Albertsons Sued Over Customer-Data Privacy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
News
9/15/2004
10:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Albertsons Sued Over Customer-Data Privacy

Privacy group accuses grocery-store chain of misusing customers' pharmacy data.

The Privacy Rights Clearinghouse, a San Diego-based nonprofit consumer advocacy group, filed a lawsuit last week alleging that supermarket chain Albertsons and its pharmacy units, SavOn, Osco, and Jewel-Osco, violated the privacy rights of thousands of customers by selling confidential medical information to drug companies.

Albertsons responded in a statement: "We highly value and respect the privacy of our pharmacy customers and do not sell, nor have we ever sold, their private information. We consider the allegations in this complaint to be false and totally without merit--and we will vigorously defend ourselves against them."

A number of leading pharmaceutical companies are also named in the lawsuit, initially as "Doe Defendants." These alleged "aiders and abettors" include Allergan, Aventis, AstraZeneca, Bristol-Meyers Squibb, Eli Lilly, Galderma, GlaxoSmithKline, Merck, Novartis, Otsuka America Pharmaceuticals, Pfizer, Proctor & Gamble, Schering Plough, TAP Pharmaceutical Products, Teva Pharmaceutical, and Wyeth.

Eli Lilly, Merck, and Pfizer did not respond to requests for comment.

The lawsuit alleges that Albertsons improperly used and disclosed medical information to assist drug companies in the marketing of pharmaceutical products. The marketing takes the form of mailings and phone calls, and appears to be prescription renewal reminders or suggestions about alternate medications.

Jeffrey R. Krinsk, an attorney with San Diego-based Finkelstein & Krinsk, the law firm representing the Privacy Rights Clearinghouse, says that the marketing messages are deceptive. "Recipients are led to believe that it's part of a program that's directed at their welfare, but it's directed to enhancing drug consumption," he says.

Under the Health Insurance Portability and Accountability Act, this practice is not illegal. While the federal medical privacy law prohibits the use of health information for marketing purposes without patient authorization, it exempts certain activities from the statutory definition of "marketing." But California's Confidentiality of Medical Information Act, conceived to close this loophole in HIPAA, defines marketing in more expansive terms.

"The specific California code provision that we're dealing with prohibits the pharmacy from selling, sharing, or otherwise using any medical information for any purpose," Krinsk explains. "The critical distinction that they make, that we believe is of no consequence, is they say that they don't sell the information. They claim that the process that they employ doesn't constitute selling or using of information. Rather than selling the names and addresses they instead either handle [the data] internally or handle some of it internally and then contract out to third-party administrators. We allege that's a distinction without a difference."

This isn't the first case involving retail stores and alleged misuse of medical information. In 1998, according to a Massachusetts Superior Court memorandum, the drug-store chain CVS allegedly contracted with data-management company Elensys Care Services to send direct mail pitches to CVS customers promoting new pharmaceutical products. The solicitations, on CVS letterhead, were sent by Elensys and paid for by pharmaceutical companies such as Glaxo and Merck, the memorandum alleges, in direct violation of CVS's privacy policy.

Litigation in the CVS case continues despite the passage of a year without significant activity. The case has been referred to a special master and is currently under advisement. Elenysys has since changed its named to Adheris. The renamed data-management company is working with Albertsons, claims Krinsk, who is also involved in the case against CVS.

"The big issue in all these cases is deception," says John L. Hines, Jr., a partner in the Internet and Technology Practice Group at Chicago law firm Sachnoff & Weaver. "You say you're going to do one thing and you don't do it."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll