They Know You Buy Their Drug and They Want
to Sell You More
By Jordan Robertson and Shannon Pettypiece Dec 10, 2014 12:00 AM ET
Chris Ratcliffe/Bloomberg
Ever since the days of castor oil laxatives and mercury syphilis tablets, pharmacists and patients
have had a tacit understanding: whatever you buy, the information is confidential.
No longer. Drugmakers and Internet companies are quietly joining forces to link U.S. pharmacy
records with online accounts to target ads to people based on their health conditions and the
prescription drugs they buy.
In a little-known process, third-party companies assign patients unique numerical codes based
on their prescription-drug records, a practice websites also rely on to track their registered
users. The two sets of data can be linked without names ever changing hands, allowing
pharmaceutical companies to identify groups that use a specific medicine and send them
tailored Web ads.
The practice has become an essential part of the $1 trillion pharmaceutical industry’s digital
marketing efforts. The industry says the technique complies with federal medical privacy laws
because patients’ names are concealed. Still, critics see it as a breach of confidentiality.
“Marketers are treating our health data as if we were buying a pair of pants or a book,” said Jeff
Chester, executive director of the Center for Digital Democracy, a privacy group in Washington.
“That’s unconscionable. These are highly personal, sensitive decisions that people make.”
Blind Spot
The technique’s growing use is raising alarms that technological advances are undoing
protections provided by the Health Insurance Portability and Accountability Act, the federal
medical privacy law, according to Bloomberg interviews with more than 60 industry executives,
regulators and privacy advocates. Websites and data firms exist in a legal blind spot because
HIPAA applies to doctors, hospitals, pharmacies, insurance companies and their contractors.
(The infographic has been saved as a powerpoint file that is part of the assignment.)
The notion of privacy is so fundamental to the medical profession that it is enshrined in the
Hippocratic Oath from ancient Greece, which required doctors to swear that they would keep
secret all patient information. The modern-day pharmaceutical profession adheres to that
message. The International Pharmaceutical Federation’s code of ethics requires that members
“respect and protect the confidentiality of patient information.” Is the matchback process
ethical, or just a technical loophole is our laws? Do corporations have an obligation to
shareholders to exploit loopholes?
Your Code
The process that worries Chester and others is known as a matchback and represents the
cutting edge of medical data analytics, an industry that McKinsey and Co. projects will surpass
$10 billion in revenues by 2020.
More on Putting Patient Privacy at Risk:
Did You Know You Had Diabetes? It's All Over the Internet
Your Doctor Knows You're Killing Yourself. The Data Brokers Told Her
Here’s how matchbacks work: Companies known as data brokers -- IMS Health Holdings Inc. is
one of the biggest -- have amassed hundreds of millions of prescription records, buying them
from drug benefit managers such as Express Scripts Holding Co. and CVS Health Corp. The
brokers use algorithms to substitute patients’ names with numerical codes. They then partner
with websites that rely on the same software to transform their users’ data. Drugmakers pay
the websites to match the two sides. Most consumers who have filled a prescription at a
drugstore in recent years have been assigned a permanent code, which can be used to send
them customized ads. The drugmakers do not know your name but instead identify you as a
numerical code. Similar to advertisers who only know an IP address???
The industry views matchbacks as an aid to people looking for medical information online and
giving drugmakers more clarity. Only aggregate information is shared with pharmaceutical
companies, and people are targeted in groups, executives said.
Modern Coupon
“It involves tracking patients over time anonymously,” said Jody Fisher, director of U.S. product
management for Danbury, Connecticut-based IMS, which has dossiers on more than 500 million
patients worldwide. “It helps all stakeholders identify patterns of behavior that make delivery
of health care more efficient.”
Matchbacks are part of a broader trend of pharmacies, hospitals and others riffling through
Americans’ medicine cabinets. Hospitals are scouring credit-card records to learn about
patients’ vices such as smoking and unhealthy eating, hedge funds are listening on health
forums to glean pharmaceutical investment tips, and marketing companies are aggregating bits
and pieces of information to assemble lists of people suffering from certain conditions.
NJWELL offers $100 debit cards to users who respond to a survey that can be combined with
our insurance info and presumably sold.
The concept behind matchbacks isn’t new. For decades, retailers have hired marketing firms to
link the names on their sales receipts back to lists of people who were sent promotional
coupons, with a view to boosting sales of everything from soap to oatmeal by targeting ads to
their shoppers. Now, the growth of the Web combined with the advent of powerful data mining
has enabled pharmacy companies to adopt the practice. Is the gathering, purchasing and
analysis of medical information different from our decisions on clothes or groceries?
