Group items tagged

Customers of CVS' pharmacy will be able to import their prescription records into a Google Health account as a result of an expanded deal between the two companies. The deal was announced Monday. An earlier deal already allowed workers whose company uses CVS Caremark to handle drug benefits to use Google Health to store their drug records. The new deal expands this to customers of CVS' network of retail pharmacies. "We now offer all of our consumers the ability to download their prescription and medication history into their Google Health Personal Health Record, whether they are CVS/pharmacy customers, CVS Caremark plan participants or visitors to our MinuteClinic locations," said CVS Caremark Executive Vice President Helena Foulkes in a statement. "By enabling patients to download their prescription information directly into their personal health record, we are helping to close the gap in today's fragmented health care system and provide a full view of a patient's health." To use the tool, the companies said, consumers need to sign up for the prescription management feature on CVS.com as well as be authenticated. With the latest deal, Google said it now believes more than 100 million Americans will have the option of viewing their drug history within Google Health. Microsoft, which is also trying to sign consumers up for its HealthVault service, announced a deal with New York-Presbyterian Hospital on Sunday which will allow patients of that hospital system to export their records to a HealthVault account.

Indianapolis - New developments suggest another drug store giant may face punishment for trashing your privacy. Now, Walgreens wants to settle its case - whether the state wants to or not. 13 Investigates discovered personal information in drugstore dumpsters in Indiana and across the country. WTHR exposed the problem at CVS and Walgreens pharmacies three years ago, and the Indiana attorney general's office has been investigating ever since. Walgreens says it finally has a settlement with the state - or does it? "We reached an agreement on the material terms of a settlement agreement," Walgreens attorney Stacy Cook told the Indiana Pharmacy Board Monday morning. The attorney general's office disagreed. "There was never an agreement that was reached," said Deputy Attorney General Morgan Wills. The attorneys met with the pharmacy board at Walgreen's request because the nation's second-largest drug store retailer says it had a deal the attorney general's office backed out on. "It's simply that they've changed their mind," Cook said. The attorney general's office admits it had started to negotiate terms of a settlement with Walgreens in January, but the state later decided to halt its settlement negotiations when the federal government announced a $2.25 million settlement with Walgreens' rival CVS.

"Drug store chain Walgreens now enables its pharmacy patients to download their prescription history from the Walgreens.com Web site to a personal health record on the Microsoft HealthVault platform. The Deerfield, Ill.-based chain announced last June it would link to HealthVault. Patients registered on Walgreens' site already can access their complete prescription history. Now, that history can also reside in a HealthVault PHR and be automatically updated. Patients can enroll with HealthVault directly from the Walgreens site. The partnership will promote stronger collaboration among patients, pharmacists, physicians and other providers, says Don Huonker, senior vice president of health care innovation at Walgreens. More information is available at walgreens.com/pharmacy and healthvault.com. "

Think twice before giving MicroSoft your personal health care information.

Woonsocket-based CVS Caremark Corp., the largest U.S. drugstore chain, has agreed to pay $2.25 million to settle federal charges that company employees compromised customer privacy by throwing prescription records and drug bottles into open trash bins. The Federal Trade Commission said its investigation with the Health and Human Services Department followed media reports that trash bins behind CVS pharmacies contained pill bottles bearing patient names, credit-card and insurance information, and Social Security numbers. The company also did not have adequate policies for disposing of that information, and did not sufficiently train employees to dispose of the information properly, the agencies said. The items that were not properly discarded included pill bottles, medication instruction sheets, computer order forms, payroll information, job applications and credit-card and insurance information. Those labels and forms contained personal information including Social Security numbers and credit card and insurance information, and in some cases, driver's license numbers and account numbers. Names of the patients' doctors were also included. The settlement "will restore appropriate privacy protections to tens of millions of people across the country," FTC chairman William Kovacic said in a statement. "It also sends a strong message" that organizations "are required to secure consumers' private information," he said.

"Reporting from Washington - When your doctor writes you a prescription, that's just between you, your doctor and maybe your health insurance company -- right? Wrong. As things stand now, the pharmaceutical companies that make those prescription drugs are looking over the doctor's shoulder to keep track of how many prescriptions for each drug the physician is writing. By obtaining data from pharmacies and health insurers, the drug companies learn the prescribing habits of thousands of doctors. That information has become not just a powerful sales and marketing tool for the pharmaceutical industry but also a source of growing concern among some elected officials, healthcare advocates and legal authorities. "

A health care industry coalition on Monday released a prescriptive security framework that organizations can use to safeguard patient records as they increasingly move online. The framework, released by the Health Information Trust Alliance (HITRUST) -- which represents health care providers, pharmacies, insurers, biotech firms and medical device manufacturers -- is based on well-known standards such as COBIT, NIST and ISO 270001. But this is the first benchmark developed specifically for protecting health data. "It's tailored to protecting health information right out of the gate," Michael Wilson, vice president and chief information security officer of McKesson, the largest U.S. pharmaceutical distributor, told SCMagazineUS.com on Monday. "It's just a different sort of data. It's still structured [like other verticals], but there's a lot more of it in health care." The framework was created to improve adoption rates with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and increase patient confidence in the security of their information. It also arrives on the heels of the new $787 billion economic stimulus bill, about $20 billion of which is earmarked to encourage health care organizations to adopt electronic health records as a way to reduce the number of medical errors and save money. The stimulus bill, in itself, contains srict privacy and security regulations for patient information. The standards took about 18 months to devise and can be implemented by organizations of any size, according to HITRUST. "2009 will be a turning point for information security in the health care industry, when organizations will begin implementing the framework...and create a cascading effect that will impact and benefit the entire health care ecosystem," Daniel Nutkis, CEO of HITRUST, said in news release. Wilson said the framework also will enable companies such as McKesson to show their customers and business partners that they are taki

