Prescription Privacy Rights
A little-known provision buried in February's federal stimulus legislation, however, now requires pharmacy benefit managers, bankers, and medical claim processors to comply with Federal privacy and security regs. The new law is being fitted with federal regulations designed to give private rights some teeth; and violations a real bite.
Both Walgreens and CVS have been defending recent litigation claiming violations of patients' rights to privacy relative to their medical prescriptions. These corporate defendants have asserted that the information sold either has been encrypted or "de-identified"; a process where the patient's name is removed from the rest of the data.
In addition, the data-mining industry asserts that de-identified health data is critical for medical as well as for quality assurance measures such as tracking the side effects of drugs. The problem is manifest when computer-savy lawbreakers "re-identify" the data by cross-referencing several databases to link one's identity to one's roster of prescriptions. Once repackaged in this manner, the data becomes a valuable commodity in the medical data industry.
Thus, the stage is set for a clash between the proponents of national medical database digitization and our basic right to privacy. The recent high-profile case of Farah Fawcett brought attention to the problem posed by data thieves. Ms Fawcett's cancer treatment records were illegally obtained and sold to the media.
While the digitization and transfer of data are now crucial to the health industry, strict privacy safeguards are needed. The question is, will they be enforced?