Saturday, November 8, 2008

Ethics and Extortion

Express Scripts, one of the largest pharmacy benefit management (PBM) companies in the U.S., recently reported a security breach and a blackmail threat. Here's what the company said on a website it established for concerned customers:
In early October, Express Scripts received a letter from an unknown person or persons trying to extort money from the company. This unknown person or persons threatened to expose millions of the company’s members’ records on the Internet if the extortion threat was not met. The extortion letter included personal information on 75 members including their social security numbers, addresses, dates of birth, and in some cases, prescription information.

Express Scripts notified the FBI immediately after receiving the letter and there is an official investigation underway. We also notified the members whose information was contained in the extortion letter. The company has also launched its own investigation with the help of top experts in data security and computer forensics.

While we are unaware at this time of any actual misuse of any members’ information, we understand the concern that this situation has caused our members.

This site is designed to keep you updated on developments concerning that situation and to provide you with important tools and resources to help protect yourself against identity theft.

We are taking this situation very seriously and want to reassure you that we are committed to doing what we can to secure your data.
This is VERY bad news. PBM data bases are a crucial source of information for the kind of epidemiological research and comparative effectiveness studies that can allow us to improve outcomes and slow down the cost trend.

A year ago, in a posting on "Information Technology, Ethics, and Integrity," I wrote:
It is increasingly true that IT functions as the nervous system of health organizations. It shapes our capacity to communicate with patients and colleagues. At its best IT enables wide communication combined with privacy protections. It can enhance or impede the quality of clinician-patient relationships.
The security breach at Express Scripts will add to the public's fear about electronic data bases. This isn't just a technical problem. At its best, IT allows us to coordinate our disastrously compartmentalized health system and do much more for our patients. Good ethics isn't just a matter of endorsing good values. We have to be able to put those values into action. Loss of faith in the integrity of health data will tie our hands.

2 comments:

Edgar said...

Hello. My name is Edgar and I'm an editor at OpposingViews.com, the debate website. Since we both cover health issues, I thought I'd drop you a note. I would've e-mailed you but I couldn't find an address.
See, we're currently having a discussion about whether the U.S. should have universal healthcare. See it here: http://www.opposingviews.com/questions/should-arkansas-pass-the-unmarried-couple-adoption-ban/
Although vetted experts are the ones doing the debating, anyone can contribute by choosing a side and posting comments about the experts' arguments.
Check it out and, if you have the time, let me know what you think at edgar@opposingviews.com
Thanks!

Jim Sabin said...

Hello Edgar

Thanks for the information on the OpposingViews site. The debate forum is a very appealing idea - it's the essence of democratic process.

Re the universal health care debate, I see that it is really about the single payer proposal for achieving universal coverage. As to whether the U.S. should have some form of universal coverage itself, I don't see that as a topic worth debating. The only rational answer is "yes." The challenging questions, like the one on Opposing Views, are about the pros and cons of different means of attaining the end of universal coverage.

Again, thank you for the link to your very worthwhile project!

Best

Jim