An Amazonified One Medical may be too convenient for customers to resist

Amazon’s One Medical purchase is unlikely to deter consumers and employers from the service, experts said.

One Medical building

What does Amazon's plan to acquire One Medical mean for health data?

Photo: Justin Sullivan/Getty Images

Amazon is increasingly hard to escape: It's your grocer via Whole Foods, your convenience store via Prime, your home assistant via Alexa. And soon, it could be your primary care provider.

"I am less than pleased to learn that Amazon is acquiring my doctor," tweeted cloud consultant Corey Quinn after catching wind of Amazon's plan to acquire One Medical for roughly $3.9 billion. It was a common reaction among some One Medical patients, of which there were 736,000 as of December 2021.

The deal will not only shake up direct-to-consumer care; it could transform employer-based health care as well. One Medical works with more than 8,500 enterprises that offer employees access to the provider’s in-person and telehealth services. Some employers even house One Medical clinics on-site.

The acquisition may ring antitrust alarm bells, but it will be difficult for regulators to target, as primary care is a new space for Amazon. This means consumers and human resource managers will likely have to decide themselves whether to embrace an Amazonified One Medical, weighing data concerns against convenience. Many may be inclined to choose the latter, considering the mess that is the American health care system.

“For so many people, convenience trumps anything else,” said Christina Farr, a health tech investor with OMERS Ventures. “If they're going to offer a convenient, affordable experience for people, then that might be the thing that causes them to join a service like this versus cancel their membership.”

Is your medical data vulnerable to Amazon’s whims?

Your medical information should be safe. Compromising individual One Medical records would be devastating for Amazon. It is illegal, folks! An Amazon spokesperson told Protocol that One Medical customers’ HIPAA-protected information will be “handled separately from all other Amazon businesses” should the deal close.

“As required by law, Amazon will never share One Medical customers’ personal health information outside of One Medical for advertising or marketing purposes of other Amazon products and services without clear permission from the customer,” the spokesperson wrote.

For Quinn, the concern lies in Amazon simply having access to this data. In his view, Amazon is too large a company with too many opportunities for internal data misuse. Amazon’s track record of data protection on Prime is by no means perfect. A 2020 Wall Street Journal investigation found that Amazon employees used data about independent sellers to develop competing products, which then-CEO Jeff Bezos couldn’t deny to Congress. In late 2021, Wired revealed carelessness by employees in handling Amazon’s retail customer data.

“When you have 1.4 million employees, you can’t guarantee that anything has never happened,” Quinn said. “I don't particularly want the notes from my therapy appointments being something that anyone at Amazon has access to.”

Not all health information is protected by HIPAA, which focuses on privacy in a patient-provider relationship. Amazon can already access a lot of this kind of data. A simple Prime purchase can provide valuable insight into our health — a fact that has especially crystallized for Americans in a post-Roe world. Data privacy expert Debbie Reynolds said Amazon’s direct access to much of this secondary health information, coupled with ownership of the portals holding more sensitive health data, is where people’s concern lies.

I don't particularly want the notes from my therapy appointments being something that anyone at Amazon has access to.

“The concern is having such a big, powerful company that has [its] hands in so many different areas of people’s lives being able to also gather data about people, even tangentially, around their health,” Reynolds said.

When it comes to digital data security, the consequences for individuals are hypothetical and murky. But the end result for Amazon is clear: It’s a win. One Medical’s data might help inform future Amazon AI-based health products. “When you’re a first-party data holder, which Amazon will be, there’s more that you can do with data,” Reynolds said.

Quinn canceled his One Medical membership and exported his medical records, but he isn’t sure whether the company will accommodate his request to delete all of his medical data. One Medical did not respond to Protocol’s request for comment on the company’s data deletion policies.

Could this make consumer and employee health care more convenient?

Yes, it could. Farr said the deal may represent Amazon’s ambitions to build a “digital front door” to health care. Primary care is increasingly elusive for most Americans. One Medical, which some describe as “concierge medicine,” isn’t exactly the picture of accessibility just yet. It has a $199 annual membership fee and is primarily urban. Still, a Prime-like digital interface for health care could be transformative.

“There’s no real shopping experience for health care,” Farr said. “Nobody’s done that.”

Josh Bersin, an HR industry analyst, is in favor of bringing retail and health care closer together. He described a scenario that, depending on your data and surveillance inclinations, might strike you as either useful or dystopian.

“Imagine you're clicking through the Amazon web page, you click on a bottle of aspirin, and the website says, ‘Are you having problems with headaches?’” Bersin said. “‘Would you like to visit a clinic? Click here to make an appointment.’ I mean, that's not a bad idea.”

Michael Yang, health tech and workplace tech investor at OMERS Ventures, said the deal likely doesn’t change One Medical’s appeal to enterprises, even if employees have concerns about health data. He thinks the One Medical purchase will go better for Amazon than its previous attempt to disrupt employee health care, Haven.

“You’re able to take a job and be matched with a primary care physician through a clinic type of model,” Yang said. “And then you have different modalities. It could be in person, it could be virtual. It could be at a pop-up.”

What about competitors, like Google, that provide One Medical memberships for employees and host clinics on-site? Yang doesn’t see the deal deterring Google or other companies’ adoption of One Medical. One Medical’s primary care model may bring self-insured employers’ health care expenses down, and the telehealth, near-site and on-site offerings are too convenient, he said.

