Pharmacies and Data Collection: Evolution of Data Breaches

Back in the 1970s and 1980s, pharmaceutical retail shops across the United States and Europe began to computerize their paper systems. They began computing large volumes of file cabinets containing employee credentials, insurance information and prescriptions.

Digitizing the data began helping these firms in processing orders quickly, detecting mistakes and saving time on billing — a highly complicated issue at the time of insurance, and identity fraud.

Through the digitization of data, consumers began to enjoy added benefits such as the facility of filling prescriptions at various locations in a particular chain that started to emerge as a definite advantage. Quickly, these pharmacists also began to discover that they could leverage their digitized databases to make additional cash.

For instance, when the owner of Medicine Shoppe began to digitize his company’s systems in the early 1980s, he was approached by an affiliate health agency that offered him $50 a month to replicate customer prescription files into floppy disks and send it to the agency by post. Way back then, when this side of revenue emerged, the owner of the pharmacy believed it was a good route to earn additional money.

Also, patients in those days would not have realized the relevance of a pharmacy sharing their prescription information to outsiders that could be used to help pharmaceutical companies target doctors in making precise and advanced marketing and sales initiatives based on their data.

document security

This third-party associated that was founded in 1994 was one of the early data brokers on the scene. Known as IMS Health, they offered in-depth market intelligence data to pharmaceutical organizations and other businesses. By gathering comprehensive prescription and sales details from pharmacies, this early data broker began to provide drug manufacturers with precise reports on the kind of products that were moving from pharmacy shelves.

The reports included prescription details, cost of the medication, the patient’s age and other essential characteristics. In all this, patient names were not always eliminated by pharmacies before sending the data to the data broker.

Regarded as valuable-doctor identified information, IMS Health began to sell these in-depth records of patient prescription chronicles to various drug companies. These manufacturers then began to target specific physicians in precise marketing and sales initiatives. These drug manufacturers began to recognize that physicians were now the sentries to a profitable market. And in this, there emerged a considerable surge of pharmaceutical manufacturers flocking to buy IMS Health reports.

Today, a well-established pharmaceutical manufacturer could pay $10-$40 million annually for the products and services sold by IMS Health. And regardless of the cost, no matter how high the price, it is imperative that every drug company has access to such data. In turn, pharmacy chains now look to plan for their earnings by selling these databases.

According to data marketing experts, almost everybody in the pharmaceutical business has the arrangement to procure and collect such prescription information. These companies also provide loyalty programs and other incentives to help pharmacy chains in tracking the buying patterns of patients.

With companies beginning to leverage third-party software providers, emerging software companies began to realize the value that information could provide them — and that they need to access the right data to profit from it. This resulted in confidential information — that resides with the company — being gathered and mined by third-party providers — in this case, IMS Health — to leverage and send data products to other organizations. With the proliferation and spread of data, the risk of a data breach across parties in the data supply chain began to rise.

Today, almost every pharmaceutical company in the chain receives and processes tons of data in real-time. How can one secure such confidential information and ensure that it does not fall into the wrong hands? With sensitive data being generated and spread across organizations in the pharmaceutical chain, the fact that this information could be monetized in new ways gave rise to a new breed of cybercriminals and hackers waiting for opportunities to steal the data.

How then can organizations ensure that the information they distribute or share with the intended recipient is not altered or replicated for some personal gain?

The only data security technology available today that can exert your right to control how your data is used throughout its lifecycle is digital rights management [DRM]. By using a DRM solution, you can prevent the editing and illegal sharing of your protected content, stop your secured content from being forwarded and shared as well as prevent printing and screen grabbing.  DRM can also be used to enforce document expiry automatically at a given time, or to revoke access to data instantly.

Using DRM you can lock documents to devices, country locations or IP addresses so that content cannot be readily shared or used in unauthorized locations.  By implementing DRM to protect documents and data, you can view how your content is been used, by whom and when. All these factors are critical in ensuring that your data remains safe, without the risk of it being altered or modified without your consent. Overall, DRM is the only solution that can guarantee your data remains secure from a data breach.

About the author

Andy Stewart

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.