Conference 7.286::digital

1812.0. "Medical Records Not Confidential? Could be!" by DPDMAI::RESENDE (Spit happens, Daddy!) Wed Mar 18 1992 22:15

    The following article has really stunned me.  Although technology makes
    this possible, that still doesn't make it right.  Anything for a buck
    surely must be the rule.
    
    This is posted here because I think it is of general interest to the
    DIGITAL employee community, because it discusses one of DIGITAL's
    employee benefits (PCS medical), and because it makes me wonder what is
    happening with the DIGITAL Medical Plan information via John Hancock. 
    Are all our medical records being reviewed by management to determine
    who costs too much?  Not yet, probably, but certainly it appears to be
    a possibility.
    
    Steve
    
    <><><><><><><><>  T h e   V O G O N   N e w s   S e r v i c e  <><><><><><><><>

 Edition : 2537            Wednesday 18-Mar-1992            Circulation :  8164 

VNS TECHNOLOGY WATCH:                           [Mike Taylor, VNS Correspondent]
=====================                           [Littleton, MA, USA            ]

                     Patients' Records Are Treasure Trove
        Doctors' And Pharmacies Files Are Mined For Use By Drug Makers
                              By Michael Miller
                              {WSJ 27 February 1992}

    Michael Patmas, a Toms River NJ internist, says he would never disclose
    confidential information about his patients,. Yet, indirectly, he does
    it routinely. In his office, Dr. Patmas keeps a personal computer in
    which he stores all his patients' records: information about their
    illnesses and treatment. Unknown to the patients, every week of two a
    company dials into the computer and fishes out all those confidential
    records. With plans to reach 15,000 physicians within the next four
    years, the company, Physician Computer Network Inc.(PCN), thinks its
    swelling database of patient records could become a commercial treasure.

    Dr. Patmas and PCN are part of an exploding but invisible new traffic
    in patients' private medical and prescription records. Physicians and
    pharmacists routinely open up their patient records to data collectors
    that sell them to pharmaceutical companies hungry to know exactly how
    their products are selling. In all, nearly half of the 1.6 billion
    prescriptions filled in year in the US pass along this chain.

    Physicians and pharmacists say the disclosures do not threaten privacy,
    because the data collectors all insist they delete patients' names.
    But critics of these practices say the custodians of medical records
    have no business entrusting them, without patient's knowledge or
    consent, to an unregulated industry. And they worry that the collectors
    safeguards may not be adequate.

    In fact, certain data collectors that pledge total confidentiality sell
    drug companies the age, sex, and an id number for individual patients.

    Fears about the sale of medical records are causing some physicians
    and pharmacists to resist the collectors surveillance efforts. Other
    are pushing for legislation noting that privacy law covers videotape
    rentals and cable TV selections, but not most medical records.

    In the absence of laws, patient confidentiality is more porous than
    ever before. Oklahoma, since last year, requires pharmacies to report
    all prescriptions for a range of painkillers and other controlled
    drugs to the state Bureau of Narcotics. In hospitals in Michigan and
    New York, computer hackers have broken into electronic patient records.
    Companies bent on cutting medical expenses are reviewing their
    employees medical records more closely than ever.

    Such trends particularly alarm patients with AIDS, mental illness and
    other conditions in which a breach of privacy can have far reaching
    consequences. "It worries the hell out of me," says Frank Burgmann, a
    director of Florida's mental health services agency, who has tried
    unsuccessfully to keep pharmacies from selling their prescription
    files. "Data is like a whore. It gets passed around from hand to hand,
    in spite of the rules."

    Last month, an Ohio jury found that a hospital employee did not violate
    any law when she allegedly discovered a friend's AIDS diagnosis in the
    hospital computer and shared the news with other hospital workers.
    Douglas Sargent, a Detroit psychiatrist and lawyer, tells of a
    clinically depressed patient who he says was fired after his employer
    learned of his condition from an insurance company.

    There are not any reports of patients' names leaking through the
    commercial use of their records in market research, which is a new
    phenomenon. Specialists in privacy issues say, however, that most
    violations of medical confidentiality never come to the attention of
    patients. And Patients who do become aware may be loath to make matters
    worse by publicizing the breach.

    Dr. Patmas, the NJ internist, says he was not worried about
    confidentiality when he agreed to let PCN search his patient records;
    the company assured him its software had safeguards to keep it from
    capturing patient's names. Besides, he says, speaking hypothetically of
    a pharmaceutical company: "Merck doesn't care if Mary Jones has herpes,
    they want to know if I prefer Lasix or Bumex."

