Surveillance technology company Banjo had struck a deal with Intermountain Healthcare to track data about the pandemic and patients infected with the coronavirus.
But like its contracts with cities, the University of Utah and the state of Utah, this one got suspended after revelations surfaced that Banjo CEO Damien Patton was once involved in white supremacist groups and was the getaway driver in a shooting of a synagogue.
In a draft contract obtained by The Salt Lake Tribune, the health care provider agreed to send Banjo information about available beds, ventilators and negative pressure areas as well as the number of infected outpatients, inpatients, intensive care unit patients and ventilator patients.
The agreement was a three-month test run of sorts in which Intermountain would pay $60,000 for five iPads loaded with Banjo’s Live Time platform. Until a few days ago, Live Time monitored public data in Utah, including 911 calls, traffic cameras, city security cameras, social media posts and emergency vehicle locations, to predict events like child kidnappings and car crashes.
This appears to be the first known case of Banjo selling data it collected from contracts with public entities to an outside organization.
Banjo already faced bipartisan concerns about privacy, with one Republican lawmaker promising to bring legislation next year. Then a report from the online outlet OneZero disclosed Patton’s white supremacist past, which led to an unraveling of its government contracts.
Intermountain pulled back as well, according to spokesman Daron Cowley.
“Intermountain Healthcare signed a contract with Banjo in April 2020, but contracted services had not yet started. Intermountain has suspended its contract with Banjo,” Cowley wrote in a statement. “We were surprised to learn of the issues that have recently been raised. Intermountain unequivocally condemns supremacist groups and all hate or violence they promote.”
The coronavirus data Intermountain agreed to provide aligns with information requested or required by the federal government from all hospitals, Cowley said. Banjo would have helped automate reporting to those federal agencies. Emergency departments would have used Banjo’s software to get early notification of possible patients, including a surge of people infected with COVID-19.
Cowley declined to comment further about the contract or whether the health provider funneled any data to Banjo.
Banjo did not respond to requests for comment.
The contract raised privacy concerns for at least one Intermountain employee who works with patient data. The employee provided The Tribune with a draft of the Banjo contract and requested anonymity due to fears of retaliation.
“There are quite a few people who feel very uncomfortable with the arrangement and Banjo's reputation,” the employee said.
Intermountain was explicit in its contract about not providing any data that would identify patients or reveal protected health information. But the employee said Banjo had approached the health care provider before the pandemic about acquiring more sensitive information to build an opioid heat map for the state.
The employee also feared Banjo’s platform could be used to deanonymize Intermountain’s patient data, if combined with other information such as traffic cameras and a patient’s ZIP code.
Banjo has abused private data in the past. An investigation by the online news outlet Vice revealed the company created a side operation that made apps to secretly scrape users’ social media, like Cambridge Analytica, which famously misused Facebook data, "but more nefariously, arguably.”
Patton, Banjo’s founder and CEO, also said he has patented technology that anonymizes personal information, but another analysis by Vice found no evidence such a patent exists.
Utah Attorney General Sean Reyes and his staff have a close relationship with Banjo. Reyes introduced Patton to prominent politicians and was instrumental in securing state and city contracts for the company.
Officials with the attorney general’s office previously expressed little concern about privacy violations or data breaches from the company, instead saying they were partners in building a system that would be secure. But after Patton’s associations with the Ku Klux Klan as a teenager were revealed, the office quickly suspended its contract and launched a third-party audit. It encouraged other state agencies to do the same.
On Wednesday night, Banjo announced in a blog post that it “has decided to suspend all Utah contracts by not ingesting any government data or providing any services to government entities.” The company didn’t mention anything about data or services associated with nongovernment agencies like Intermountain.
It’s unclear whether Banjo has relationships with any other health care providers or nongovernment organizations. Representatives with the University of Utah and the Utah Department of Health said they have no contracts with Banjo involving COVID-19 data.
“Possible it was part of a conversation or something proposed at some point, but nothing came of it,” said U. spokesman Chris Nelson.
Rich Piatt, a spokesman for Reyes, said he wasn’t aware of Banjo’s contract with Intermountain and that he did not know whether other non-government or business organizations worked with the company.
“I know a lot of different agencies that were interested. We had agencies, cities, the court system looking at it,” Piatt said, but he declined to provide agency names.