By Mark Hochhauser, Ph.D.
3344 Scott Avenue North
Golden Valley, MN 55422
Research verification, additional tips, and resources provided by Jordana Beebe of the Privacy Rights Clearinghouse.
2. Privacy Missing from Most Online Pharmacy Reports
3. Privacy, Business, and Spam
4. Online Pharmacy Privacy Practices
5. Tips for Consumers
Visits to 50 online pharmacies in early July 2004 found only 11 (22%) with HIPAA Privacy Notices. These same sites also contained a website privacy notice and 4 of those 11 (8% of the total surveyed) were certified by VIPPS (Verified Internet Pharmacy Practice Sites) through the National Association of Boards of Pharmacy (http://www.nabp.net/vipps/consumer/listall.asp). A little over half or 28 sites (56%) had a privacy notice posted.
The Health Insurance Portability and Accountability Act (HIPAA) privacy rule requires health care providers to give adequate notice of uses and disclosures of protected health information. As defined under HIPAA, heath care means "care, services, or supplies related to the health of an individual." including "sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription."
Privacy Missing from Most Online Pharmacy Reports
Although the Federal Trade Commission's (FTC) 1999 Congressional testimony identified several problems with online pharmacies, privacy was not one of them. Issues of online privacy-and spam-were not the important customer or regulatory issues that they are now. (www.ftc.gov/opa/1999/07/pharma.htm)
However, online pharmacy privacy issues were raised in the FTC's July 2000 report, which found several online pharmacies not adhering to their privacy and confidentiality assurances (www.ftc.gov/opa/2000/07/iog.htm). Pharmacy owners were prohibited by the FTC from:
"selling, renting, leasing, transferring or disclosing the personal information that was collected from their customers without express authorization from the customer."
A 2000 article in FDA Consumer (www.fda/gov/fdac/features/2000/100_online.html) identified problems such as sites outside the USA selling unapproved products, or not requiring contact with a physician or a prescription. But the article did not address privacy issues. (Many of the web sites surveyed below did not have a postal address or phone number, and therefore, it was difficult to determine their physical location. Domain name registration information at times indicated that a site might be registered to someone outside of the U.S. as noted below. However, with the majority of the sites reviewed, there was no way to determine if it was operated from the U.S. or another country.)
The FDA's 2001 "Buying Prescription Medicines Online: A Consumer Safety Guide" (www.fda.gov/cder/drug/consumer/buyonline.guide.htm) noted the "lack of assurance of confidentiality and security issues" as a potential risk. FDA recommended that consumers "Look for easy-to-find and understand privacy and security policies," and that consumers should not "provide any personally identifiable information (social security number, credit card, and health history) unless you are confident that the site will protect them. Make sure the site does not share your information with others without your permission." But another FDA guide, "Buying Medicine and Medical Products Online," says nothing about consumer privacy. (www.fda.gov/buyonline/default.htm)
In a March 2004 press release, "Drugstore.com Warns Against the Growing Dangers of Pharmacies Outside US.; Consumers Urged to Seek the VIPPS Seal of Approval before Buying Prescriptions Online," the company warned that buying from online pharmacies ".could seriously increase the risk of receiving counterfeit medicine, incorrect dosages, improperly stored medications, or expired, contaminated or recalled medications. In addition, consumers patronizing overseas pharmacies may be unaware that their private medical information is not protected by the strict Health Insurance Portability and Accountability Act (HIPAA) regulations that govern privacy of both paper-based and electronic medical information in the U.S." For this reason and others, it's a good idea to avoid purchasing medication from companies that you are unable to confirm are located in the U.S. (http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=
For more information about HIPAA, see our fact sheet 8(a) "HIPAA Basics: Medical Privacy in the Electronic Age"
Privacy, Business, and Spam
While a November 2003 article in Business Week analyzed the future business possibilities of online pharmacies, it did not mention privacy issues and their business implications.