New World
Data firms that perform matchbacks other than IMS include Symphony Health Solutions, which
is part of private-equity firm Symphony Technology Group in Palo Alto, California, and Crossix
Solutions Inc., a startup in New York.
Haren Ghosh, former chief research and analytics officer for Symphony Health Solutions, said
the technique is misunderstood and privacy concerns are slowing companies’ ability to deliver
more value to drugmakers and patients.
The goal is more personalization of ads without knowing the patients’ names. Does the coding
of names insure privacy?
“That is the world we are going to,” said Ghosh, who left Symphony in March to start Analytic
Mix Inc., a marketing and data-analytics firm. A spokeswoman for Symphony did not return emails and telephone messages.
Crossix only performs matchbacks for websites whose users opt in, often by registering, said cofounder Asaf Evenhaim. The company uses multiple layers of anonymization to ensure that
patient identities can’t be learned, he said.
“There’s a difference between making a link and knowing who a person is,” he said. “I’m very
proud of what we do and how we do it.” Once the information is gathered and stored, we
may trust Crossix but do we trust that the information will never be available to others with
different purposes and different ethics?
Reading Your Mind
Still, a prescription for, say, Viagra or Prozac isn’t the same as a grocery receipt, and as drug
matchbacks become better understood, they’re raising concerns among patients about medical
information available on the Web.
“Just because something’s legal doesn’t mean morally that it’s right,” said Aaron Laxton, a 35year-old social worker from Saint Louis, Missouri who was diagnosed with HIV three years ago.
Laxton, who has chronicled his post-diagnosis journey in a series of YouTube videos, said he is
not surprised to see ads for new HIV medications as he travels the Web, but worries that he
may be the target of a more subtle form of profiling, based on knowledge of his medical
records. He said he is routinely shown banner ads for sleeping pills -- a type of drug he has long
taken yet rarely discusses or researches on the Internet.
“It’s this uncanny sense of, is this computer reading my mind?” he said. “It’s almost as if the
computer pops up the ad even before the thought pops in your head.”
Headache Gone
That’s exactly the idea. And matchbacks have solved one of the pharmaceutical industry’s
biggest marketing headaches: they do away with the layer of physicians, pharmacists and
insurers that stood between drugmakers and their clients in the past.
“This is the holy grail for every pharmaceutical company, to know that there’s a way to look
back to actual script information,” Helene Monat, a veteran of the targeted advertising
industry, said in an interview.
The pharma industry, grappling with the expiration of patents on bestselling therapies, is
turning to matchbacks to hunt down new customers. Spending on overall consumer marketing
rose 10 percent to $3.72 billion last year, according to IMS.
Sanofi uses matchbacks to promote Lantus, Apidra and Auvi-Q, which treat diabetes and lifethreatening allergic reactions known as anaphylaxis, said Stacy Burch, a spokeswoman for the
Paris-based drugmaker. London-based AstraZeneca Plc uses matchbacks for all of its products
and digital-advertising channels, according to spokeswoman Alisha Martin.
Coding Process
Not all drugmakers endorse the practice. GlaxoSmithKline Plc (GSK) has stopped using them
after the London-based company became concerned that the practice may violate consumer
privacy and that websites aren’t informing users, said spokeswoman Sarah Alspach. Websites
must “uphold appropriate privacy standards” and be transparent about how data is used, she
said.
For websites, matchbacks promise lucrative ad deals. Yahoo.com and EverydayHealth.com,
which operates the second-biggest U.S. health site after WebMD, say they have used them to
attract new pharmaceutical advertisers and refine the targeting of their ads.
So-called de-identified databases can be accurately linked as long as algorithms are the same
on all sides. IMS and other firms manage the coding process across their networks of data
suppliers.
Tolerating Surveillance
Pharmacy matchbacks can be viewed as invasive but they are also a logical extension of
decades of work to personalize the computing experience, a trend that many consumers
embrace, according to Paul Arthur, professor of digital humanities at the University of Western
Sydney.
“We tolerate surveillance much more now, and even celebrate it,” Arthur said.
Federal regulators said they were not aware of the practice until contacted by Bloomberg
News.
The U.S. Department of Health and Human Services’s Office for Civil Rights, which polices
health-privacy laws, declined to comment for this article because it’s unfamiliar with
matchbacks, said spokeswoman Rachel Seeger. Companies that perform matchbacks could be
in violation of privacy laws if they do not notify customers that their data is being used for this
purpose, according to Peder Magee, a senior attorney in the Federal Trade Commission’s
division of privacy and identity protection.
Sensitive Categories
Since 2011, Yahoo, the biggest U.S. Web portal, has used IMS to perform matchbacks and help
target ads to registered users who are likely suffering from specific conditions, said Suzanne
Philion, spokeswoman for the Sunnyvale, California-based company. About 100 million people
have records in both IMS and Yahoo’s databases, according to Bill Drummy, founder and CEO of
ad agency Heartbeat Ideas, who has worked with both companies. Both Yahoo and IMS
declined to comment on the number.
