Public Comments: June 2007 – FDA/AHRQ Public Workshop, Implementation of Risk Minimization Action Plans to Support Quality Use of Pharmaceuticals: Opportunities and Challenges

Background:

World Privacy Forum executive director Pam Dixon testified at an FDA/AHRQ joint public workshop about the need for the FDA to set robust privacy standards for drug risk minimization programs, which are put in place for drugs the FDA has determined to be high risk in some way. Drug risk minimization programs (like the iPledge program for the acne drug Accutane) are not typically covered by HIPAA, and some programs have a privacy policy that allows marketing use of patient information collected as part of the risk program. This kind of marketing activity would not be allowable if the programs fell under HIPAA, and Dixon’s testimony stated that patients in these programs should have the same kinds of privacy protections as HIPAA covered programs, and that marketing activities involving patient information should not be allowable in these programs.

Download the comments (PDF)
or Read comments below

—–

Statement of Pam Dixon, Executive Director, World Privacy Forum

Before

The Food and Drug Administration and the Agency for Healthcare Research and Quality

FDA/AHRQ Public Workshop, Implementation of Risk Minimization Action Plans to Support Quality Use of Pharmaceuticals: Opportunities and Challenges

June 26, 2007

Rockville Maryland

The Lack of FDA Attention to Privacy Standards in RiskMAPS has Resulted in the Unethical and Inappropriate Marketing of Patient Information Collected for Treatment Purposes

Thank you for the opportunity to testify on issues of privacy and confidentiality as they apply to RiskMAPs, or Risk Minimization Action Plans. My name is Pam Dixon and I am the executive director of the World Privacy Forum. The World Privacy Forum is a non-profit, non-partisan public interest research group. Our work focuses on in-depth research and analysis of privacy issues, with health care being one of our key focus areas.

The FDA has not paid attention to privacy standards that should be applied to RiskMAP programs. Unfortunately, this lack of FDA attention has resulted in inappropriate and unethical marketing to patients using patient information gathered for treatment purposes. If these marketing activities were being conducted by HIPAA-covered entities, the activities would be illegal. These activities may well be illegal in California, which has a strong state-level medical privacy law that goes beyond HIPAA.

The FDA needs to set privacy standards for RiskMAPs that resolve this problem. The marketing use of patient information collected for safety, public health, and research purposes is an unsupportable practice that should be expressly prohibited by the FDA, if not by statute.

Privacy protections for patients from marketing uses of their sensitive data do not need to interfere with public safety. In fact, privacy protections would advance the safety of patients because with strong privacy protections, patients would find fewer reasons to seek RiskMAP-protected drugs through the Internet or other means.

Example: iPledge’s marketing to patients would not be legal if conducted by a HIPAA-covered entity, and it may not be legal for California patients under the CMIA

To cite one example, the World Privacy Forum’s analysis of the iPledge RiskMAP [1] program found systemic privacy concerns. The most significant and troubling problem our analysis found is the marketing of sensitive patient information gathered for treatment purposes.

All patients who are prescribed the drug isotretinoin (Accutane or its generics) must register in a mandatory, computer-based drug registry and patient tracking program called iPledge. The iPledge program was approved by the FDA as a risk minimization program (RiskMAP) August 12, 2005, and the program became mandatory March 1, 2006. The program is operated by the four drug manufacturers who make Accutane or isotretinoin generics, and is administered by Covance. The iPledge program does not fall under HIPAA, a fact stated in the FDA’s iPledge FAQ:

Pharmaceutical manufacturers are not included in any of these groups [covered entities under HIPAA], therefore the manufacturers of isotretinoin are not covered entities under HIPAA and HIPAA does not apply to the iPledge program. (FDA iPledge FAQ at 13) [2]

If the iPledge program did fall under HIPAA, its current use of patient information for marketing would be illegal. Under the California Confidentiality of Medical Information Act, which goes further than HIPAA, the program may be currently illegal.

The FDA knew marketing could be an issue in iPledge

The FDA knew that marketing using patient information provided to a RiskMAP program could happen. In a February 10, 2006 hearing at which the iPledge program was discussed, a member of the FDA Drug Safety and Risk Management Advisory Committee asked:

My question is, will these data by the manufacturers be used for any purposes other than pregnancy prevention or detection efforts, because in the past, we asked would they be used for marketing or any other use? (Stephanie Y. Crawford, Ph.D, Drug Safety and Risk Management Advisory Committee member).

To which the reply was:

….To your last question, absolutely not. The data is only for risk management purposes. (Susan Ackermann, Hoffman-La Roche).

(Drug Safety and Risk Management Advisory Committee, Volume II, Friday, Feb. 10, 2006, at 182-183.)

The iPledge privacy policy directly contravenes this statement.

