CVS Corp. yesterday cut its ties to a Massachusetts marketing firm that reminds customers to refill prescriptions, saying customers complained that the arrangement might erode the confidentiality of their medical information.
The announcement followed Giant Food Inc.’s announcement it would no longer send customer information to Elensys Inc. of Woburn, Mass., a computer database specialist that also mails out drug information on behalf of pharmacies and pharmaceutical manufacturers.
CVS officials defended their efforts, saying they believed the mailings from Elensys would help customers remember to take their medicine. But they said a storm of criticism, in response to an article about the arrangement in The Washington Post on Sunday, persuaded them to reverse course and stop using the company’s services.
CVS spokesman Frederick McGrail said CVS, the largest pharmacy chain in the area, with 201 stores, also would immediately suspend its own similar efforts handled by CVS staff. McGrail said the company has received about 200 calls from customers in recent days about privacy concerns.
"We think there’s a lot of confusion and misunderstanding and concern among customers," McGrail said, reversing a statement earlier in the week that the company would continue working with Elensys. "To allay this concern, we’re
In an advertisement in The Post today that took the form of a letter to customers, the company said it never sold patient information and limited the information it sent to Elensys. The letter said CVS engaged Elensys to assist "in the administrative mailing function only."
"Extensive measures were taken to ensure patient confidentiality. The refill reminders were intended only to help patients take their medication properly," it said. "However, confusion and misunderstanding expressed by customers has led us to suspend all refill reminders and informational mailings to customers, effective immediately."
Elensys receives information about millions of customers from 15,000 pharmacies in every state. One of the company’s chief tasks is to identify customers who have not refilled prescriptions and send personalized letters urging them to do so. Such efforts are called drug compliance programs.
Elensys also sends out "educational material" from drug manufacturers to customers with particular ailments. Company President Daniel E. Rubin has said drug companies subsidize the mailings by paying pharmacies for the right to send mailings to customers. He said drug companies never get access to pharmacy files.
Rubin did not return phone calls yesterday.
CVS has been using Elensys since June, McGrail said, several months earlier than the company had previously reported. Elensys has sent out compliance or information letters to customers in 24 states who use five different drugs, four more than the company official said in earlier interviews.
Those drugs include Zocor, which treats high cholesterol; Rezulin, for diabetes; and Posicor, for high blood pressure, McGrail said. A CVS official had said Elensys also recently mailed out a letter promoting Zyban, a new
smoking-cessation drug. But McGrail said yesterday that CVS’s staff had handled that mailing.
"It’s the exact same kind of thing," McGrail said.
Business and privacy specialists said the public relations setback that CVS and Giant suffered this week demonstrates how volatile information and privacy issues have become in recent years.
Mary J. Culnan, a business professor at Georgetown University, said the companies appeared to have overlooked a key issue in their quest to take advantage of vast improvements in the ability to manage large computer databases: how customers feel about the use of personal information.
She said companies that use such data need to disclose how they gather personal information, how they use it and how they will protect it from abuse.
"The customers, as I see it, have been left out of the loop," Culnan said of CVS and Giant. She said that both companies should have sought clear consent from customers before starting the programs.
"If you don’t understand it, if you don’t do the right thing… it blows up in your face," she said.
Alan Merten, president of George Mason University, said company policies about how to handle privacy issues have not kept pace with their burgeoning power to gather and manipulate data.
"It looks like they didn’t look before they leaped," Merten, a computer scientist and information systems specialist, said about CVS and Giant. "They weren’t looking at it from the point of view of their customers."