WASHINGTON — Ever since the days of castor oil laxatives and mercury syphilis tablets, pharmacists and patients have had a tacit understanding: whatever you buy, the information is confidential.
No longer. Drugmakers and Internet companies are quietly joining forces to link U.S. pharmacy records with online accounts to target ads to people based on their health conditions and the prescription drugs they buy.
In a little-known process, third-party companies assign patients unique numerical codes based on their prescription-drug records, a practice websites also rely on to track their registered users. The two sets of data can be linked without names ever changing hands, allowing pharmaceutical companies to identify groups that use a specific medicine and send them tailored Web ads.
The practice has become an essential part of the $1 trillion pharmaceutical industry’s digital marketing efforts. The industry says the technique complies with federal medical privacy laws because patients’ names are concealed. Still, critics see it as a breach of confidentiality.
“Marketers are treating our health data as if we were buying a pair of pants or a book,” said Jeff Chester, executive director of the Center for Digital Democracy, a privacy group in Washington. “That’s unconscionable. These are highly personal, sensitive decisions that people make.”
The technique’s growing use is raising alarms that technological advances are undoing protections provided by the Health Insurance Portability and Accountability Act, the federal medical privacy law, according to Bloomberg interviews with more than 60 industry executives, regulators and privacy advocates. Websites and data firms exist in a legal blind spot because HIPAA applies to doctors, hospitals, pharmacies, insurance companies and their contractors.
The notion of privacy is so fundamental to the medical profession that it is enshrined in the Hippocratic Oath from ancient Greece, which required doctors to swear that they would keep secret all patient information. The modern-day pharmaceutical profession adheres to that message. The International Pharmaceutical Federation’s code of ethics requires that members “respect and protect the confidentiality of patient information.”
The process that worries Chester and others is known as a matchback and represents the cutting edge of medical data analytics, an industry that McKinsey and Co. projects will surpass $10 billion in revenues by 2020.
Here’s how matchbacks work: Companies known as data brokers — IMS Health Holdings Inc. is one of the biggest — have amassed hundreds of millions of prescription records, buying them from drug benefit managers such as Express Scripts Holding Co. and CVS Health Corp. The brokers use algorithms to substitute patients’ names with numerical codes. They then partner with websites that rely on the same software to transform their users’ data. Drugmakers pay the websites to match the two sides. Most consumers who have filled a prescription at a drugstore in recent years have been assigned a permanent code, which can be used to send them customized ads.
The industry views matchbacks as an aid to people looking for medical information online and giving drugmakers more clarity. Only aggregate information is shared with pharmaceutical companies, and people are targeted in groups, executives said.
“It involves tracking patients over time anonymously,” said Jody Fisher, director of U.S. product management for Danbury, Connecticut-based IMS, which has dossiers on more than 500 million patients worldwide. “It helps all stakeholders identify patterns of behavior that make delivery of health care more efficient.”
Matchbacks are part of a broader trend of pharmacies, hospitals and others riffling through Americans’ medicine cabinets. Hospitals are scouring credit-card records to learn about patients’ vices such as smoking and unhealthy eating, hedge funds are listening on health forums to glean pharmaceutical investment tips, and marketing companies are aggregating bits and pieces of information to assemble lists of people suffering from certain conditions.
The concept behind matchbacks isn’t new. For decades, retailers have hired marketing firms to link the names on their sales receipts back to lists of people who were sent promotional coupons, with a view to boosting sales of everything from soap to oatmeal by targeting ads to their shoppers. Now, the growth of the Web combined with the advent of powerful data mining has enabled pharmacy companies to adopt the practice.
Data firms that perform matchbacks other than IMS include Symphony Health Solutions, which is part of private-equity firm Symphony Technology Group in Palo Alto, California, and Crossix Solutions Inc., a startup in New York.
Haren Ghosh, former chief research and analytics officer for Symphony Health Solutions, said the technique is misunderstood and privacy concerns are slowing companies’ ability to deliver more value to drugmakers and patients.
The goal is more personalization of ads without knowing the patients’ names.
“That is the world we are going to,” said Ghosh, who left Symphony in March to start Analytic Mix Inc., a marketing and data-analytics firm. A spokeswoman for Symphony did not return e-mails and telephone messages.
Crossix only performs matchbacks for websites whose users opt in, often by registering, said co-founder Asaf Evenhaim. The company uses multiple layers of anonymization to ensure that patient identities can’t be learned, he said.
“There’s a difference between making a link and knowing who a person is,” he said. “I’m very proud of what we do and how we do it.”
Still, a prescription for, say, Viagra or Prozac isn’t the same as a grocery receipt, and as drug matchbacks become better understood, they’re raising concerns among patients about medical information available on the Web.
“Just because something’s legal doesn’t mean morally that it’s right,” said Aaron Laxton, a 35-year-old social worker from Saint Louis, Missouri who was diagnosed with HIV three years ago.
Laxton, who has chronicled his post-diagnosis journey in a series of YouTube videos, said he is not surprised to see ads for new HIV medications as he travels the Web, but worries that he may be the target of a more subtle form of profiling, based on knowledge of his medical records. He said he is routinely shown banner ads for sleeping pills — a type of drug he has long taken yet rarely discusses or researches on the Internet.
“It’s this uncanny sense of, is this computer reading my mind?” he said. “It’s almost as if the computer pops up the ad even before the thought pops in your head.”
That’s exactly the idea. And matchbacks have solved one of the pharmaceutical industry’s biggest marketing headaches: they do away with the layer of physicians, pharmacists and insurers that stood between drugmakers and their clients in the past.
