Thirteen years in the making, a national data conduit is coming online to connect the doctor's office with the corner drugstore, drugmakers and drug marketers.
The pipeline was designed to facilitate the electronic processing of outpatient retail prescriptions and claims. As such, it could help eliminate prescription errors that the Institute of Medicine says kills thousands of inpatients each year.
But the pipeline has a dark side: It poses a threat to patient privacy.
Unlike other technologies, this threat is not a by-product of design. It was deliberately built into the pipeline, which is actually two sets of computer data transmission standards created under the auspices of the National Council for Prescription Drug Programs (NCPDP), a Phoenix-based trade group that includes drug companies and pharmacy benefit managers.
The pipeline was designed to carry not only the information found on paper prescriptions--patient name, drug type and dosage--but also patient diagnostic codes. The combination is akin to the Holy Grail for drugmakers and marketers.
Four times since 1993, the AMA's House of Delegates has passed resolutions decrying any plan by pharmacies, PBMs or insurers to link prescription information with diagnoses, citing patient privacy concerns.
Underlying the privacy issue is patient trust, a doctor's franchise, says Riverside, Calif., anesthesiologist Rebecca Patchin, M.D. Mixing drug industry marketing desires with patient needs for confidentiality could damage that franchise, Patchin says.
"If you had a social disease--and let's be blunt, gonorrhea--would you want that on your prescription?" asks Patchin, a 2000 AMA delegate. "Our prescription efforts should be for the benefit of our patients and not some suit on Madison Avenue."
The very existence of this data conduit, with its ability to carry both prescriptions and diagnoses, means physician executives seeking to maintain patients' privacy while taking their practices paperless will need to take a hard look at the fine print of any contracts with prospective e-health system vendors, privacy lawyers say.
Reece Hirsch, an attorney with Davis Wright Tremaine in San Francisco, says physician practice managers concerned about patient privacy need to exercise due diligence before entering into a contract with an e-health vendor. That diligence includes finding out vendors' other business contacts, since some of the developers of electronic medical records systems and many of those producing prescription-writing and charge-capture tools for use on personal digital assistants have commercial ties to PBMs, drug companies or drug marketers.
In recent years, spending by major drug companies on direct-to-consumer marketing of drugs has increased dramatically from $720 million in 1996 to $1.9 billion in 1999, according to Scott-Lewin, a subsidiary of Quintiles Transnational of Durham, N.C. Scott-Lewin says direct-to-consumer spending reached 1999 levels in the first nine months of 2000, though final numbers for the entire year are unavailable. The spending spree escalated after an FDA ruling in 1997 relaxed the rules covering direct-to-consumer prescription drug marketing.
Key to these direct marketing campaigns is detailed patient information. Thus far, marketers have been hampered in obtaining that information by the separation of twin data streams. Medical claims containing diagnoses and pharmacy claims containing prescription information flow in two independent streams to insurance companies or PBMs for processing and payment.
Merging the data from these streams has been a big challenge for marketers. A combined stream from the NCPDP data pipeline would help solve that problem.
The pipeline "shows a tremendous need we have for privacy protection at the federal level," says Joanne Hustead, senior counsel for the Health Privacy Project of the Institute for Health Care Research at Georgetown University.
Recently, drugmakers, drug marketers and PBMs have been making substantial investments in companies developing computerized EMR systems and handheld prescription writing and charge capture devices. Meanwhile, the IOM report "To Err is Human," released in late 1999, has fueled increased interest in electronic prescription writing and added new relevance to the diagnosis data fields embedded in the NCPDP standards.
From the beginning, one goal of many of the handheld prescription tool companies has been to sell data to drug marketers, according to Josh Fisher, an analyst with W.R. Hambrecht+Co in San Francisco.
"Drug companies will fall all over each other to get this data, especially in a timely manner," Fisher says.
Sales data is important, but it's not the only area of interest for pharmaceutical marketers, he says. Prescription data linked to diagnosis is "extremely important in the first year of a drug's life."
"You want to see if it's being used on-label or off-label, if it's getting more scripts (written) for indication A or indication B. It helps immensely in their planning and marketing," Fisher says.
Even the proposed HIPAA privacy rule, as it is currently constituted, would be inadequate to protect patients from direct marketing by pharmaceutical companies or PBMs, according to the AMA. Its 31-page comment on the recently reopened "final" privacy rule calls the existing HIPAA marketing exceptions "overly broad and otherwise full of loopholes."
The NCPDP Telecommunication Standard, rolled out in 1988, facilitates the electronic exchanges between corner drug stores, payers and pharmacy benefits managers. Its sister, the SCRIPT Standard, developed in 1996, is starting to replace the fax machine as the way to directly link physicians' computerized script writing tools to the pharmacies and PBMs.
The Telecommunication Standard is dominant in the retail pharmacy business, helping move 2 billion prescriptions a year.
Lynne Gilbertson, director of standards development for the NCPDP, says there are no records from 1988 regarding who initially supported inclusion of a diagnosis field in the Telecommunication Standard.
On the SCRIPT Standard, "the membership felt it was a good thing to be used, so they put in there. I think it was a collaborative decision, that these are the things a doctor might want to send to a pharmacist in a prescription."
Last month, three of the largest PBMs--Merck-Medco of Franklin Lakes, N.J., a subsidiary of Merck & Co.; ExpressScripts of St. Louis; and AdvancePCS of Irving, Texas--announced that they would invest $60 million to create a prescription communications hub. Called RxHub, it would use NCPDP standards to electronically link doctor's offices with pharmacies and the three PBMs, which serve more than 181 million Americans.
Blair Jackson, spokesperson for AdvancePCS, a member of the NCPDP, says his company sells data to pharmaceutical firms, but that data is either aggregated or stripped of patient identifiers.
Marketing is one use for prescription data linked to diagnoses, but so are outcomes studies and diseases management programs, both business lines for AdvancePCS, Jackson says.
Jackson says the data going into RxHub will be encrypted and won't be stored by the hub, but the same data will be decoded by the PBM after it is delivered.
Jackson says he does not know what thinking was behind adding a diagnosis field in the NCPDP standard "other than for potential future uses. I think it's just the NCPDP anticipating that it might be useful."
Ann Smith, director of public relations for Merck-Medco, also an NCPDP member, says the RxHub partners are working with NCPDP to define what will be included in the data stream and what will be left out. She says patient data will be decoded when it reaches Merck-Medco.
Smith says Merck-Medco does sell patient prescription data but in de-identified, aggregate form.
Smith says she can't project whether diagnosis codes will be included in that stream and would not speculate on whether Merck-Medco would want to capture that data.
ExpressScripts declined to comment.