The iPledge privacy policy specifically allows marketing and information combining

The iPledge privacy policy states that patient information can be used for marketing purposes. Current as of June 26, 2007, the iPledge privacy policy states:

Information Sharing and Disclosure

0.iPLEDGE does not rent, sell, or share personal information about you with other people or nonaffiliated companies except to provide products or services you’ve requested, when we have your permission, or under the following circumstances:

We provide the information to trusted partners who work on behalf of or with iPLEDGE under confidentiality agreements. These companies may use your personal information to help iPLEDGE communicate with you about offers from iPLEDGE and our marketing partners. However, these companies do not have any independent right to share this information.

The iPledge privacy policy is filled with other troubling statements and loopholes. For example, the policy states:

iPLEDGE may combine information about you that we have with information we obtain from business partners or other companies.

And:

This policy does not apply to the practices of companies that iPLEDGE does not own or control, or to people that iPLEDGE does not employ or manage.

(Privacy policy available at iPledgeprogram.com.)

This policy is troubling because the iPledge registry is not anonymous, and it collects highly sensitive information. It collects each patient’s full name, date of birth, gender, address, last four digits of their SSN, phone number, email, and an assigned iPledge ID card number. Women who can get pregnant must disclose the two methods of contraception they are using to prevent pregnancy, and the results of pregnancy tests.

Because the FDA has determined that iPledge does not fall under HIPAA, [3] the primary privacy protection patients must rely on is the privacy policy. In this case, the privacy policy expressly allows marketing using patient data. It should be noted that medical information about consumers is generally a valuable commodity in the marketing world. [4]

The FDA has not done enough to set privacy standards for RiskMAPs

The World Privacy Forum appreciates the FDA’s efforts to make drugs available and make them safe. But the FDA has not done enough to set standards for privacy practices in RiskMAPs. IPledge is but one example of a RiskMAP; other RiskMAPs have even more opacity regarding privacy practices than iPledge. Patients should never be forced to either use a drug and have no option but be marketed to, or not have access to the drug at all.

The lack of privacy restrictions on RiskMAP programs violates the spirit of HIPAA as well as the privacy rights of patients. The FDA has, intentionally or not, assigned a required part of these RiskMAP programs to entities that the FDA has determined are not covered by HIPAA. RiskMap programs could be structured differently so that they would fall under HIPAA. In the alternative, the FDA could impose privacy restrictions that would protect patients against marketing uses of especially sensitive personal information. So far, the FDA has chosen neither approach.

The FDA should immediately set privacy standards that will apply to all RiskMAPs. Whatever standards the FDA determines, one of them should be to expressly prohibit marketing to patients who have disclosed information for treatment purposes in a RiskMAP setting. To reiterate, all patient safety goals can be met and improved upon while still providing patients privacy protection that is fully appropriate, necessary, and rightfully expected by patients.

Respectfully submitted,

Pam Dixon
Executive Director,
World Privacy Forum

_______________________________

Endnotes:

[1] See U.S. Food and Drug Administration, Center for Drug Evaluation and Research, Isotretinoin Capsule Page. <http://www.fda.gov/cder/drug/infopage/accutane/default.htm>.

[2] The World Privacy Forum takes no position on the legal conclusion that the iPledge RiskMAP does not fall under HIPAA.

[3] See IPledge Program Frequently Asked Questions As of October 6, 2006, available at the FDA web site, <http://www.fda.gov/cder/drug/infopage/accutane/FAQ200610.pdf>.
[4] A search of the DirectMag listfinder service for generally available marketing lists relating to medical

data on consumers as of June, 2007 using the keyword “ailment” returned more than 400 marketing lists of consumers with various kinds of ailments. DirectMag listfinder, <http://listfinder.directmag.com/>.

Posted June 26, 2007 in Agency for Healthcare Research and Quality (AHRQ), Food and Drug Administration (FDA), Public Comments

New Report: Risky Analysis: Assessing and Improving AI Governance Tools

We are pleased to announce the publication of a new WPF report, “Risky Analysis: Assessing and Improving AI Governance Tools.” This report sets out a definition of AI governance tools, documents why and how these tools are critically important for trustworthy AI, and where these tools are around the world. The report also documents problems in some AI governance tools themselves, and suggests pathways to improve AI governance tools and create an evaluative environment to measure their effectiveness. AI systems should not be deployed without simultaneously evaluating the potential adverse impacts of such systems and mitigating their risks, and most of the world agrees about the need to take precautions against the threats posed. The specific tools and techniques that exist to evaluate and measure AI systems for their inclusiveness, fairness, explainability, privacy, safety and other trustworthiness issues — called in the report collectively AI governance tools – can improve such issues. While some AI governance tools provide reassurance to the public and to regulators, the tools too often lack meaningful oversight and quality assessments. Incomplete or ineffective AI governance tools can create a false sense of confidence, cause unintended problems, and generally undermine the promise of AI systems. The report contains rich background details, use cases, potential solutions to the problems discussed in the report, and a global index of AI Governance Tools.
National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.