A recent report found Walgreens' "Well Experience" pharmacy model in violation of the Health Insurance Portability and Accountability Act (HIPAA).
The September report, issued by labor union-funded Change to Win Retail Initiatives (CtW), used data from 100 observations of 50 stores throughout Florida, Illinois and Indiana. CtW subsequently filed a complaint to Health and Human Services alleging numerous breaches of HIPAA.
Walgreens' "Well Experience" model was launched in late 2011. The model relocates pharmacists from behind pharmacy counters to a work station in front of the counter, moving them away from the actual prescription fill area. From the work station, the pharmacist can remotely monitor pharmacy technicians and check prescription accuracy using photos and video displayed on a computer screen.
The report found pharmacists' computer screens and mobile devices, used to review prescription information, were sometimes unattended and visible to the public. Sensitive phone conversations could also be overheard.
In 80% of stores visited, HIPAA-protected patient information was left unattended and visible to customers in the pharmacy area. Prescription medicine was left unattended and within the reach of customers in 46% of stores visited.
"We don't have a culture of privacy about health information," said Deborah Peel, founder and chair of Patient Privacy Rights, a patient advocacy non-profit. "We've got a nightmarish mess on our hands in healthcare. We're in a new era where people aren't thinking about privacy because they don't yet understand the incredible changes that technology has brought."
The CtW report also alleges the new model increases distractions, lowering the rate of patient counseling. Pharmacists are required by law to offer counseling for prescriptions. The report found an average consultation rate of 8.2% at Walgreens pharmacies.
Walgreens could not be reached for comment.
There's been a push in recent years to expand the pharmacist's role to include medical counseling, something pharmacist groups have lobbied for at the federal level. Although this push provides an additional service to patients, it also shifts the pharmacist's role away from filling prescriptions, leaving technicians with less training in privacy practices to take on that role.
"Of all the places that should have a culture of privacy, pharmacies are it," Peel said. "They need to train staff about what they can do to protect patient information, and they have a legal obligation to do that."
The HIPAA changes that went into effect on Sept. 23 require pharmacies to evaluate their privacy training methods and their detection and reporting protocol if a breach were to occur.
"Prescriptions tell the whole story of health and diseases," Peel said. "You pretty much know what's wrong with the person and how severely ill they are. Pharmacies have tremendously sensitive information that can be used to discriminate against people."
Maryland's state board rejected the model last year. Sen. Edward Markey (D-Mass.) called on Walgreens to respond to questions about the model. The company has yet to issue a statement in response to the controversy.
"As we move forward, we all need to try to find ways to make healthcare less costly," Peel said. "We can't cut corners for quality or privacy to achieve that."
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.