| Are Your Medication Records Confidential? |
|
|
|
|
Introduction The growth of managed care over the past 20 years has created new entities—independent practice associations, physician-hospital organizations, provider-sponsored organizations, and the like. One addition to this new breed of organizations is the pharmacy benefit manager (PBM). PBMs have become a major force over the past 10 years, bringing together a complex mix of skills that includes information management, cost-effectiveness analysis, provider relations, and consolidated purchasing to control the utilization and cost of the pharmacy benefit.[1]More than 40 PBMs operate throughout the US, and the number of participants in PBM programs increased approximately 50% from 1993 to 1994.[2] As of 1993, approximately half the Americans with third-party health coverage had prescription drug benefits, and that number is projected to increase to 90% by the end of 1999.[3] Moreover, it is anticipated that PBMs will control nearly 75% of the market by the year 2000.[1] Management of pharmacy benefits involves the management of information—information about drug interactions and drug effectiveness, patients, and treatment outcomes. PBMs function by gathering, sharing, and analyzing such information; their databases have great commercial value. Pharmaceutical manufacturers, for example, have great interest in using their databases for marketing and research. The use of information by PBMs and the disclosure of such information to other third parties raise concerns about the proper handling and protection of confidential patient information. Disclosure of prescription records can convey much confidential information about an individual's health and treatment; thus, many people are uncomfortable with the idea that unknown individuals without permission or prior notification will have access to these records. Specific Concerns There are many reasons for concern over privacy. Some people may fear that known parties, such as employers and insurers, will use confidential medical information in specific, foreseeable ways, such as in decisions related to employment and insurability. Some people may be concerned that an unlimited number of unknown parties, including government agencies, may have access to confidential patient information for unauthorized and unforeseeable purposes. Another concern is that inaccurate information may become part of one's medical records.[4] Fear of inadequate protection of prescription records can result in several negative consequences for patients. For example, patients may forgo diagnosis or treatment because they are concerned that their employers or other unknown parties may obtain information about their prescription medication.[5] They may decline to obtain treatment for their children for fear that the medical records generated could stigmatize them or limit their future education or employment opportunities.[6] Thus, fear of violation of the right to privacy in prescription records could have far-reaching effects on health and well being. Currently, the law does not offer much protection for prescription records once they are collected by or disclosed to PBMs or other secondary users. While the Supreme Court has held that individuals do have certain privacy rights when it comes to their own medical information,[7] it has been less protective when addressing the right of privacy in prescription records, balancing such rights against the interests of other parties in disclosure.[8] Thus, there is no guarantee of an individual's constitutional right to privacy in terms of avoiding disclosure of prescription records. Protective Legislation The right of privacy is protected by 2 federal laws: the Privacy Act[9] and the Freedom of Information Act[10]; however, they generally do not apply to private organizations such as PBMs. Protection for the right of privacy on the state level varies by jurisdiction; however, there is little authority in most states governing the confidentiality of prescription records. Moreover, while a minority of states have adopted an explicit right of privacy in their constitutions, the state constitutions, like the US Constitution, protect against governmental action only.[11] Most states also recognize some form of a physician-patient privilege, which protects patient information. In most states, this privilege is limited to physicians and is not extended to pharmacists.[12] Moreover, no state expressly provides for a pharmacist-patient privilege, either by common law or by statute. Finally, while patient information is protected in the pharmacy context by the pharmacist's code of ethics,[13] such principles are not imposed on pharmacists by statute or common law in all states. Moreover, such code of ethics does not protect health care information if it has been disclosed to a third party such as a PBM.[12] Inconsistent state and federal laws leave PBMs without any clear policy to follow when it comes to appropriate use of the pharmacy records and patient information they obtain in the course of their business. Thus, what is needed is a clear national policy regarding the duty of secondary users of prescription records, such as PBMs, to protect such information. The policy should create an obligation on the part of the PBMs to protect the information they receive, much like a hospital must protect the confidentiality of medical records. The policy should balance the need to protect patient-specific information, the need to ensure accurate and complete patient information, and the various legitimate business interests of the PBM. The policy should be flexible enough to deal with the expanding uses of pharmacy records. It should recognize that secondary users have a legitimate interest in the information and that some uses of the information can be beneficial to patients. Thus, the policy should include parameters for disclosure of such information to other third parties, such as pharmaceutical manufacturers. The policy should also control how much information secondary users are allowed to access. Databases could be structured so that only anonymous prescription information is revealed to other parties. Furthermore, limits on the kind of prescription information that others are able to access may be necessary. For example, users could be prohibited from accessing information about patients who have been prescribed medications to treat AIDS or depression. Finally, the policy should consider whether certain disclosures should require patient consent. The means of obtaining such consent should be specified and should be the least burdensome method, when obtained for a legitimate business purpose. To summarize, the development of PBMs has created new concerns regarding maintaining the confidentiality of prescription records. The current state of the law does not adequately protect such confidentiality while taking into account the legitimate business interests of PBMs and other secondary users of such information, such as pharmaceutical manufacturers. The solution may be for Congress to create a national policy that would impose a duty on PBMs and other such users to protect the confidentiality of prescription records, yet provide for the disclosure of prescription information for legitimate business purposes. Written by: Paula C. Ohliger, JD |
| < Previous | Next > |
|---|