“It would be penny-wise, pound-foolish to take a stand against a quote-unquote competitor when your employees need it and you as an employer want them to have it,” Yang said.

But One Medical isn’t the only boutique primary care outfit out there, competing against direct health care companies like Premise Health and Crossover Health (which Amazon previously partnered with to launch employee health centers). If nervous employees lobby against an Amazon-backed One Medical or employers become spooked, they have other options.

“We’ll see how it goes with Amazon being part of that bidding process,” Farr said. “They’re certainly not the only ones.”


Upstart has a new plan to sell Wall Street on its loans

The AI-powered lender will hold some loans on its balance sheet as it seeks partners for long-term capital.

Despite the current struggles, Upstart views the marketplace model as the best way to write to keep its loan business growing.

Photo: Upstart

After a revenue drop its CEO called “unacceptable,” the leadership at fintech lender Upstart is making a bet on the strength of its ability to underwrite loans with AI.

The San Mateo company is planning to leave some loans on its balance sheet that investors do not want to buy, as concerns about the economy shift Wall Street away from backing riskier consumer debt. Rather than pull back on its lending in response, the company said it will hold some loans as it seeks longer-term capital partners.

Keep Reading Show less
Ryan Deffenbaugh
Ryan Deffenbaugh is a reporter at Protocol focused on fintech. Before joining Protocol, he reported on New York's technology industry for Crain's New York Business. He is based in New York and can be reached at
Sponsored Content

How cybercrime is going small time

Blockbuster hacks are no longer the norm – causing problems for companies trying to track down small-scale crime

Cybercrime is often thought of on a relatively large scale. Massive breaches lead to painful financial losses, bankrupting companies and causing untold embarrassment, splashed across the front pages of news websites worldwide. That’s unsurprising: cyber events typically cost businesses around $200,000, according to cybersecurity firm the Cyentia Institute. One in 10 of those victims suffer losses of more than $20 million, with some reaching $100 million or more.

That’s big money – but there’s plenty of loot out there for cybercriminals willing to aim lower. In 2021, the Internet Crime Complaint Center (IC3) received 847,376 complaints – reports by cybercrime victims – totaling losses of $6.9 billion. Averaged out, each victim lost $8,143.

Keep Reading Show less
Chris Stokel-Walker

Chris Stokel-Walker is a freelance technology and culture journalist and author of "YouTubers: How YouTube Shook Up TV and Created a New Generation of Stars." His work has been published in The New York Times, The Guardian and Wired.


Does your boss sound a little funny? It might be an audio deepfake

Voice deepfake attacks against enterprises, often aimed at tricking corporate employees into transferring money to the attackers, are on the rise. And at least in some cases, they’re succeeding.

Audio deepfakes are a new spin on the impersonation tactics that have long been used in social engineering and phishing attacks, but most people aren’t trained to disbelieve their ears.

Illustration: Christopher T. Fong/Protocol

As a cyberattack investigator, Nick Giacopuzzi’s work now includes responding to growing attacks against businesses that involve deepfaked voices — and has ultimately left him convinced that in today's world, "we need to question everything."

In particular, Giacopuzzi has investigated multiple incidents where an attacker deployed fabricated audio, created with the help of AI, that purported to be an executive or a manager at a company. You can guess how it went: The fake boss asked an employee to urgently transfer funds. And in some cases, it’s worked, he said.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at


Binance’s co-founder could remake its crypto deal-making

Yi He is overseeing a $7.5 billion portfolio, with more investments to come, making her one of the most powerful investors in the industry.

Binance co-founder Yi He will oversee $7.5 billion in assets.

Photo: Binance

Binance co-founder Yi He isn’t as well known as the crypto giant’s colorful and controversial CEO, Changpeng “CZ” Zhao.

That could soon change. The 35-year-old executive is taking on a new, higher-profile role at the world’s largest crypto exchange as head of Binance Labs, the company’s venture capital arm. With $7.5 billion in assets to oversee, that instantly makes her one of the most powerful VC investors in crypto.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at or via Google Voice at (925) 307-9342.


Trump ordered social media visa screening. Biden's defending it.

The Knight First Amendment Institute just lost a battle to force the Biden administration to provide a report on the collection of social media handles from millions of visa applicants every year.

Visa applicants have to give up any of their social media handles from the past five years.

Photo: belterz/Getty Images

Would you feel comfortable if a U.S. immigration official reviewed all that you post on Facebook, Reddit, Snapchat, Twitter or even YouTube? Would it change what you decide to post or whom you talk to online? Perhaps you’ve said something critical of the U.S. government. Perhaps you’ve jokingly threatened to whack someone.

If you’ve applied for a U.S. visa, there’s a chance your online missives have been subjected to this kind of scrutiny, all in the name of keeping America safe. But three years after the Trump administration ordered enhanced vetting of visa applications, the Biden White House has not only continued the program, but is defending it — despite refusing to say if it’s had any impact.

Keep Reading Show less
Anna Kramer

Anna Kramer is a reporter at Protocol (Twitter: @ anna_c_kramer, email:, where she writes about labor and workplace issues. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.

Latest Stories