Jacob M. Appel, M.D., J.D.

Concern over “doctor shopping”—the practice of obtaining prescriptions for controlled substance from multiple physicians under false pretenses—has led to a complex patchwork of state laws to track and punish abusers.  At the federal level, the Uniform Controlled Substances Act of 1970 prohibits patients from obtaining scheduled medication through “misrepresentation, fraud, forgery, deception, or subterfuge.”  All fifty states have also adopted anti-shopping statutes, although these vary considerably.Hawaii, for instance, only criminalizes the practice if the total dose of medication obtained exceeds what a single practitioner might prescribe for a valid medical purpose; Maine requires patients to reveal specific details of prior prescriptions, including the number of refills available. More recently, states have begun to create databases through which duplicate prescriptions can be monitored.  At present, every state except Missouri has established such a tracking system.  One of the reasons lawmakers in Missouri have resisted such a proposal is concern for patient privacy, particularly fears that the data might be used for extraneous purposes. Now a lawsuit by the American Civil Liberties Union (ACLU) seeks to determine whether patients retain a privacy right in prescription information.

The ACLU has brought suit in Oregon on behalf of a physician and four patients, opposing the Drug Enforcement Administration’s (DEA) practice of subpoenaing data from that state’s Prescription Drug Monitoring Program (PDMP) without a judicial warrant. The plaintiffs argue that revealing their prescription information will expose intimate details of their medical records including HIV status and a history of psychiatric illness. In contrast, the DEA claims that by voluntarily revealing their prescription data to a third party, namely the state of Oregon, patients waive any expectation of privacy under the Fourth Amendment.  The case may boil down to the question of whether revealing such information, in the context of requesting treatment from a physician or pharmacist for significant illness, can truly be considered voluntary, or reflects instead enough duress that the so-called “third party doctrine” no longer applies.

Whether or not the DEA has a legal right to examine this data, the decision to do so raises troubling policy concerns. The primary purpose of the database, after all, is to ensure that scheduled medications are used safety to further the public health. Yet if law abiding citizens do not feel their private health care information is secure, they may withhold personal information from their own providers—precisely the sort of misrepresentation that the databases are designed to combat.
 
States have already come under considerable criticism for selling de-identified prescription information from data bases—although such a practice is permitted under HIPPA—especially as researchers have demonstrated uncanny abilities to re-identify these patients based on such details as medical condition, provider and zip code.  The additional fear that the DEA will tap into one’s records, without probable cause, risks creating yet another layer of distrust between patients and their physicians.