Roy, writing at Shrink Rap, has a post about the
prospect of online access to prescription records in the State of
California. The attorney general is proposing a database of
all prescription records, that could be accessed by doctors and
I saw a href="http://www.latimes.com/news/local/la-me-drugs5-2008jun05,0,2974326.story">headline
this morning that the California attorney general is moving to provide
instant access to a patient’s prescription history for doctors and
pharmacists (regulatory boards and law enforcement organizations
currently have ready access to this info).
Roy has some good suggestions on how to set up such a thing, to strike
the correct balance between privacy and good patient care. I
won’t repeat them here. Rather, I urge anyone interested to
go read what Roy has to say. I just have a few comments to
First of all, the problem with drug diversion is very real.
But the newspaper article fails to mention one thing.
It is not merely a problem of individual patients talking
doctors into writing prescriptions. The big problem comes
from organized gangs that have operatives, whom they coerce
into getting these prescriptions. They coach them, learn
which techniques are most effective, and which doctors are most
susceptible. This also occurs in situations of domestic
violence, in which the victim is coerced into obtaining prescriptions
for the abuser.
Without access to a prescription database, there is no defense against
this kind of thing. That is because they learn what kinds of
things raise suspicion, and coach the people to avoid raising those red
Second, although I am a big fan of online databases, I don’t think it
is a good idea to disseminate this information over the Internet.
Imagine, if people knew that Briney Spears’ prescription
records were out there, what kind of hacker firepower would be directed
at getting that information. The defenses will fail,
eventually. Especially in California.
Of course, any system will fail eventually, but the Internet is
well-suited to anonymous attacks. I would be more in favor of
a fax-back system, in which doctor’s offices would have to register fax
numbers, and verify that the fax is secure. I think it would
be easier to track down security breaches that way. Michigan
happens to have system for controlled substances, which
operates on a fax-back basis. The problem is the turnaround
is fairly quick, usually within 24 hours, but it would be more useful
if it could respond within a few minutes.
Third, such a system should not contain direct identifying information
about the prescribing physicians and dispensing pharmacies.
The reason is that it is desirable to limit the impact of any
leaks that may occur. If unauthorized access occurs, the
perpetrator would not be able to see what doctor’s offices or
pharmacies to raid, for more information. They would have to
jump through an additional hoop or two to get that.
Fourth, I really do think it should be an opt-in system.
Patients would have to affirm that they want to participate.
They could specify which providers would have access to the
information, and be able to specify a time limit. They also
should receive automatic notification when their records are accessed.
Personally, I think this should be a standard feature for all
personal information: driver’s license records, voter registration,
credit reports, etc. It would be easy to implement, and would
greatly improve the security. Yes, this would reduce the
usefulness of the system somewhat, but not very much. It
would be perfectly reasonable for physicians writing prescriptions to
ask their patients to opt in, and to ask why not, if a patient refuses.
It might be a little uncomfortable, but doctor-patient
relationships sometimes have to withstand a little discomfort.