A January 2004 Associated Press report listed the 10 most common spam topics as reported by America Online. Number 1 was spam for drugs such as Viagra, Xanax, Valium and Celebrex. Number 2 was spam for online pharmacies. Since you have to buy the drugs at a pharmacy, these are essentially the same ads. If you buy from an online pharmacy, is your identifying information sold to drug or other online pharmacy spammers? Are you at risk for identity theft? Without privacy notices, customers have no way of knowing how their personal, financial, and health information is being used - and misused. (http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=46979)
Online Pharmacy Privacy Practices
|13. canadadrugs.com *||No||Yes||No, has other certification||N/A|
|14. pharmnet.com||No||Yes||No, has other certification||N/A|
|20. healthpluspharmacy.com *||No||Yes||No||N/A|
|Online pharmacies with no privacy protection||HIPAA Notice?||Privacy Notice?||VIPPS|
|29. 1stoppharmacy.com||No||No||No||No Policy Posted|
|No||No||No Policy Posted|
|31. 7-onlinepharmacy.com||No||No||No||No Policy Posted|
|32. buy-online-prescription-drugs.net *||No||No||No||No Policy Posted|
|33. cheap-pharmacy-online.com||No||No||No||No Policy Posted|
|34. cheap-online-pharmacy.info *||No||No||No||No Policy Posted|
|35. legalmedsonline.com||No||No||No||No Policy Posted|
|36. mixpills.com *||No||No||No||No Policy Posted|
|37. mygeneric.com||No||No||No||No Policy Posted|
|38. online-pharmacy-123.com||No||No||No||No Policy Posted|
|39. online-prescriptiondrugs.com||No||No||No||No Policy Posted|
|40. online-scripts.com||No||No||No||Posted Policy|
|41. onlineprescriptionsportal.com||No||No||No||Letter Returned|
|42. prescriptiondrugs.com *||No||No||No||No Policy Posted|
|43. pharmacy-prescriptions.com||No||No||No||Letter Returned|
|44. pillsfast.com||No||No||No||No Policy Posted|
|45. pillstore.com||No||No||No||No Policy Posted|
|46. pillsupplier.com||No||No||No||No Policy Posted|
|47. pillvalue.com||No||No||No||Letter Returned|
|48. rxmeds.com||No||No||No||No Policy Posted|
|49. trustpharma.com *||No||No||No||No Policy Posted|
|50. usa-pharmacy-online.com *||No||No||No||No Policy Posted|
1Although Rite-Aid is not VIPPS Certified, drugstore.com - which processes Rite Aid's online prescriptions - is VIPPS Certified.
* Indicates company that may be located outside the U.S.
Tips for Consumers
If you are a consumer who is considering purchasing prescriptions online, there are a few things that you should check for with the online pharmacy web site.
A reputable online pharmacy will:
- Indicate that it is located in the United States.
- Not share your information with others without your permission.
- Contain a HIPAA Privacy notice.
- Provide a licensed pharmacist who can answer your questions.
- Note that it is registered with a state pharmacy board.
- Require a prescription from a physician or authorized health care provider and then verifies each prescription before dispensing medication.
- Note that the medications it sells are FDA-approved.
If you locate an online pharmacy that is selling prescription drugs that are not approved by the U.S. Food and Drug Administration or that you suspect may be counterfeit or unsafe, file a complaint with the FDA at: http://www.fda.gov/ForConsumers/ProtectYourself/default.htm
You may also want to check with the National Association of Boards of Pharmacy (see Resources below) to determine whether a web site is a licensed pharmacy in good standing.
When you order from a U.S. company, under the Mail Order Sales Rule (see Resources below), you should receive your purchase in the mail within 30 days.
Privacy Rights Clearinghouse
HIPAA Basics: Medical Privacy in the Electronic Age
E-Commerce and You: Online Shopping Tips
Federal Trade Commission
FTC Testifies "Drugstores on the Net:The Benefits and Risks of Online Pharmacies"
A Business Guide to the Federal Trade Commission's Mail or Telephone Order Merchandise Rule
General Accounting Office
Internet Pharmacies: Some Pose Safety Risks for Consumers
National Association of Boards of Pharmacy
The NABP is an independent, international, and impartial association that assists and represents the state boards of pharmacy and jurisdictions in developing, implementing, and enforcing uniform standards for the purpose of protecting the public health.
National Associations of Boards of Pharmacy (NABP)
700 Busse Highway
Parkridge, IL 60068
Listing of State Pharmacy Boards
Listing of State Medical Boards
Verified Internet Pharmacy Practice Sites (VIPPS) Most Frequently Asked Questions
Verified Internet Pharmacies List
U.S. Food and Drug Administration (FDA)
Buying Prescription Medicines Online: A Consumer Safety Guide
Buying Medicines and Medical Products Online
Buying Drugs Online: It's Convenient and Private, but Beware of 'Rogue Sites'
Reporting Unlawful Sales of Medical Products on the Internet