This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American
The proposed merger between pharmacy chain CVS and insurer Aetna would give the new combined company greater leverage to engage in a commercial trade in patient data that is largely hidden from the public but completely legal.
Prior to the proposed merger, Aetna was notable among leading insurers for not selling anonymized patient data. By contrast, CVS, like many pharmacy chains, has long sold and traded prescription records without patient names to medical data mining companies such as IMS Health, which in November renamed itself IQVIA.
“Business being business, I’d be shocked if Aetna’s conservative policies weren’t relaxed following completion of the merger,” said Tom Russell, the former chairman of IMS, long the dominant medical data mining company.
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
“Additional revenue from third parties may prove too tempting to pass by and I do not see this as a useful outcome, at least from a privacy standpoint,” he said in an e-mail. “That alone could draw unwelcome attention from the regulatory agencies.”
Aetna has stood apart from rivals such as UnitedHealth, Anthem and Blue Cross Blue Shield, which have set up subsidiaries to sell anonymized data about tens or hundreds of millions of patients.
Kathe Fox, Aetna’s vice president of informatics, told me in 2015 that the company had long embraced a policy against selling or monetizing its customer data. “This policy decision emanates from a strong belief that our data should only be used to support efforts which advance the health of our members,” she said. “Data from self-insured customers are owned by the customer.”
She declined to comment on any possible changes to this policy after the merger, as did Aetna spokesman Ethan Slavin.
“We are only a couple of days into this, lots of decisions of this sort to make. But it is not made yet,” Troyen Brennan, executive vice president and chief medical Officer of CVS Health, said in an e-mail.
Aetna and CVS hinted at a wider use of patient data in a statement on December 3 announcing the merger. “The entire health care system will also benefit from broader use of data and analytics, leading to improved patient health at substantially lower cost,” it said.
Historically, anonymized patient data has mostly been used to promote drug company sales and marketing efforts. Pharmacies such as CVS selling prescription records do name doctors, allowing data miners to compile reports for pharmaceutical firms to tailor sales pitches to individual physicians.
Companies engaged in the patient data trade say they scrupulously abide by U.S. Health Insurance Portability and Accountability Act (HIPAA) rules, which allow the sale of such information shorn of a patient’s name. Gender, age and partial ZIP codes may remain in the sold records.
Supporters of data mining say their information will lead to new discoveries and insights to help health care professionals make informed decisions. Ana Maria Zaugg, former chief marketing officer and vice president for strategic planning at IMS, said the CVS-Aetna merger could lead to more trade in anonymized patient data, but said people should not worry about this trade.
“I am a huge proponent of the potential for deriving beneficial health/treatment insights from integrated patient-level data,” she said. “Anything that facilitates that via additional touch-points or potentiates it through scale is a good thing.”
However, the current system of easy commercial sharing of anonymized information without patient consent poses a growing risk to patient privacy.
Privacy experts say that the more anonymized information one gathers from multiple sources, the easier it becomes to re-identify a person. For example, an outsider might be able to puzzle out which dossier belongs to an anonymous patient just by knowing where they have lived over time. It’s entirely possible that the last three cities where I have lived—Fairbanks, Alaska, the Boston area, and Belgrade, Serbia—uniquely identify me.
Frequent data breaches—with Equifax and its purloined files involving 145.5 million just one major recent example—create more clues that could be used to unlock anonymized information.
In 2015, the insurer Anthem informed 78.8 million customers that a hacker had accessed customer details such as Social Security numbers but not medical information. I also received a notification that my data was hacked—even though I was never an Anthem customer. When I pressed them for an explanation, I learned that my former employer used CVS Caremark to handle the company drug plan. CVS outsourced the administration of the plan to Anthem, which in turn got hacked.
If customers lose the option to pick companies such as Aetna that do not sell their anonymized data, they could become less trusting and less willing to reveal medical secrets. Such reticence might make it more difficult for health care professionals to help patients, which is, of course, why the whole system exists in the first place.