations (including but not limited to local regulations, clinical guidelines, terminology, drug names and drug dosages), and is not responsible for any error and/or omissions arising from translation and adaptation or otherwise.