Personal data privacy once again has taken front stage in Sorrel v. IMS Health, Inc.[1] Vermont passed the Vermont Confidentiality of Prescription Information Law that allows doctors which prescribe drugs to patients, to decide whether pharmacies can sell their prescription drug prescription records.[2] IMS Health as well as other health information companies contested the law, arguing that the law poses a restriction on commercial speech as access to such information helps pharmaceutical companies market their drugs effectively to doctors. The Supreme Court is now tasked with determining the constitutionality of the restriction on access to prescription information with regards to our First Amendment. [3]
However, this post is focused on the secondary effects asserted in amici curiae briefs supporting the petitioners of allowing companies to purchase such information, specifically the concern of data privacy and patient re-identification. [4] Under the Health Information Portability and Accountability Act (HIPAA), personal health information is de-identified by your local pharmacy prior to such information being shared with any third party. By de-identifying the data, your personal data cannot, it is believed, be linked or traced back to you. De-identifying your health information is a way for covered entities to share your information without your consent or authorization and in accordance with the law. The information once shared is completely anonymized. After the transfer to a third party, like IMS Health, your information is solely data of zeros and ones that translate to dates of dispensing and drug names. No longer does your prescription record list your name or month or day of birth. [5]Continue reading…