I received a response from John Squire (after I emailed him about my concern about data mining):
"I agree with you; we are planning a communication on this topic soon. By the way, no one has used your data. It's your data on your system. All that was done was a change to the wording of the EULA and the addition of a Business Associates Agreement (BAA). The BAA stated that we treat data according to HIPAA guidelines. HIPAA guidelines allow the use of de-identified data. Even though this change was made last year, this clause has not been exercised and no data has been used. It was a paper change only."
