The confidentiality of patient and physician information in pharmacy prescription records ========================================================================================= * Dick E. Zoutman * B. Douglas Ford * Assil R. Bassili * © 2004 Canadian Medical Association or its licensors The Internet and computerized database management have enabled the compilation and analysis of consumer data on a grand scale. Prescription data are not exempt. In Canada, potential patient identifiers and physician-linked prescription data stream from pharmacy computers via commercial compilers to pharmaceutical companies without the informed consent of patients and physicians.1,2,3 The Alberta Privacy Commissioner found that patient year of birth and sex, pharmacy location, physician identifiers, third-party payer information that identifies patient insurers and employers, prescriptions and other health information are compiled from pharmacies across Canada.2 In a recent survey, three-quarters of Canadian patients said they did not want their health information, even though “stripped of direct identifiers (name, address, telephone numbers, health card number),” disclosed without informed consent.4 Their concern is warranted. Data that have been de-identified by removing patients' names and contact information can be linked with databases containing this information by matching data elements held in common. When a sample database containing only birth date and sex was merged with a voting registry, 29% of individuals could be identified.5 Identification rates jumped to 69% when general residential area was also disclosed.5 The selling of prescription data from pharmacies jeopardizes the confidentiality of Canadians' health information. Potential consequences include loss of trust within the physician–patient relationship, direct-to-individual patient pharmaceutical marketing, and insurance, employment and credit discrimination.6,7 Since prescription data stream across provincial and international borders, their compilation fell under the Personal Information Protection and Electronics Documents Act (PIPEDA) on Jan. 1, 2002.1 The PIPEDA came into full force on Jan. 1, 2004, and now applies to all personal information, including health information, that is collected, used or disclosed during commercial transactions. The Act calls for informed consent for disclosure of personal information.1The CMA also calls for informed consent for disclosure of health information.6 Pharmacists do not inform patients that their prescription information, including potential personal identifiers, are sold and do not ask patients to provide consent. We are unaware of a PIPEDA-based challenge to the selling of patient information by Canadian pharmacies, but such disclosures appear to violate the informed consent statute.1 When the federal Privacy Commissioner addressed sales of prescription data that identified physicians, physician prescribing records were deemed not to be personal information under the PIPEDA.1 Prescribing was likened to work products such as those of chefs.1 We believe that due consideration was not given to the use of physician-linked prescribing information for targeted marketing of individual physicians by pharmaceutical companies.3 Due consideration was also not given to the negative influence of such marketing on physicians' prescribing decisions8and the resultant effects on patients, public health and the health care system. The Canadian Pharmacists Association9 and the CMA10 call for informed consent before physician-linked prescribing information is sold. Our concerns regarding the confidentiality of patient and physician information entrusted to pharmacists led us to examine the regulations governing the sale of prescription data. All provincial pharmacy regulatory authorities except that of Alberta completed our written survey in 2001 (the survey findings are presented in tables accompanying the online version of this article [[www.cmaj.ca/content/vol170/issue5/index.shtml#COMMENTARY](http://www.cmaj.ca/content/vol170/issue5/index.shtml#COMMENTARY)]). We also examined the published policies of provincial regulatory authorities and provincial pharmacy legislation up to July 2003. There was great variability between provinces in the survey responses from the regulatory authorities, the published policies of the regulatory authorities and the pharmacy legislation regarding prescription data sales. Also, survey responses from the regulatory authorities were not always consistent with their own published policies and their provincial pharmacy legislation. Of particular interest was whether informed consent of patients and physicians was required for prescription data sales and the specific data elements permitted to be sold. Only the pharmacy regulatory authorities of Saskatchewan, Manitoba, and Newfoundland and Labrador indicated in the survey that informed consent was necessary before patients' prescription data were sold. The pharmacy legislation of British Columbia and New Brunswick bans the disclosure of “all” prescription information without patient consent. The protection of patient confidentiality was a universal tenet in the published policies of the regulatory authorities pharmacy legislation of all provinces; however, what constituted an identifier was generally left open to interpretation. In addition to name and contact information, which are obvious identifiers, the British Columbia regulatory authority's guidelines specifically prohibit the release of identifying numbers, the Nova Scotia regulatory authority's guidelines prohibit birth date, and the Newfoundland and Labrador regulatory authority's standards prohibit (since 2002) identifying numbers, birth date, and service, intervention and visit dates. The New Brunswick regulatory authority reported in the survey that there were no regulations regarding which data elements could be disclosed. The regulatory authorities of British Columbia, Saskatchewan, Ontario, Prince Edward Island, and Newfoundland and Labrador reported in the survey that birth date, sex and identity of third-party payer were permitted to be sold. Only the regulatory authorities of Saskatchewan, Manitoba and Nova Scotia reported in the survey that consent was necessary before physician-linked prescribing data were sold, and the regulatory authority in British Columbia indicated that the release of physician identifiers was not permitted. The pharmacy legislation of New Brunswick bans disclosures without physician consent, whereas the regulatory authority guidelines in Saskatchewan, Prince Edward Island and Nova Scotia specifically allow the disclosure of physician-linked prescribing records without consent. The regulatory authorities of Ontario, Quebec, Prince Edward Island, Nova Scotia, and Newfoundland and Labrador reported in the survey that the sale of physician identifiers was allowed. The economic interests of those who benefit from the disclosure of patient and physician-linked prescription information should not supersede the right of patients and physicians to have personal information in pharmacy records held in confidence. The confidentiality of patients and physicians will be adequately protected only if informed consent is required in order to release potential personal identifiers from pharmacies. Software exists that can produce anonymous databases that would preserve confidentiality while allowing medical researchers to use the information.5,11 There is a need for a thorough review of the many issues associated with the confidentiality of personal health information12 and especially prescription data sales by Canadian pharmacies. A committee established by Health Canada with the goal of generating national standards would be an appropriate vehicle for studying this issue. The review should not be left in the hands of the pharmacy regulatory authorities, many of which allow the sale of potential patient identifiers or physician-linked prescribing data without informed consent. Physician organizations such as the