Guest Article

(From the Employer's Guide to HIPAA Privacy Requirements, Thompson Publishing Group)

$1 Million Florida Privacy Settlement Illustrates Ongoing State Role

Eckerd Corp. agreed July 10 to pay $1 million to fund a college ethics endowment to resolve an investigation by the state of Florida into the pharmacy chain's methods of obtaining consumers' consent to use their health information for marketing purposes.

Florida Attorney General Bob Butterworth was investigating allegations that Eckerd violated the state's deceptive trade practices law by using customers' signatures for marketing and other purposes without proper notification. Specifically, the state alleged, a routine signature to acknowledge prescription pickup was accompanied by fine print authorizing the release of the individual's prescription information to Eckerd for marketing purposes.

"The agreement we've reached with Eckerd should serve as a model for other drug retailers to help ensure patient privacy," Butterworth said. "To its credit, Eckerd ... cooperated fully with our investigation and worked to resolve our concerns and help protect customers," he said. The Eckerd investigation was part of a larger probe into the marketing practices of drug retailers, he added.

Eckerd is "pleased to have amicably resolved this matter," said Jerry Thompson, the company's senior vice president. "Our patient information and education practices meet or exceed all federal guidelines and industry standards," he said. "We believe the information we provide is beneficial to our customers.

"The changes we have agreed to make to our patient information programs address the attorney general's concerns and put us at the forefront of the industry in the way we handle these programs," Thompson said. The state's investigation did not find any evidence that Eckerd had improperly shared confidential patient information, he added.

Settlement Terms

In addition to the $1 million to endow an ethics chair at Florida A&M University, the Clearwater, Fla.-based company agreed to nationwide restrictions on its use of individual health information for marketing, which include:

HIPAA's privacy rules prohibit covered entities from using or disclosing protected health information (PHI) for marketing purposes, subject to limited exceptions, without a valid and specific authorization from the individual. However, the U.S. Department of Health and Human Services has proposed modifying the rules to require authorization for all marketing, while broadening the exclusions from the definition of "marketing."

Implications

The marketing provisions of HIPAA's rules may not be as onerous as what is being enforced in Florida, but the final content of these provisions is still uncertain, pending HHS' finalization of its March proposed rules. One of the proposed exclusions from the definition of marketing would apply to communications by a covered entity paid for by a third party. However, the rules still would prohibit covered entities from selling lists of patients or disclosing these lists to third parties without authorization.

The Eckerd case, along with other high-profile state enforcement activities regarding improper marketing, is a signal that at least some states will be aggressive on privacy issues concerning marketing. Arguably, these kinds of cases illustrate what privacy protections are designed to prevent. Unless they are contrary to HIPAA's privacy rules, most of these state laws will continue to apply regardless of what ends up in the amended HIPAA rules (with the caveat that some state laws may be preempted under ERISA and not apply to ERISA plans).

Reprinted with permission from the August 2002 newsletter of the Employer's Guide to HIPAA Privacy Requirements, © Thompson Publishing Group, Inc., 2002. All rights reserved.

BenefitsLink is an independent national employee benefits information provider, not formally affiliated with the firms and companies who kindly provide much of the content and advertisements published on this Web site, including the article shown above.