The sign displayed at the pharmacy looked reassuring: “Due to privacy concerns we are unable to wait on you while you are using a celllular phone. Please finish any conversations before approaching the pharmacy counter.” The question is, “Whose privacy?” Most people think their name, address, uniques prescription information, doctor’s name, and their Social Security number, among other data held by their pharmacist, are in fact privately protected information. Think again. These valuable commodities are still being bought and sold, usually without the patient’s knowledge or permission, in an opaque marketplace, where advertisers, drug companies and who-knows-who-else, make money off your imprint.
Enacted in February, the Federal Stimulus law prohibits the sale of personal health information with a few exceptions for research and public health measures. It also, according to the New York Times, tightens rules for telling patients when hackers or health workers have stolen their Social Security numbers. Still, the game goes on. Tracking prescriptions has been a big business for many years. Researchers say that analyzing information from thousands of patients helps identify potentially dangerous drug side effects. So theoretically the data is stripped of all patient identity. Yet several companies have been accused in lawsuits of buying and selling personal medical data. Some of these companies are drugstore chains like Walgreens and CVS Caremark, as well as IMS Health, and Verispan. The latter two companies are data miners who claim to “de-identigy patient information” for research purposes. IMS claims to use multiple encryption to protect privacy. Their income has dropped almost 11% from over $1 billion year ago, but their spokesman said he did not expect privacy issues to affect their business. Enforcement actions by Health and Human Services against health plans, care providers, pharmacies, and others to protect patient’s privacy rose from 200 in 2003 to over 2, 100 in 2008.