More than 10 years after she tried without success to have a baby, Marcy Campbell Krinsk is still receiving painful reminders in her mail. The ads and promotions started after she bought fertility drugs at a pharmacy in San Diego.
Marketers got hold of her name, and she found coupons and samples in her mail that shadowed the growth of an imaginary child — at first, for Pampers and baby formula, then for discounts on family photos, and all the way through the years to gifts suitable for an elementary school graduate.
"I had three different in vitro procedures," said Ms. Krinsk, now 55, a former telecommunications executive who lives with her husband in San Diego. "To just go to the mailbox and get that stuff, time after time after time, it was just awful."
Like many other people, Ms. Krinsk thought that her prescription information was private. But in fact, prescriptions, and all the information on them — including not only the name and dosage of the drug and the name and address of the doctor, but also the patient's address and Social Security number — are a commodity bought and sold in a murky marketplace, often without the patients' knowledge or permission.
That may change if some little-noted protections from the Obama administration are strictly enforced. The federal stimulus law enacted in February prohibits in most cases the sale of personal health information, with a few exceptions for research and public health measures like tracking flu epidemics. It also tightens rules for telling patients when hackers or health care workers have stolen their Social Security numbers or medical information, as happened to Britney Spears, Maria Shriver and Farrah Fawcett before she died in June.
"The new rules will plug some gaping holes in our federal health privacy laws," said Deven McGraw, a health privacy expert at the nonprofit Center for Democracy and Technology in Washington. "For the first time, pharmacy benefit managers that handle most prescriptions and banks and contractors that process millions of medical claims will be held accountable for complying with federal privacy and security rules."
The law won't shut down the medical data mining industry, but there will be more restrictions on using private information without patients' consent and penalties for civil violations will be increased. Government agencies are still writing new regulations called for in the law.
Ms. Krinsk was never able to find out who sold her information, but companies that have been accused in lawsuits of buying and selling personal medical data include drugstore chains like Walgreens and data-mining companies like IMS Health and Verispan. CVS Caremark, which handles prescriptions for corporate clients, has also been accused of violating patients' privacy.
More ...
