Trade confidential data from millions of patients
According to a media report, a data center for pharmacies is selling poorly encrypted patient data to market researchers. In Germany, more than 40 million insured are targeted. This is an incredible scandal for privacy advocates.
Aim at 42 million German insured
According to a report by the magazine SPIEGEL, millions of patients and doctors in Germany are being illegally spied on. Patient data would be sold in insufficiently encrypted form from the VSA pharmacy data center in Munich to market research companies. Customers are companies such as the US group IMS Health, which operates in more than 100 countries. The company tracks the diseases of more than 300 million patients, including "42 million different legally insured persons" in Germany. SPIEGEL quotes from an internal paper: "Many patient careers can be traced back to 1992."
Trading encrypted data legally
Trading with recipe data is generally legal if it is encrypted and passed on and used. Even anonymized and encrypted data records contain information for pharmaceutical companies that can be used for market research. In the case of the prescription data that is delivered to IMS, the patient's identity is only obscured by a 64-digit code, which can simply be calculated back to the actual insured number, according to SPIEGEL, citing confidential documents.
Less than 1.5 cents per German data record
Because of the badly encrypted data, the pharmaceutical companies could possibly understand which drugs were prescribed by which doctor's office. Manufacturers could use this information to control the work of their sales representatives, for example, and determine whether visiting a doctor might result in them prescribing medication from a particular manufacturer more often. The sex and age of the patients would also be passed on to the market researchers. For every prescription data record of a German insured person, IMS sometimes has to pay less than 1.5 cents to pharmacy data centers, according to SPIEGEL.
"One of the biggest data scandals in the post-war period"
According to Thilo Weichert, head of the Independent State Center for Data Protection in Schleswig-Holstein, the trade in prescription information was "one of the biggest data scandals in the post-war period." IMS also mentioned that, according to SPIEGEL, IMS has made an offer to the French pharmaceutical group Sanofi-Aventis in April 2012, in which IMS offers the information from insulin prescriptions for "patient-specific" and "twelve monthly updates" at a price of EUR 86,400.
Confidence in pharmacists
The pharmacist warns Weichert to have their data processed by data centers that are known to have insufficient anonymity for patient data. This can be seen as a violation of the confidentiality of pharmacies. And at the pharmacy data centers, he criticizes that they would argue that more data protection would make their services more expensive: "An illegal business model does not get better by making it cheaper and more lucrative." The data protection officer also says: "It would be sad if that Service providers of the trust profession pharmacists would have to be persuaded to confidentiality only through court proceedings. " (ad)
Photo credit: GG-Berlin / pixelio.de