A retinal scan to verify that the person filling the prescription is the same person it was prescribed to, patient data sent over encrypted communications to check for drug interactions and preventing doctor shopping--all of this information, plus some, in a statewide database. This could be the future of medicine access control.
Colorado lawmakers want to make medication dispensing more secure by establishing a new medical database and requiring
biometric verification when patients fill prescriptions, but critics of the plan worry that with the amount of data lawmakers want to collect, information breaches could be more damaging to patients than ever before.
HB12-1242 is under consideration by the Colorado General Assembly. If passed into law, the bill would require doctor’s offices and pharmacies to install biometric scanning devices to verify a person’s identity before dispensing prescription drugs or restricted over the counter items. The scanning devices would be used “to obtain a biometric scan of a person’s biometric identifier, such as a fingerprint or retinal scan, and to submit the scan to the database.” The bill is sponsored by Reps. Ken Summers and Tom Massey and Sen. Betty Boyd who say it is “necessary for the immediate preservation of the public peace, health, and safety.” The technology to implement the biometric verification will be donated to the state by Biotech Medical Software Inc. if the bill passes.
“One of the reasons [for HB12-1242] was to prevent doctor shopping by patients. Once you scan your finger when you’re at the pharmacy, all the medicine you should have, and your doctor’s visits or your medications would come up. They’re made aware at the doctor’s office and also at the pharmacy. If you have any medication that could create harmful interactions they’d be aware of that and where it was prescribed,” said a staffer from Summers’ office on Monday.
Summers’ office also says it would help confront
Colorado’s meth problem by providing additional safeguards against people trying to obtain large amount of medications used to make meth.
“We see the future of America going in that direction, so we could be a leader by getting on board with that
technology and software,” the aide said.
Before prescribing or dispensing medication, medical providers would be required gather to information including the prescribing doctor’s name, office address, medication instructions, and the name and address of the patient, in addition to their biometric identifier -- a fingerprint or retinal scan. In other industries, facial and
vein recognition have also been used for verification.
The patient’s data would be converted into a unique identifier and sent (encrypted) to the pharmacy. Only the receiving pharmacy could decrypt the information. That’s how it should work. But privacy advocates say gathering so much data would provide dangerously detailed information about patients if hackers decided to target the database.
Linda Gorman and Amy Oliver of the Independence Institute, a conservative think tank based in Colorado, say mandating fingerprints and taking retinal scans forces people to choose between getting adequate medical care and privacy.
“Data kept in paper files in separate offices is hard to steal. It becomes insecure when it is uploaded to an electronic database,” they wrote in a joint letter to The Gazette. “Under that bill, you won’t be able to get prescription medications or controlled over-the-counter medications without providing a biometric identifier…. Failure to comply would be a Class 1 misdemeanor, a crime as serious as the possession of child pornography or third degree assault.”
Steve Siegel, CEO of Biotech Medical Software said the company developed the technology not to mine data, but to plug holes in the prescribing process that allow drugs to be obtained illegally.
“We’ve discovered some flaws in the State of Colorado that some people don’t realize,” said Steve Siegel, CEO of Biotech Medical Software by phone on Monday. “For example, their Prescription Drug Monitoring Program (PDMP) doesn’t require ID verification for someone to fill a prescription so a lot of information in the system is probably erroneous. And most pharmacies don’t require ID. They just ask for the person’s address verbally…Why is it called a controlled substance if you you’re not verifying who’s getting it?”
Siegel says it impacts people trying to fill prescriptions legally too. “If a patient forgets their apartment number and the pharmacist just enters the building number, well that patient could be denied a prescription because someone else is using that address,” he said.
Gorman worries that the biometric database will be combined with other databases to dictate they type of health care people can get. "Our concern is that they will eventually link these [biometric] databases to something you can't opt out of...[this bill would require] I have to give them something before I get health care that I didn't have to before because they're bad at monitoring their programs?"
The biometric system and database would also provide data in real time. “Federal law requires verification for pseudoephedrine, but it’s not in real time. So once they arrest you, they look back at the record to build a case against you. Our system would tell a pharmacy or doctor right then where that medicine was filled already,” he said.
Siegel says the database would be completely anonymous. If someone was to hack the system, they would see a biometric signature and a medication, but not a patient associated with that information, he said.
Based on available government incentives for sending prescriptions electronically, Siegel says he sees biometric prescribing going nationwide by 2014.
Gorman hopes not. "They're wanting people to do this for a prescription when they don’t even require ID to vote? Are they going to have retinal scans on the vending machines that hold Plan B?"
Lawmakers will discuss the bill on Thursday. The hearing will be broadcast live on the Colorado General Assembly Web site.