At issue is the business practice of large pharmacies mailing prescription-refill reminders to their customers on behalf of pharmaceutical manufacturers, which pay them for the mailings.
The pharmacies “snitch” when performing this service, in my view, because their customers' prescription records are used without their consent. In a civilized society, people should have the right to be left alone, and that includes leaving a person's prescription records alone, unless they provide consent.
The new OCR rule gets only half the job done. It allows the mailings to continue—still without customer consent—under a marketing exemption, even though the new rule could squeeze the pharmacies' profits out of the campaigns.
Refill reminders, in general, have a clinical aim, of course, which is all the pharmacies talk about in calling for the OCR to broaden its rule.
I'll accept the opinion of experts, that published studies show some prescription reminders can improve patient compliance. But if there is published research to indicate these specific, pharma-subsidized, pharmacy-conducted mailers actually work, it wasn't made available when I asked for it.
Dr. David May, chairman of the Board of Governors of the American College of Cardiology, said he was unaware of any published data on these specific mailers, either.
Under the law, I've been told, if CVS and the other chains go to their customers and simply obtain their prior authorization, which is HIPAA-eze for their consent, the pharmacies can use their Rx data to market the bejeepers out of those consenting customers—even using the pharma manufacturers' money to pay for the campaigns—and OCR won't be able to utter a legally effective peep against it.
It's not that pharmacies don't know how to obtain patient authorization, either. CVS, for example, is currently asking its customers for wide-open consent, including abandonment of their HIPAA protections, to use their data as part of its ExtraCare Pharmacy Health & Rewards program.
For the pharma-funded mail program, though, it seems the chain pharmacies don't want to ask, which puzzles me.
Why is snitched data so sweet?
What CVS and the other chains have here is not, as they suggest, a problem with an overly aggressive regulator; it's a consent-management problem of their own making.
They can deal with it by halting their pharma-funded refill reminder programs—the threatened CVS approach.
Or, they can adapt their computer systems—and their business practices—to allow obtaining and storing patient consents.
In so doing, they'll meet the needs of their customers and a modern, civilized society, and be able to run their refill-reminder campaigns in full compliance with the law.
Follow Joseph Conn on Twitter: @MHJConn