| VNS TECHNOLOGY WATCH: [Mike Taylor, VNS Correspondent]
===================== [Littleton, MA, USA ]
Patients' Records Are Treasure Trove
Doctors' And Pharmacies Files Are Mined For Use By Drug Makers
By Michael Miller
{WSJ 27 February 1992}
Michael Patmas, a Toms River NJ internist, says he would never disclose
confidential information about his patients,. Yet, indirectly, he does
it routinely. In his office, Dr. Patmas keeps a personal computer in
which he stores all his patients' records: information about their
illnesses and treatment. Unknown to the patients, every week of two a
company dials into the computer and fishes out all those confidential
records. With plans to reach 15,000 physicians within the next four
years, the company, Physician Computer Network Inc.(PCN), thinks its
swelling database of patient records could become a commercial treasure.
Dr. Patmas and PCN are part of an exploding but invisible new traffic
in patients' private medical and prescription records. Physicians and
pharmacists routinely open up their patient records to data collectors
that sell them to pharmaceutical companies hungry to know exactly how
their products are selling. In all, nearly half of the 1.6 billion
prescriptions filled in year in the US pass along this chain.
Physicians and pharmacists say the disclosures do not threaten privacy,
because the data collectors all insist they delete patients' names.
But critics of these practices say the custodians of medical records
have no business entrusting them, without patient's knowledge or
consent, to an unregulated industry. And they worry that the collectors
safeguards may not be adequate.
In fact, certain data collectors that pledge total confidentiality sell
drug companies the age, sex, and an id number for individual patients.
Fears about the sale of medical records are causing some physicians
and pharmacists to resist the collectors surveillance efforts. Other
are pushing for legislation noting that privacy law covers videotape
rentals and cable TV selections, but not most medical records.
In the absence of laws, patient confidentiality is more porous than
ever before. Oklahoma, since last year, requires pharmacies to report
all prescriptions for a range of painkillers and other controlled
drugs to the state Bureau of Narcotics. In hospitals in Michigan and
New York, computer hackers have broken into electronic patient records.
Companies bent on cutting medical expenses are reviewing their
employees medical records more closely than ever.
Such trends particularly alarm patients with AIDS, mental illness and
other conditions in which a breach of privacy can have far reaching
consequences. "It worries the hell out of me," says Frank Burgmann, a
director of Florida's mental health services agency, who has tried
unsuccessfully to keep pharmacies from selling their prescription
files. "Data is like a whore. It gets passed around from hand to hand,
in spite of the rules."
Last month, an Ohio jury found that a hospital employee did not violate
any law when she allegedly discovered a friend's AIDS diagnosis in the
hospital computer and shared the news with other hospital workers.
Douglas Sargent, a Detroit psychiatrist and lawyer, tells of a
clinically depressed patient who he says was fired after his employer
learned of his condition from an insurance company.
There are not any reports of patients' names leaking through the
commercial use of their records in market research, which is a new
phenomenon. Specialists in privacy issues say, however, that most
violations of medical confidentiality never come to the attention of
patients. And Patients who do become aware may be loath to make matters
worse by publicizing the breach.
Dr. Patmas, the NJ internist, says he was not worried about
confidentiality when he agreed to let PCN search his patient records;
the company assured him its software had safeguards to keep it from
capturing patient's names. Besides, he says, speaking hypothetically of
a pharmaceutical company: "Merck doesn't care if Mary Jones has herpes,
they want to know if I prefer Lasix or Bumex."
Dr. Patmas also had a potent incentive to sign up with PCN. The company
offered to lease him a top of the line personal computer and software
for about one-third what these would otherwise cost. In three years,
this offer has drawn more than 1,600 physicians to PCN, the first
company to gather market data by tapping directly into physician's
computers.
Another physician on the network, Dominic Mazzocchi of Point Pleasant
NJ, notes that insurance companies already, see his patients' records.
He does have one lingering worry. "The only thing that would be a
concern," he says, "is if [PCN] took my financial information. But
they swear they haven't."
