How do I compellingly advocate for my privacy with doctors and other healthcare professionals?

TL;DR: What are the best arguments to make healthcare professionals care about privacy? Would it be insensitive to use Carissa Véliz’ Holocaust example if I know my doctor is Jewish?

Two months ago I had an appointment with a dermatologist who uses a Gmail address for her practice. She also uses WhatsApp. It was my first time seeing her, so I had to fill out some forms, and I noticed that there was no mention of their privacy policy in them.

Ever since I read Carissa Véliz’s Privacy is Power (2020) , I have consistently followed her advice by asking every organization that handles my data what their privacy practices are.

And even though I live in a country where there are data privacy laws, I have found that no one is able to clearly answer that question. All they do is cite the law. You’re protected by GDPR/California Consumer Privacy Act (CCPA)/Local Data Protection Law. But they are unable to go into the details. They are unable to discuss their own privacy practices, which is unacceptable.

HEALTHCARE WORKERS DON’T CARE

I inquired of my doctor’s receptionist about their privacy policy, and that’s exactly what she did. She simply cited the law and said that I can rest assured I have doctor/patient confidentiality, even though none of the forms mention anything about it.

I explained to the receptionist that I didn’t want my medical history shared with third parties. She assured me that it wasn’t, which is when I pointed out that they use Gmail. She didn’t seem to understand, so I had to spell it out to her, and she replied that she/they (the practice) had nothing to hide from Google.

I tried to impress upon her the importance of data privacy by mentioning that Google is an advertising company that makes money from people’s data, but I failed to make her understand.

I didn’t have the best examples off the top of my head. I could have mentioned chat control or the fact that many European governments are moving away from Microsoft and other American companies because of the spying, but I didn’t.

WHAT SHOULD I SAY AT THE NEXT NEXT APPOINTMENT?

When I got home, I thought of another example I could have used illustrating how privacy protects people and saves lives, and it’s the one Carissa Veliz mentioned in both her book and TED Talk. I could have mentioned the fact that during WWII, France was able to save more Jewish lives than the Netherlands, because the latter had a policy of collecting as much data as possible from their citizens from the cradle to the grave.

I have another appointment coming up next month.

1) Would it be insensitive for me to use this example with the knowledge that both my doctor and her receptionist are Jewish?

2) If not, what are the best examples a healthcare worker would care about?

It needs to be easy to understand and compelling. If you have healthcare examples of breaches or mishandling of data, perhaps even involving Google, please let me know. I can’t go into a long tirade because most people don’t care to listen. I need to make a big impact fast.

HEALTHCARE WORKERS DON’T HAVE TO CARE

Even though it doesn’t guarantee quality of care, when I look for a doctor online, I am more compelled to choose one who has their own website, on which I can also see their face and what they’re about. The dermatologist I went to see didn’t have either. I picked her, partly because she had good reviews and had the earliest availability. She was not my first choice.

When I suggested to my dermatologist’s receptionist that they should have a website, not just for security so they can avoid Gmail, but to be easier to find, she replied that they didn’t need to because they are already swamped. And there’s the rub.

Most doctors are overflowing with patients and do not need any marketing to get more. Which means that if a privacy-conscious patient such as myself has reservations about their poor practices, they don’t have to care, because I need them more than they need me. They’d be happy to let me go somewhere else because I’m in an infinitesimal minority. The problem is most doctors are in this asymmetrical position where they have the advantage.

IS PUNISHMENT THE ONLY WAY TO MAKE THEM CARE?

It would seem that that punishment is the only way to compel healthcare practitioners to do the right thing, and that’s only if data protection agencies actually care to reprimand them.

Although I could be wrong, I strongly suspect that if data protection agencies realize that many healthcare practitioners use Gmail and WhatsApp to handle patient data, they won’t be willing to severely fine them. My guess is, at best, they would offer them an opportunity to correct the matter, which could also take too long.

3) Does anyone actually know healthcare workers who use Signal for their practice?

Why aren’t there any?