CMA, information technology and legal experts, and consumer advocacy groups should play major roles in the process. In light of advancements in database management, we recommend the first step be a PIPEDA ruling on the legality of sales of patients' personal information from pharmacies. ## Footnotes * This article has been peer reviewed. *Contributors:* Dr. Zoutman, Mr. Ford and Mr. Bassili were responsible for study conception and design, data analysis and interpretation, and critical revision of the manuscript. Mr. Ford and Mr. Bassili were responsible for data acquisition, and Mr. Ford drafted the manuscript. All authors approved the final version of the manuscript. Competing interests: None declared. ## References 1. 1. Radwanski G. *Privacy Commissioner releases his findings on the prescribing patterns of doctors*. Ottawa: Office of the Privacy Commissioner of Canada; 2001. Available: [www.privcom.gc.ca/media/an/wn\_011002\_e.pdf](http://www.privcom.gc.ca/media/an/wn_011002_e.pdf) (accessed 2004 Jan 6). 2. 2. Work FJ. *Alberta pharmacists and pharmacies*. Edmonton: Office of the Information and Privacy Commissioner; 2003. 3. 3. Zoutman DE, Ford BD, Bassili AR. A call for the regulation of prescription data mining [editorial]. CMAJ 2000;163(9):1146-8. [FREE Full Text](http://www.cmaj.ca/lookup/ijlink/YTozOntzOjQ6InBhdGgiO3M6MTQ6Ii9sb29rdXAvaWpsaW5rIjtzOjU6InF1ZXJ5IjthOjQ6e3M6ODoibGlua1R5cGUiO3M6NDoiRlVMTCI7czoxMToiam91cm5hbENvZGUiO3M6NDoiY21haiI7czo1OiJyZXNpZCI7czoxMDoiMTYzLzkvMTE0NiI7czo0OiJhdG9tIjtzOjIwOiIvY21hai8xNzAvNS84MTUuYXRvbSI7fXM6ODoiZnJhZ21lbnQiO3M6MDoiIjt9) 4. 4. Willison DJ, Keshavjee K, Nair K, Goldsmith C, Holbrook AM. Patients' consent preferences for research uses of information in electronic medical records: interview and survey data. BMJ 2003;326:373-6. [FREE Full Text](http://www.cmaj.ca/lookup/ijlink/YTozOntzOjQ6InBhdGgiO3M6MTQ6Ii9sb29rdXAvaWpsaW5rIjtzOjU6InF1ZXJ5IjthOjQ6e3M6ODoibGlua1R5cGUiO3M6NDoiRlVMTCI7czoxMToiam91cm5hbENvZGUiO3M6MzoiYm1qIjtzOjU6InJlc2lkIjtzOjE0OiIzMjYvNzM4NS8zNzMvYSI7czo0OiJhdG9tIjtzOjIwOiIvY21hai8xNzAvNS84MTUuYXRvbSI7fXM6ODoiZnJhZ21lbnQiO3M6MDoiIjt9) 5. 5. Sweeney L. Weaving technology and policy together to maintain confidentiality. J Law Med Ethics 1997;25:98-110. [CrossRef](http://www.cmaj.ca/lookup/external-ref?access_num=10.1111/j.1748-720X.1997.tb01885.x&link_type=DOI) [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=11066504&link_type=MED&atom=%2Fcmaj%2F170%2F5%2F815.atom) [Web of Science](http://www.cmaj.ca/lookup/external-ref?access_num=A1997YE92600003&link_type=ISI) 6. 6. Canadian Medical Association. Policy summary: health information privacy code. CMAJ 1998;159:997-1006. 7. 7. Health Privacy Project. Medical privacy stories. Available: [www.healthprivacy.org/usr\_doc/Privacy\_storiesupd.pdf](http://www.healthprivacy.org/usr_doc/Privacy_storiesupd.pdf) (accessed 2004 Jan 6). 8. 8. Wazana A. Physicians and the pharmaceutical industry: Is a gift ever just a gift? JAMA 2000;283:373-80. [CrossRef](http://www.cmaj.ca/lookup/external-ref?access_num=10.1001/jama.283.3.373&link_type=DOI) [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=10647801&link_type=MED&atom=%2Fcmaj%2F170%2F5%2F815.atom) [Web of Science](http://www.cmaj.ca/lookup/external-ref?access_num=000084732400030&link_type=ISI) 9. 9. Canadian Pharmacists Association*. Position statement on the sale of prescriber data*. Ottawa: The Association; 2002. 10. 10. Canadian Medical Association. *Principles concerning physician information*. Ottawa: The Association; 2002. 11. 11. Sweeney L. k-Anonymity: a model for protecting privacy. *Int J Uncertainty Fuzziness Knowl Based Syst.* 2002;10(5):557-70. 12. 12. Paying the PIPEDA [editorial]. CMAJ 2003;169(1):5. [FREE Full Text](http://www.cmaj.ca/lookup/ijlink/YTozOntzOjQ6InBhdGgiO3M6MTQ6Ii9sb29rdXAvaWpsaW5rIjtzOjU6InF1ZXJ5IjthOjQ6e3M6ODoibGlua1R5cGUiO3M6NDoiRlVMTCI7czoxMToiam91cm5hbENvZGUiO3M6NDoiY21haiI7czo1OiJyZXNpZCI7czo3OiIxNjkvMS81IjtzOjQ6ImF0b20iO3M6MjA6Ii9jbWFqLzE3MC81LzgxNS5hdG9tIjt9czo4OiJmcmFnbWVudCI7czowOiIiO30=)