The medical data network reaches deeper into the nations pharmacies;
it includes about 29,000, or roughly half of all drugstores.
Joseph Mosso, a Latrobe Pa., pharmacist, two years ago agreed to let
his drug wholesaler scoop up his computerized prescription files once a
week over telephone lines. In return, the wholesaler, FoxMeyer Corp.,
sends him weekly price updates at a discounted fee.
With similar hookups to more than 1,000 other pharmacies, FoxMeyer
sells all the records it gathers to the two main medical data
collectors: IMS International and Walsh International Inc., a private
British firm. FoxMeyer's president, Robert King, says his computer
extracts only product information, not patients' names. But Mr Mosso,
the pharmacist, says "I can't tell you whether they do or not [take
patient names], I have no way of knowing...It's more or less a
mouth-to-mouth agreement that they will not search those files.
The companies that amass all this information have become favorites of
Wall Street and corporate investors, although total revenue in this
new industry is only about $150 million a year. Information giant Dun &
Bradstreet Corp. bought IMS in 1988 and created an electronic network
that now sweeps in more 700 million prescriptions a year. Today IMS's
rating of drug sales powerfully influence how drug companies market to
physicians.
Medco Containment Services Inc., the nation's biggest mail-order
prescription operation, last year created a subsidiary to sell its
customers' prescription records, in addition to prescription data it
buys from the American Association of Retired Persons. Medco sorts
everything by the names of physicians and gives their addresses.
Drug companies love that extra feature because they can zero in on
physicians most likely to go for their mailings. Wall Street loves it,
too. Medical Marketing Group went public last March at $12.50 a share
and shot up to 20.50 on its first day. Its shares recently closed at
$29.75 in over the counter trading.
Investors are also hot on another new venture that uses prescription
records to go after physicians: a Walsh spinoff called Pharmaceutical
Marketing Services Inc.
Physicians Computer Network (PCN) has an especially impressive list of
investors. Among them IBM owns a 23% stake. Another holder (with a 4.7%
stake) is Macmillan Inc., part of the Maxwell electronic information
conglomerate.
The companies all speak emphatically about patient privacy. Walsh
exercises "an enormous amount of sensitivity and responsibility" to
maintain privacy, says its president Dennis Turner. Medical Marketing
Group's executive VP, Theodore Okon, calls patients' names a "a sacred
area we won't touch." IMS, like other companies, says drug company
clients want to know how their products are selling, not who is buying
them.
Patient privacy advocates contend the industry should never get its
hands on medical records in the first place. "Regardless of how the
pharmacist or physician feels about the safeguards, it's not their
call. The patient is the only one who has the right to release this
information to anyone", asserts Michael Isbell, staff attorney in New
York for the Lambda Legal Defense and Education fund, a lesbian and gay
rights group.
The AIDS epidemic has made such organizations acutely aware of the
consequences of breaching physician-patient confidentiality. "People
lose their friends, lose their jobs, get kicked out of their
apartments," Mr. Isbell says.
The medical data business may risk running afoul of state AIDS
confidentiality laws, one the few areas in which medical privacy is
strictly protected. New York, for instance, specifically limits legal
access to AIDS related records. If a physician or pharmacist should
give a market researcher pertaining to AIDS, "it's a good possibility"
that this would violate the law, says Andrew Stern, deputy director of
the New York state health department's special investigations unit.
Industry pledges of confidentiality have shades of gray. A McKesson
Corp. unit called PCS looks at 120 million prescriptions a year, to
process payments for companies that give their employees a PCS
insurance card to present at pharmacies. Few of those employees know
that PCS sells its entire data base to Walsh International. "Patient
confidentiality is totally ensured," a PCS spokesman says.
In fact, though PCS deletes patients' names, it includes their age,
sex, Social Security Number, as well as their physicians' federal ID
numbers. Walsh drops the SSN and replaces it with a code number of its
own. That way, it says, the drug company client can track an
individual's prescription buying but won't know the patient's name.
