Blogs > The Law Blogger

The Law Blogger is a law-related blog that informs and discusses current matters of legal interest to readers of The Oakland Press and to consumers of legal services in the community. We hope readers will  find it entertaining but also informative. The Law Blogger does not, however, impart legal advice, as only attorneys are licensed to provide legal counsel.
For more information email:

Friday, August 14, 2009

Prescription Privacy Rights

When we fill a prescription, most of us believe that action, along with our identity, is private. In fact, the name and dosage of the drug, the prescribing physician, and your own name and social security number become a commodity bought and sold in the medical data-mining industry.

A little-known provision buried in February's federal stimulus legislation, however, now requires pharmacy benefit managers, bankers, and medical claim processors to comply with Federal privacy and security regs. The new law is being fitted with federal regulations designed to give private rights some teeth; and violations a real bite.

Both Walgreens and CVS have been defending recent litigation claiming violations of patients' rights to privacy relative to their medical prescriptions. These corporate defendants have asserted that the information sold either has been encrypted or "de-identified"; a process where the patient's name is removed from the rest of the data.

In addition, the data-mining industry asserts that de-identified health data is critical for medical as well as for quality assurance measures such as tracking the side effects of drugs. The problem is manifest when computer-savy lawbreakers "re-identify" the data by cross-referencing several databases to link one's identity to one's roster of prescriptions. Once repackaged in this manner, the data becomes a valuable commodity in the medical data industry.

Another portion of the stimulus package of note to this post is the $20 billion incentive for physicians to digitize their records over the next five-years. Companies such as Google, Microsoft and WebMD all stand to gain from the information processing aspects of this digital push. Both WebMD and Microsoft acknowledge that the new Federal privacy rules apply to their companies. Google asserts, on the other hand, that its users are subject only to their privacy policy which is agreed to as a precondition to logging on.

Thus, the stage is set for a clash between the proponents of national medical database digitization and our basic right to privacy. The recent high-profile case of Farah Fawcett brought attention to the problem posed by data thieves. Ms Fawcett's cancer treatment records were illegally obtained and sold to the media.
While the digitization and transfer of data are now crucial to the health industry, strict privacy safeguards are needed. The question is, will they be enforced?

Labels: , , , , ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home