“This is the holy grail for every pharmaceutical company, to know that there’s a way to look back to actual script information,” Helene Monat, a veteran of the targeted advertising industry, said in an interview.
The pharma industry, grappling with the expiration of patents on bestselling therapies, is turning to matchbacks to hunt down new customers. Spending on overall consumer marketing rose 10 percent to $3.72 billion last year, according to IMS.
Sanofi uses matchbacks to promote Lantus, Apidra and Auvi- Q, which treat diabetes and life-threatening allergic reactions known as anaphylaxis, said Stacy Burch, a spokeswoman for the Paris-based drugmaker. London-based AstraZeneca uses matchbacks for all of its products and digital-advertising channels, according to spokeswoman Alisha Martin.
Not all drugmakers endorse the practice. GlaxoSmithKline has stopped using them after the London-based company became concerned that the practice may violate consumer privacy and that websites aren’t informing users, said spokeswoman Sarah Alspach. Websites must “uphold appropriate privacy standards” and be transparent about how data is used, she said.
For websites, matchbacks promise lucrative ad deals. Yahoo.com and EverydayHealth.com, which operates the second- biggest U.S. health site after WebMD, say they have used them to attract new pharmaceutical advertisers and refine the targeting of their ads.
So-called de-identified databases can be accurately linked as long as algorithms are the same on all sides. IMS and other firms manage the coding process across their networks of data suppliers.
Pharmacy matchbacks can be viewed as invasive but they are also a logical extension of decades of work to personalize the computing experience, a trend that many consumers embrace, according to Paul Arthur, professor of digital humanities at the University of Western Sydney.
“We tolerate surveillance much more now, and even celebrate it,” Arthur said.
Federal regulators said they were not aware of the practice until contacted by Bloomberg News.
The Department of Health and Human Services’s Office for Civil Rights, which polices health-privacy laws, declined to comment for this article because it’s unfamiliar with matchbacks, said spokeswoman Rachel Seeger. Companies that perform matchbacks could be in violation of privacy laws if they do not notify customers that their data is being used for this purpose, according to Peder Magee, a senior attorney in the Federal Trade Commission’s division of privacy and identity protection.
Since 2011, Yahoo, the biggest U.S. Web portal, has used IMS to perform matchbacks and help target ads to registered users who are likely suffering from specific conditions, said Suzanne Philion, spokeswoman for the Sunnyvale, California-based company. About 100 million people have records in both IMS and Yahoo’s databases, according to Bill Drummy, founder and CEO of ad agency Heartbeat Ideas, who has worked with both companies. Both Yahoo and IMS declined to comment on the number.
“These ads are not targeted on an individual basis,” Philion said in an emailed statement. “There are certain sensitive medical categories which we exclude from any ad targeting, and all ads and ad targeting are in full compliance with HIPAA.”
In 2012, Everyday Health performed matchbacks on some of its 65 million registered users to show the high number of people who switch medications after seeing ads on the site. As many as eight out of every 10,000 people converted, the company found.
“Respecting our users’ privacy is paramount,” Alan Shapiro, general counsel and chief privacy officer for the New York-based company, wrote in an e-mail. “We strictly adhere to all industry guidelines and best practices including giving our users the ability to easily opt out.”
Matchbacks are valuable for websites beyond just luring new advertisers, because they offer proof about which targeted ads are driving users to fill certain prescriptions.
Sites that don’t use them risk losing out, said Jim Curtis, chief revenue officer of Remedy Health Media. The company relies on matchbacks to secure ad buys from drugmakers above $250,000, he said.
Some clients come into negotiations requiring them, according to Curtis. “It used to be very innovative, and now it is a necessity,” he said.
Drugmakers pay a premium for the targeted ads. Matchbacks can add as much as $100,000 to the price of running a digital advertising campaign, said Drummy of Heartbeat Ideas, in part because they give drugmakers and websites extraordinary insights.
Some 12 to 25 percent of prospects who visit a brand website and whose activities were later measured using matchbacks go on to seek a prescription from a doctor, according to Drummy.
Yet as the practice becomes more widely known, drugmakers will face a challenge convincing consumers and patients that matchbacks are legitimate and that their secure codes can’t be cracked.
“They’re fooling around with the term anonymous,” said Joe Turow, a professor of communication at the University of Pennsylvania who has testified before Congress on health-data companies. “It’s kind of a euphemism now for being able to track somebody.”
Recent abuses are giving weight to that concern. Epic Marketplace, an advertising firm in New York, was caught looking at people’s health searches by exploiting a flaw in Web browsers. Epic couldn’t be reached for comment. Its websites have been taken offline and a working phone number couldn’t be found.
Health clinics in Illinois and Australia had their electronic records encrypted and held for ransom by hackers. In Utah, data containing the medical records of 780,000 patients were stolen from a government server.
What’s more, hospitals routinely share patient records that are sold by some states in formats that can be used to re- identify people and their conditions.
Critics say the lesson from earlier cases is that long-term tracking poses risks to privacy, no matter who the custodian is or what form the data takes.
“My information is mine, whether you put a name associated with it or you put a number associated with it,” said Jim Pyles, a health lawyer and medical privacy expert with Washington-based Powers Pyles Sutter Verville PC. Matchbacks are like hunting by “waiting at a watering hole for a thirst- ridden animal to show up,” he said. “There’s something really tawdry about it.”
Were you interviewed for this story? If so, please fill out our
Send questions/comments to the editors.