Do Prescription Drug Monitoring Programs Compromise Patient Privacy By Remaining Outside Federal and Most States' Privacy Standards?

Colleen Paddon Simek, JD, LLM

Abstract


As the United States gradually adopted a more liberal treatment of patient pain symptoms, a very serious crises began to emerge.[1]  The opioid epidemic is not only creating a population dependent on prescription drugs, but it is costing lives.[2]  Prescription Drug Monitoring Programs, created to better surveil and protect the public, track the prescribing and dispensing patterns of certain types of prescription drugs classified as "controlled substances."[3]  In doing so, Prescription Drug Monitoring Programs ("PDMPs") store personally identifiable medical information within state electronic databases, some of which would be considered highly sensitive in nature.[4]  Storage of this information allows pharmacies and prescribers to monitor what prescription drugs are being dispensed to patients, and in what quantity and frequency.[5]  Each state's PDMP law varies by type of identifying information captured in the database, and who may have access to the database.[6]  Generally speaking, personally identifiable health and medical information in the United States is afforded certain federal protections, as entities who store such information are governed by a federal regulation known as the Health Insurance Portability and Accountability Act.  Similarly, some states have created their own privacy laws to address privacy protections of personal information.  Unfortunately, however, PDMPs do not fall within federal or state privacy protection laws.  Thus, PDMPs are not required to comport with privacy and security protections over the personal health and medical information that is stored in the database.  This has caused both patients and providers alike to challenge the constitutionality and legality of the databases.[7] 

          Below I will first describe the history and background of PDMPs, including how they developed and what they function like today.  Then, I will discuss the constitutional challenges that have been made against PDMPs, including cases that illustrate individual privacy concerns regarding prescription drug and medical information, and whether courts have allowed third parties such as law enforcement agencies to access state PDMPs.  I will also discuss the compelling interest of the states when it comes to protecting and promoting the general health and welfare of the population though the use of PDMPs.  Lastly, I will demonstrate that in order to effect a reasonable balance and reduce the variability between state PDMP laws, action from the federal government is required.  The federal government should require PDMPs to comply with a national, standardized law that continues to emphasize the public health purpose of PDMPs, but also requires each state to conform to a national privacy standard.  I firmly recommend that state managed PDMP databases should be treated as "covered entities" under the Health Insurance Portability and Accountability Act, in order to provide a baseline for direction and regulation over state PDMPs.  In doing so, both privacy and security protections will be afforded to individuals whose information is captured by PDMP databases. 


[1] Rebecca Haffajee, Preventing Opioid Misuse with Prescription Drug Monitoring Programs: A Framework for Evaluating the Success of State Public Health Laws, 67 Hastings L.J. 1621, 1624 (2016).

[2] Centers for Disease Control and Prevention: Opioid Overdose and Drug Overdose Deaths, [hereinafter "CDC Drug Overdose Deaths"] https://www.cdc.gov/drugoverdose/data/statedeaths.html (last visited: July 13, 2019).

[3] Devon T. Unger, Minding Your Meds: Balancing the Needs for Patient Privacy and Law Enforcement in Prescription Drug Monitoring Programs, 117 W. Va. L. Rev. 345 (2014).

[4] Id. at 347.

[5] Id. at 347-348.

[6] Id. at 349-350.

[7] Stephen P. Wood, Prescription Monitoring Programs: HIPAA, Cybersecurity and Privacy, Harvard Law Bill of Health: Examining the Intersection of Health Law, Biotechnology, and Bioethics, June 17, 2018, http://blog.petrieflom.law.harvard.edu/2018/06/17/prescription-monitoring-programs-hippa-cyber-security-and-privacy/ (last visited July 2, 2019).


Full Text:

PDF

References


Please see the article for references.


Refbacks

  • There are currently no refbacks.


©Journal of Health Care Finance