Confidentiality between doctor and patient has always been a given in the United States, and it’s something we have long taken for granted. However, that confidentiality isn’t as airtight as many may think. On the contrary, pharmacies such as CVS and Express Scripts have been selling anonymous prescription information to data mining companies for years. Why? It’s an effort to target advertisements to patient’s prescriptions and health conditions. The process is called matchback, and it has rightfully raised concerns about federal medical privacy laws.
How ‘Anonymous’ is It?
Matchback is allowed because the names of the patients are said to be concealed, though to many, that doesn’t justify the breach of confidentiality. IMS Health Holdings and other data brokers have collected prescription records numbering in the hundreds of millions, and they say the names of the patients are replaced by unique codes that are generated using algorithms. But, opponents of the practice are concerned that such technological advances undermine privacy laws, specifically the Health Insurance Portability and Accountability Act (HIPAA).
Confidentiality and Transparent Disclosure Concerns
While advocates of the matchback process claim that patient’s names are not directly connected to the prescription information, not all pharmaceutical companies are comfortable with it. For example, industry giant, GlaxoSmithKlinePlc, stopped engaging in the practice after its leadership became concerned about the potential for violating consumer privacy, and because not all websites were notifying users. The company’s legitimate concerns about transparent disclosure for internet users and breeches of confidentiality are at odds with other pharmaceutical companies, like Sanofi, that do use matchback to target consumers.
Money to be Made
Not all internet giants are on board with the selling of ‘anonymous’ prescription records though. Like SmithGlaxoKlinePlc, Facebook, Google and Microsoft don’t use matchbacks in their ad targeting strategies either. Perhaps the money to be made just isn’t worth the risk to them, especially given the breaches of information that occur. Opponents of matchback point to such breeches as evidence that long term tracking poses a risk to patient privacy regardless of how the data is presented, or who is in control of it.
Whether or not the mining of prescription data is legal, many believe that it is unethical. Opponents of the process argue that all health records should be kept confidential. Regardless of whether there is a name or random number attached to it, they claim, medical information is too personal to expose to any level of risk.