    Dr. Patmas also had a potent incentive to sign up with PCN. The company
    offered to lease him a top of the line personal computer and software
    for about one-third what these would otherwise cost. In three years,
    this offer has drawn more than 1,600 physicians to PCN, the first
    company to gather market data by tapping directly into physician's
    computers.

    Another physician on the network, Dominic Mazzocchi of Point Pleasant
    NJ, notes that insurance companies already, see his patients' records.
    He does have one lingering worry. "The only thing that would be a
    concern," he says, "is if [PCN] took my financial information. But
    they swear they haven't."

    The medical data network reaches deeper into the nations pharmacies;
    it includes about 29,000, or roughly half of all drugstores.

    Joseph Mosso, a Latrobe Pa., pharmacist, two years ago agreed to let
    his drug wholesaler scoop up his computerized prescription files once a
    week over telephone lines. In return, the wholesaler, FoxMeyer Corp.,
    sends him weekly price updates at a discounted fee.

    With similar hookups to more than 1,000 other pharmacies, FoxMeyer
    sells all the records it gathers to the two main medical data
    collectors: IMS International and Walsh International Inc., a private
    British firm. FoxMeyer's president, Robert King, says his computer
    extracts only product information, not patients' names. But Mr Mosso,
    the pharmacist, says "I can't tell you whether they do or not [take
    patient names], I have no way of knowing...It's more or less a
    mouth-to-mouth agreement that they will not search those files.

    The companies that amass all this information have become favorites of
    Wall Street and corporate investors, although total revenue in this
    new industry is only about $150 million a year. Information giant Dun &
    Bradstreet Corp. bought IMS in 1988 and created an electronic network
    that now sweeps in more 700 million prescriptions a year. Today IMS's
    rating of drug sales powerfully influence how drug companies market to
    physicians.

    Medco Containment Services Inc., the nation's biggest mail-order
    prescription operation, last year created a subsidiary to sell its
    customers' prescription records, in addition to prescription data it
    buys from the American Association of Retired Persons. Medco sorts
    everything by the names of physicians and gives their addresses.

    Drug companies love that extra feature because they can zero in on
    physicians most likely to go for their mailings. Wall Street loves it,
    too. Medical Marketing Group went public last March at $12.50 a share
    and shot up to 20.50 on its first day. Its shares recently closed at
    $29.75 in over the counter trading.

    Investors are also hot on another new venture that uses prescription
    records to go after physicians: a Walsh spinoff called Pharmaceutical
    Marketing Services Inc.

    Physicians Computer Network (PCN) has an especially impressive list of
    investors. Among them IBM owns a 23% stake. Another holder (with a 4.7%
    stake) is Macmillan Inc., part of the Maxwell electronic information
    conglomerate.

    The companies all speak emphatically about patient privacy. Walsh
    exercises "an enormous amount of sensitivity and responsibility" to
    maintain privacy, says its president Dennis Turner. Medical Marketing
    Group's executive VP, Theodore Okon, calls patients' names a "a sacred
    area we won't touch." IMS, like other companies, says drug company
    clients want to know how their products are selling, not who is buying
    them.

    Patient privacy advocates contend the industry should never get its
    hands on medical records in the first place. "Regardless of how the
    pharmacist or physician feels about the safeguards, it's not their
    call. The patient is the only one who has the right to release this
    information to anyone", asserts Michael Isbell, staff attorney in New
    York for the Lambda Legal Defense and Education fund, a lesbian and gay
    rights group.

    The AIDS epidemic has made such organizations acutely aware of the
    consequences of breaching physician-patient confidentiality. "People
    lose their friends, lose their jobs, get kicked out of their
    apartments," Mr. Isbell says.

    The medical data business may risk running afoul of state AIDS
    confidentiality laws, one the few areas in which medical privacy is
    strictly protected. New York, for instance, specifically limits legal
    access to AIDS related records. If a physician or pharmacist should
    give a market researcher pertaining to AIDS, "it's a good possibility"
    that this would violate the law, says Andrew Stern, deputy director of
    the New York state health department's special investigations unit.

    Industry pledges of confidentiality have shades of gray. A McKesson
    Corp. unit called PCS looks at 120 million prescriptions a year, to
    process payments for companies that give their employees a PCS
    insurance card to present at pharmacies. Few of those employees know
    that PCS sells its entire data base to Walsh International. "Patient
    confidentiality is totally ensured," a PCS spokesman says.