The medical data collectors sweep up so much information that some
physicians and pharmacists do not know exactly how open to view their
files are. Joseph Staller, pharmacist at the Red Oak Pharmacy in
Houston, says he is opposed to selling his records to market
researchers. "You want everyone to know what your wife's taking?" he
asks. "Not that they'd even look for that,. but there's potential for
abuse.
But Mr Staller keeps all his records in a personal computer connected
by phone to his software supplier, Pharmacy Data Systems Inc. For the
past year, Pharmacy Data has been testing a program it plans to begin
in March: to dial into its 200 customers computers every week, copy
their prescription records and sell them to IMS and Walsh. Mr.
Staller, told of the software company's plan, says he is flabbergasted.
"I had no idea." Pharmacy Data says its plans to notify pharmacists
before it takes their data, and it won't collect patient names.
Some who do understand the collector's technology are rebelling against
it. Carl Chalstrom, a pharmacist in Anamosa Iowa, bought new software
for his drugstore and was surprised to read about a special feature
called "IMS Data Program." Slip in a diskette, and it makes a copy of
all the prescription files. Mr. Chalstrom says IMS International offered
him about $50 a month to run the program and send it the diskette.
The same kind of feature is built into a number of pharmacy software
packages, and it sends IMS a gusher of data. Software makers say these
programs preserve patient privacy because they do not copy any names
onto IMS's diskette. "We're damn careful that no one gets a patient name
anywhere," says Ken Couch, directory of national marketing for QS/1
Data Systems of Spartanburg SC, which has 4,300 pharmacy customers
including Carl Chalstrom. Mr. Chalstrom was not sold. "With access to
computers so easily obtained, we were worried," he says. "You read so
much about computer companies getting people's account histories and
financial records." He turned down the money from IMS.
But the data collectors are getting countless new sources, thanks to
the growing chain of "third parties" who handle confidential patient
records. For example, Health Information Technologies Inc., is one of
a slew of new companies springing up to automate private physicians'
insurance claims. The Princeton NJ company outfits 5,000 physicians
with special "Health Link" terminals for entering their patients
billing information. HIT not only takes care of the physician's
payments, but it also keeps electronic copies of all the patient
records. Once its data base get a little bigger, HIT intends to start
selling it to drug marketers, insurance reviewers, and other companies,
says VP Charles Ricevuto. He says the data won't include patients' or
physicians' names.
Meanwhile, changes in the American health care system are opening up a
wide new market for medical data attached to patients' names. Corporate
cost cutters examining their employees' medical expenses are paying
less and less attention to privacy. A 1991 study by the Office of
Technology Assessment, a congressional agency, concluded that three out
of ten employers allow managers to review employees medical records
without their permission.
At the same time, the war against drug abuse is pressing lawmakers to
make pharmacy records even less private than they already are. Rep.
Pete Stark (D-CA) is proposing a federal law based on the Oklahoma
prescription reporting system. The American Civil Liberties Union is
arguing that nationwide data bases listing users of controlled
medications could easily be misused by employers and snoops.
And the drug companies that buy the collectors data today are taking
new steps to market directly to patients, breaking a long industry
taboo. Marion Merrell Dow Inc., for instance has amassed its own data
base of 350,000 heart patients who take its drug Cardizem. It sends
them all "CardiSense" newsletters about healthy living, and it is
studying ways to use the names.
All these trends unsettle patients like Robert Boorstin, a New York
writer. He speaks openly about his own manic depression illness but
worries about the privacy of other patients in a support group he runs.
"For someone with an illness like this you have a lot of people to
trust," he says. "You have to trust doctors, you have to trust
pharmacists, you have to trust your friends who might see you have an
episode, your co-workers ... Why add to the list?"
{The Wall Street Journal Thursday February 27, 1992 pg 1,A6}
Permission to copy material from this VNS is granted (per DIGITAL PP&P)
provided that the message header for the issue and credit lines for the
VNS correspondent and original source are retained in the copy.
<><><><><><><><> VNS Edition : 2537 Wednesday 18-Mar-1992 <><><><><><><><>
|