Blog
Class Action for Allegedly Selling Personal Prescription Data Dismissed
Blog
March 27, 2012
A class action lawsuit filed against a major pharmacy for allegedly misusing prescription information was recently dismissed. According to the complaint, the misuse had allegedly included sending letters to consumers' physicians suggesting that they prescribe alternate drugs, and providing consumer data to drug companies and data vendors. The plaintiffs based their claim in significant part on an alleged failure by the company to comply with its privacy policies and promises to only disclose protected health information in accordance with applicable law. Ultimately, the court found that because the information sold to drug companies was de-identified before it was sold, the information did not qualify as protected heath information under the Health Insurance Portability and Accountability Act ("HIPPA"). Additionally, although information provided to the customers' physicians was protected health information that was not de-identified, the sharing of such information to a customer's prescribing physician is permitted under HIPPA. The court further reasoned that the plaintiffs lacked standing under the state unfair and deceptive trade practices act because the use of their information did not cause an "ascertainable loss of money or property."
TIP: Many recent privacy cases have included allegations that a company has failed to comply with the terms of its own privacy policy. While this case demonstrates that such arguments can be overcome in certain instances, it is a reminder that such policies need to be reviewed to make sure they accurately describe current practices.
This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.