The Pew Internet Project has criticized the US’ online medical privacy legislation.
The Pew Internet Project released a report this week criticizing the Health Insurance Portability and Accountability Act (HIPAA), which was passed in Congress in April with the aim of establishing and enforcing standards for the communication of confidential healthcare information. HIPAA relates to the websites of healthcare providers only, and the report warns that other entities may not respect the confidentiality of personal medical information.
Yet although pharmaceutical companies exist outside the direct scope of the legislation, and rely on private and confidential patient data in research and marketing, they conduct business with various organizations that must comply with HIPAA regulations, such as health plans and physician bodies.
As a result, the pharmaceutical companies that collect information from these groups will have to find alternative solutions. If they wish to maintain the confidence of the rest of the industry and patients, they will need to follow strict privacy standards themselves.
The legislation will not prevent or punish breach of confidentiality mistakes such as Eli Lilly’s this June, when it inadvertently revealed the email addresses of 600 Prozac patients. However, this well-publicized blunder and the advent of HIPAA have brought consumer attention to the issue.
In cases such as Lilly’s, it is unlikely that a patient would stop using a prescription drug because the drug company receives bad press. However, patients might refrain from using web-based tools, such as online compliance tools, or entering their medical information on websites voluntarily. So one company’s infringement of privacy could hurt the whole industry’s eBusiness plans, and undermine attempts to build closer marketing relationships with patients in the US.
Pharmaceutical companies have told Datamonitor they have strong confidence in the technology available to keep personal information secure. But in the post-HIPAA environment, they must not take for granted the security of the technology, or ignore the potential for human error. The pharmaceutical industry cannot afford a loss in confidence in a medium of growing marketing importance, such as the Internet.