“These ads are not targeted on an individual basis,” Philion said in an e-mailed statement.
“There are certain sensitive medical categories which we exclude from any ad targeting, and all
ads and ad targeting are in full compliance with HIPAA.”
In 2012, Everyday Health (EVDY) performed matchbacks on some of its 65 million registered
users to show the high number of people who switch medications after seeing ads on the site.
As many as eight out of every 10,000 people converted, the company found.
Now A Necessity
“Respecting our users’ privacy is paramount,” Alan Shapiro, general counsel and chief privacy
officer for the New York-based company, wrote in an e-mail. “We strictly adhere to all industry
guidelines and best practices including giving our users the ability to easily opt out.”
Neither Yahoo nor Everyday Health’s privacy policy mention the practice. Google Inc. (GOOG),
Facebook Inc. (FB) and Microsoft Corp. said they don’t use prescription-drug matchbacks.
WebMD, the leading U.S. health website, wouldn’t say whether it uses matchbacks. The
company does its best to support advertising customers’ needs while protecting user privacy,
according to spokesman Michael Heinley.
Matchbacks are valuable for websites beyond just luring new advertisers, because they offer
proof about which targeted ads are driving users to fill certain prescriptions.
Sites that don’t use them risk losing out, said Jim Curtis, chief revenue officer of Remedy Health
Media. The company relies on matchbacks to secure ad buys from drugmakers above $250,000,
he said.
Some clients come into negotiations requiring them, according to Curtis. “It used to be very
innovative, and now it is a necessity,” he said.
$100,000 Premium
Drugmakers pay a premium for the targeted ads. Matchbacks can add as much as $100,000 to
the price of running a digital advertising campaign, said Drummy of Heartbeat Ideas, in part
because they give drugmakers and websites extraordinary insights.
Some 12 to 25 percent of prospects who visit a brand website and whose activities were later
measured using matchbacks go on to seek a prescription from a doctor, according to Drummy.
Yet as the practice becomes more widely known, drugmakers will face a challenge convincing
consumers and patients that matchbacks are legitimate and that their secure codes can’t be
cracked.
“They’re fooling around with the term anonymous,” said Joe Turow, a professor of
communication at the University of Pennsylvania who has testified before Congress on healthdata companies. “It’s kind of a euphemism now for being able to track somebody.”
Watering Hole
Recent abuses are giving weight to that concern. Epic Marketplace, an advertising firm in New
York, was caught looking at people’s health searches by exploiting a flaw in Web browsers. Epic
couldn’t be reached for comment. Its websites have been taken offline and a working phone
number couldn’t be found.
Health clinics in Illinois and Australia had their electronic records encrypted and held for
ransom by hackers. In Utah, data containing the medical records of 780,000 patients were
stolen from a government server.
What’s more, hospitals routinely share patient records that are sold by some states in formats
that can be used to re-identify people and their conditions.
Critics say the lesson from earlier cases is that long-term tracking poses risks to privacy, no
matter who the custodian is or what form the data takes.
“My information is mine, whether you put a name associated with it or you put a number
associated with it,” said Jim Pyles, a health lawyer and medical privacy expert with Washingtonbased Powers Pyles Sutter & Verville PC. Matchbacks are like hunting by “waiting at a watering
hole for a thirst-ridden animal to show up,” he said. “There’s something really tawdry about it.”
To contact the reporters on this story: Jordan Robertson in Washington at
jrobertson40@bloomberg.net; Shannon Pettypiece in New York at spettypiece@bloomberg.net
Questions
You will need to review the .pptx file before answering.
1. Can the anonymity of user data be guaranteed for all time?
2. Can damage to consumers be caused by a data breach? If yes, describe a situation
where you might be damaged by a data breach by any of the parties discussed in the
article and the pptx file.
3. Name the persons, partnerships and corporations which handled or possessed sensitive
information at various points in the process described in the .pptx file.
4. Which of the parties identified in #3 do you believe have communicated to the
consumer their privacy policies regarding use of anonymous, but potentially breached,
sensitive information, as required by the FTC?
5. Name corporations that have been suffered data breaches in the past 12-18 months.
6. Who should be responsible for damages in the case of a data breach?
7. Do you believe privacy practices of health care companies in this case study should be
more tightly regulated by the government? Explain your answer.
8. Do you believe privacy practices of social media and other electronic entertainment
companies, such as Yahoo or Twitter, should be more tightly regulated by the
government? Explain your answer, including a comparison to your answer in #7.