Horrors! A big corporation is looking to snatch your health-care privacy rights for a mere pittance to do who-knows-what with your prescription drug use information.
That’s one view. Another take is that a successful company serving millions of people is simply hoping to retain customers and market to them more effectively — as well as reward them in the process — without skirting federal laws.
This big corporation is CVS Caremark Corporation (NYSE:CVS). In February, CVS Caremark Corporation (NYSE:CVS) expanded its popular ExtraCare customer rewards program to include prescription drug purchases. The company will pay customers $5 for every prescription filled in store credits — up to $50 each year — for enrolling in its ExtraCare Pharmacy and Health program. The catch is that customers must agree to sign “HIPAA Authorization form” to participate. It’s this HIPAA requirement that has stirred some controversy.
Hooplah over HIPAA
In case you’re not familiar with HIPAA, the acronym stands for the Health Insurance Portability and Accountability Act. The federal law, passed in 1996, included significant changes for the health care industry. One of those changes was the Privacy Rule, which regulates how protected health information can be used and disclosed by health-care providers, insurers, and other entities.
CVS Caremark Corporation (NYSE:CVS) anticipated that some customers would wonder why they need to sign a HIPAA authorization to participate in the ExtraCare prescription drug program. That’s why the company addressed the issue on its website. CVS Caremark Corporation (NYSE:CVS) says that the HIPAA Authorization needs to be signed to allow its pharmacy business unit to “record the prescription earnings of each person who joins the ExtraCare Pharmacy & Health Rewards program.”
That doesn’t sound too bad. However, when you go through the enrollment process for ExtraCare, you must acknowledge that your “health information may potentially be redisclosed and thus is no longer protected by the federal Privacy Rule.” Recording prescription earnings is one thing, but giving up your rights to have your health information protected from disclosure is another matter altogether.
What really makes the CVS Caremark Corporation (NYSE:CVS) requirement puzzling is that several of its key competitors don’t require customers to sign a HIPAA authorization to join their rewards programs. Walgreen Company (NYSE:WAG) offers its Balance Rewards program that allows customers to earn points on prescription drug purchases that can be redeemed for discounts on future purchases. The company specifically states on its website that its any information collected through the program will be handled in a way that fully complies with HIPAA.
Rite Aid Corporation (NYSE:RAD)‘s Wellness+ program works in a similar manner to the loyalty programs for both CVS and Walgreen Company (NYSE:WAG). Like Walgreen Company (NYSE:WAG), though, Rite Aid Corporation (NYSE:RAD) doesn’t require customers to relinquish any rights to privacy protection.
So why does CVS Caremark Corporation (NYSE:CVS) push customers to sign the HIPAA authorization? The company’s privacy policy states that CVS won’t sell personal information for marketing purposes. However, the policy does say that “in limited circumstances” the company may share information with third parties to provide customers “with technologies, services, or content that may be of interest” or to assist CVS in processing orders.