On April 10, 1967, the Alberta College of Pharmacists prohibited pharmacists from offering customers inducements for the purchase of prescription drugs, blood products or professional services,1 stating that "[i]nducements cloud decisions that should be based solely on the best healthcare. Providing inducements [for Rx drugs] is disruptive to: impartial decision-making, the coordination and continuity of care; and the effective operation of health teams and Alberta's health system".2Currently, seven other provinces have rules in various forms that prohibit or restrict pharmacists' use of such inducements. In response, the "Coalition of Consumer Choice", a group of retail grocers, consumer associations and patient advocates, are opposing the prohibition through an "I Earned It" petition calling on the provincial government to overturn it. Some have said that Rx loyalty programs build stronger bonds between patients and their pharmacies and encourage better patient adherence to prescription medication.
The conflict of interest debate for health professionals practicing their profession in a retail environment is not new. It has become increasingly complex, particularly with interprofessional collaboration. Historically, the debate has concerned pharmacists selling Rx drugs (and medical devices), opticians and optometrists selling corrective lenses, and physicians having a business interest in pharmacies and other for-profit ventures. The debate will continue to engage health professionals practicing in team settings.
This bulletin reviews customer loyalty programs from a different perspective. Privacy considerations should be top of mind when developing and implementing Rx (and other) customer loyalty programs, particularly in light of new sophisticated data mining technologies and increasing cross-border transfers of personal information.
Pharmacies may very well have the altruistic goal of encouraging patient adherence to prescription drugs. But stores generally launch customer loyalty programs to gain a bigger share of revenue by rewarding individuals for shopping at their store. The more money a customer spends, the greater the rewards. Often, customers can accumulate points that they redeem for "free" goods; sometimes, they can accumulate extra points when they purchase specific goods. Plastic loyalty cards with a magnetic strip or barcode contain a unique identification number. They enable the store to monitor a customer's transactions. When a purchase is made, data about the purchase (e.g. the product, place of purchase and date) is recorded. Over time, a customer's behavioural information gathered through the loyalty card can be substantial. And often, that data is collected and mined as part of a larger business intelligence initiative. The store can use the mined data to predict trends, refine marketing approaches and potentially sell aggregated data and insights to third parties.4 As data aggregation and mining has evolved, its impact on privacy has become increasingly complex and controversial. The main privacy concern is that profiles of individuals can be created. Once created, they can be disclosed inadvertently upon a security breach taking place.
Privacy Best Practices
Before a pharmacy embarks on an incentive program involving Rx drugs in those jurisdictions where it is allowed, the following matters (among others) should be diligently considered and addressed.
Another significant issue concerns Rx data that can be accessed from a Canadian pharmacy in the U.S. The terms and conditions of the program should clearly discuss the implications, and the Canadian pharmacy should ensure that it is in compliance with legal requirements pertaining to the cross-border transfers of personal information (some jurisdictions, such as Quebec, have stringent legal requirements for the transfer of personal information to foreign jurisdictions). In one situation, the U.S. Drug Enforcement Agency subpoenaed records from the database of a supermarket chain looking to see if certain individuals had purchased large quantities of plastic bags commonly used in drug transactions.6 Consider the case of the disabled Canadian woman who was denied entry to the U.S. because Homeland Security accessed a database that showed she had been hospitalized for clinical depression.7 If data is accessed or stored in the U.S., Homeland Security would have access to all customer loyalty program members' Rx drug histories. Customers should be made aware of this and, if participating members, be informed that they can opt out of having their pharmacy record their Rx drug data in the program database. Pharmacies should also consider if some Rx drug data is too sensitive to collect for purposes of the program (e.g. psychotropic, HIV/AIDS drugs) and limit their collection appropriately.
The pharmacy should consider if it will aggregate data and sell it to third parties. If so, the pharmacy should inform its customers of this and obtain their prior consent. While customers do not, generally, have privacy rights over aggregated data, this information might impact the validity of their knowledgeable, informed consent. Another issue that could impact informed consent is the ability of a pharmacy to change the program's terms and conditions, including changes that devalue conversion rates.8 When a customer weighs the benefits of joining an Rx drug program with the risks, the value of the points might be a consideration and informed consent might be negated.
The pharmacy must put appropriate privacy protections into its systems. Consider CVS's 50-million-member ExtraCare loyalty program, which had a potential security problem. Anyone with a member's card number, ZIP code and last name could access information concerning a member's over-the-counter drug and family planning purchases because CVS did not password protect this information. Access to a customer's ExtraCare number was simple. It is printed on all CVS receipts and is readable on keychain cards (which may be accessed by parking valets). Upon becoming aware of this security flaw, CVS pulled Internet access to the data. The access was restored after CVS added security to the site.9
The pharmacy must consider the result if a customer withdraws from a loyalty program. Will all information pertaining to the customer, including the purchase history, be removed from the loyalty program records permanently? The intent should be clearly set out in the terms and conditions.
A thoughtful legal and policy analysis at the commencement of a data aggregation and mining program (or a program that might appear to the public to have data mining potential) is worthwhile to avoid scrutiny from the public and privacy advocates once an Rx drug loyalty program is underway. It might be wise to bring in the appropriate privacy experts at the developmental stage to get input. It is certainly wise to consult with qualified legal counsel in developing the privacy framework for the program.