Still think that today's computer viruses and other malware come from some maladjusted teen out to vandalize your PC to make a name for himself? Think again. The persistent myth is a holdover from days long gone, and it's important to dispel it if you want to know what you're up against-and how to protect yourself. The splashy worms and malicious viruses that clogged entire networks and indiscriminately wiped hard drives are essentially gone. Today, it's all about cash-and lots of it. If there's a way to use evil software to make money, whether it means taking over a PC to send pharmacy-advertising spam, or stealing financial logins and credit card info, or even hacking game accounts, it's out there in some form. There's even a thriving online black market that sells everything from software kits to roll-your-own malware to spam services using infected PCs to reams and reams of credit card data stolen by keylogger malware. It's most important to get rid of this myth in order to get rid of the idea that you can usually tell whether you're infected by obvious signs like big pop-ups or suddenly missing files. Malware writers today work to keep infections as quiet as possible for as long as possible so that they can continue to make money. But it's also important to keep in mind that today's online crooks have become very creative in figuring out how to make money with their malware. Stolen Webmail accounts have been used to send messages to the account's contact list asking for money transfers. Popular online games such as World of Warcraft are a huge target, with thieves raiding hacked accounts to sell the items or in-game currency for real money. So don't assume that there's no risk using an untrusted PC as long as you don't log onto your bank.

Two companies that collect, analyze and sell prescription information are mounting a Supreme Court challenge to New Hampshire's first-in-the-nation law making doctors' prescription writing habits confidential. In an appeal filed March 27, IMS Health Inc. of Norwalk, Conn., and Verispan LLC of Yardley, Pa., tell the high court that the law violates their First Amendment right to free speech in pursuit of their business. The law, aimed at thwarting hard-sell tactics by drug companies to doctors, makes it a crime for pharmacies and others to transfer information disclosing a doctor's prescribing history if the information could be used for marketing of prescription drugs in New Hampshire. Patients' names are not included in the data. The companies say that the ruling by the 1st U.S. Circuit Court of Appeals in Boston that upheld the law's constitutionality could be broadly applied to newspaper publication of stock market information and many other services that gather large amounts of information. The money made by selling the information to drug makers, the companies say, allows them to provide the same material to researchers and humanitarian organizations at little or no cost. The law first took effect in 2006. The following year, U.S. District Judge Paul Barbadoro in Concord ruled in the companies' favor and said the law violated the First Amendment. Another federal judge subsequently ruled against a similar law in Maine, relying heavily on the New Hampshire decision. But the 1st Circuit overruled Barbadoro, calling the law a valid step to promote the delivery of cost-effective health care. "Even if the Prescription Information Law amounts to a regulation of protected speech - a proposition with which we disagree - it passes constitutional muster," the court said. "In combating this novel threat to cost-effective delivery of health care, New Hampshire has acted with as much forethought and precision as the circumstances permit and the

Google never fails to surprise. It's the scope and scale of their ambitions that impresses me ranging as they do from relatively simple applications that are just way cool such as Sky Map, through their Chrome Web browser (which is now looking pretty stable), to the subject of this newsletter: Google Health. Google Health, which was launched as a beta (of course) in spring 2008, is a free repository for your personal health information. Using the service you can create online health profiles for yourself, family members or others you care for (these profiles can include health conditions, medications, allergies and lab results), you can import medical records from hospitals and pharmacies, share your health records with "your care network" (which may include family members, friends and doctors), and browse an online health services directory to find services that are integrated with Google Health. After you sign up you can import your medical records from Allscripts, Anvita Health, The Beth Israel Deaconess Medical Center, Blue Cross Blue Shield of Massachusetts, The Cleveland Clinic, CVS Caremark, Healthgrades, Longs Drugs, Medco Health Solutions, Quest Diagnostics, RxAmerica and Walgreens. What you'll wind up with if you update all of the sections is a pretty complete health profile, which means that privacy has to be a concern. Interestingly, because becoming a subscriber is voluntary it appears that the service is exempt from the provisions of the Health Insurance Portability and Accountability Act of 1996.

The Federal Trade Commission today approved a final consent order settling claims that CVS Caremark violated customers' privacy and the Health Information Portability and Accountability Act (HIPAA) when it failed to dispose of records properly last year. Earlier this year, CVS Caremark agreed to settle FTC charges that it failed to take reasonable and appropriate security measures to protect the sensitive financial and medical information of its customers and employees, in violation of federal law. In a separate but related agreement, the company's pharmacy chain also has agreed to pay $2.25 million to resolve Department of Health and Human Services allegations that it violated HIPAA regulations. "This is a case that will restore appropriate privacy protections to tens of millions of people across the country," said FTC chairman William Kovacic following the settlement. "It also sends a strong message to other organizations that possess consumers' protected personal information. They are required to secure consumers' private information." Under the final consent order, CVS Caremark is required to rebuild its security and confidentiality program, which will be audited every two years for the next 20 years. The HHS settlement requires the company to develop a new training program to instruct employees on how to handle patient data.