Title: Data Mining Personal Medical Information to Sell Prescription Drugs
1Data Mining Personal Medical Information to
Sell Prescription Drugs
- Prescription Project Conference
- December 9, 2008
- Washington D.C.
2Using Individual Medication History for Marketing
Drugs Two Forms
- Uses individual patient medication history to
promote specific drugs directly to patient - Uses partially de-identified patient history to
market drugs to doctors and indirectly influence
patient care
3Marketing to Individuals Using Identifiable
Patient Medication History
- Ads/letters sent to individuals by mail, using
Protected Health Information to promote alternate
drugs - HIPAA allows communication without consent for
alternative treatments, therapies, sites of
care, or providers - Not classified as marketing
- PBMs, mail order pharmacies, manufacturers may
benefit - Consumers hate this
4Marketing to Individuals Using Identifiable
Patient Medication History
- Reminder to Fill Prescription letters
- Currently sent by business associate of covered
entity pharmacy where Rx originally dispensed - Letters give appearance of care coordination
- Patient may be better off NOT refilling at same
pharmacy - Calif. S. 1096 would have allowed drug companies
access to patient pharmacy records to send
directly to patients
5Electronic Medical Records Easier Target for
Marketing Use
- Software vendors may have individual patient
records on back-up servers - More easily follow patients across sites of
care - Software vendors are business associates, not
HIPAA covered entities - Business Associate loopholes in HIPAA
- No federal enforcement
- Business Associate must promise privacy
protections - Covered entity only at risk if it knew or had
reason to suspect violation - No private right to sue in federal court, 4
criminal cases
6IT Expert Says Software Vendor Contracts Violate
HIPAA Privacy Rules
- There are vendors that are obligating covered
entities to do things they are not allowed to
do.Paul Tang, member of HHS IT and NCHVS
privacy and confidentiality advisory groups - Vendor contracts claim ownership of data, real
time access and right to resell
7Software Vendors Share Patient Data with
Manufacturers
- Tangs concern confirmed in New Hampshire
- Vendor admits they sometimes share data for
research - Permission granted by doctor--extent of PHI
disclosure unclear but includes unique identifier
8Public Not Confident About Privacy and Security
of Medical Information
- 80 Very worried (Markle Foundation)
- Lie to doctors, ask doctors to fudge records,
skip tests - Medical Identity Theft250M cases in 2005 (FTC)
- Expensive (50 vs. 1 for social security number
theft) and dangerous
9Who Supports Better Privacy Controls?
- National Committee for Health and Vital
Statistics - National Governors Association
- Government Accounting Office
- Secretary of Veterans Affairs
- The Presidents Council of Advisors on Science
and Technology
10Who Will Oppose Better Privacy Controls?
- PhRMA
- Hospitals, PBMs, Pharmacies, Health Care
Communications Companies, Possibly Doctors and
Other Providers
11HIPAA Loopholes Must be Closed To Prevent Use of
Individual Medication History for Selling RX
Drugs
- No action seen at federal level
- HIPAA allows states to enact stricter laws
- Add privacy/security provisions on business
associates with state enforcement and penalty
(consumer protection act) to stop software
vendors from selling data - Redefine marketing more broadly than HIPAA to
require consent for alternative treatment/
therapies/sites of care/providers
12- Cindy.Rosenwald_at_leg.state.nh.us
- 603.271.3589