    In fact, though PCS deletes patients' names, it includes their age,
    sex, Social Security Number, as well as their physicians' federal ID
    numbers. Walsh drops the SSN and replaces it with a code number of its
    own. That way, it says, the drug company client can track an
    individual's prescription buying but won't know the patient's name.

    The medical data collectors sweep up so much information that some
    physicians and pharmacists do not know exactly how open to view their
    files are. Joseph Staller, pharmacist at the Red Oak Pharmacy in
    Houston, says he is opposed to selling his records to market
    researchers. "You want everyone to know what your wife's taking?" he
    asks. "Not that they'd even look for that,. but there's potential for
    abuse.

    But Mr Staller keeps all his records in a personal computer connected
    by phone to his software supplier, Pharmacy Data Systems Inc. For the
    past year, Pharmacy Data has been testing a program it plans to begin
    in March: to dial into its 200 customers computers every week, copy
    their prescription records and sell them to IMS and Walsh. Mr.
    Staller, told of the software company's plan, says he is flabbergasted.
    "I had no idea." Pharmacy Data says its plans to notify pharmacists
    before it takes their data, and it won't collect patient names.

    Some who do understand the collector's technology are rebelling against
    it. Carl Chalstrom, a pharmacist in Anamosa Iowa, bought new software
    for his drugstore and was surprised to read about a special feature
    called "IMS Data Program." Slip in a diskette, and it makes a copy of
    all the prescription files. Mr. Chalstrom says IMS International offered
    him about $50 a month to run the program and send it the diskette.

    The same kind of feature is built into a number of pharmacy software
    packages, and it sends IMS a gusher of data. Software makers say these
    programs preserve patient privacy because they do not copy any names
    onto IMS's diskette. "We're damn careful that no one gets a patient name
    anywhere," says Ken Couch, directory of national marketing for QS/1
    Data Systems of Spartanburg SC, which has 4,300 pharmacy customers
    including Carl Chalstrom. Mr. Chalstrom was not sold. "With access to
    computers so easily obtained, we were worried," he says. "You read so
    much about computer companies getting people's account histories and
    financial records." He turned down the money from IMS.

    But the data collectors are getting countless new sources, thanks to
    the growing chain of "third parties" who handle confidential patient
    records. For example, Health Information Technologies Inc., is one of 
    a slew of new companies springing up to automate private physicians'
    insurance claims. The Princeton NJ company outfits 5,000 physicians
    with special "Health Link" terminals for entering their patients
    billing information. HIT not only takes care of the physician's
    payments, but it also keeps electronic copies of all the patient
    records. Once its data base get a little bigger, HIT intends to start
    selling it to drug marketers, insurance reviewers, and other companies,
    says VP Charles Ricevuto. He says the data won't include patients' or
    physicians' names.

    Meanwhile, changes in the American health care system are opening up a
    wide new market for medical data attached to patients' names. Corporate
    cost cutters examining their employees' medical expenses are paying
    less and less attention to privacy. A 1991 study by  the Office of
    Technology Assessment, a congressional agency, concluded that three out
    of ten employers allow managers to review employees medical records
    without their permission.

    At the same time, the war against drug abuse is pressing lawmakers to
    make pharmacy records even less private than they already are. Rep.
    Pete Stark (D-CA) is proposing a federal law based on the Oklahoma
    prescription reporting system. The American Civil Liberties Union is
    arguing that nationwide data bases listing users of controlled
    medications could easily be misused by employers and snoops.

    And the drug companies that buy the collectors data today are taking
    new steps to market directly to patients, breaking a long industry
    taboo. Marion Merrell Dow Inc., for instance has amassed its own data
    base of 350,000 heart patients who take its drug Cardizem. It sends
    them all "CardiSense" newsletters about healthy living, and it is
    studying ways to use the names.

    All these trends unsettle patients like Robert Boorstin, a New York
    writer. He speaks openly about his own manic depression illness but
    worries about the privacy of other patients in a support group he runs.
    "For someone with an illness like this you have a lot of people to
    trust," he says. "You have to trust doctors, you have to trust
    pharmacists, you have to trust your friends who might see you have an
    episode, your co-workers ... Why add to the list?"

    {The Wall Street Journal Thursday February 27, 1992 pg 1,A6}