(NaturalNews) The CVS/pharmacy corporation recently launched a new pharmaceutical marketing scheme that pushes customers to fill more drug prescriptions at its stores by enticing them with cash prizes and other rewards, an initiative that is now part of the company's "ExtraCare Rewards Program."
But a recent investigation by the Los Angeles Times (LA Times) reveals that, in order to enroll in the new program, customers must first surrender their medical privacy rights protected under HIPAA by signing them away.
Known formally as the Health Insurance Portability and Accountability Act, HIPAA was originally enacted by Congress to guard individuals' private health information from being sold, shared, or otherwise exploited by the medical industry or third parties. HIPAA's Privacy Rule specifically governs how private health information can be accessed and used legally, restricting it in such a way as to allow health providers access only to what they actually need in order to provide reasonable care, while protecting the rest.
You can read a summary of how HIPAA's Privacy Rules affect you here:
But CVS has apparently devised a way to bypass these protections by tricking its customers into signing away their HIPAA protections in exchange for store credits. According to the CVS ExtraCare Rewards signup page, all customers must "sign a HIPAA Authorization to join," a process that CVS fails to explain involves customers completely giving up their right to medical privacy. CVS discreetly admits this later on in the last step of the process, where customers are required to acknowledge that their "health information may potentially be re-disclosed."
"CVS takes the liberty of assuming you know that HIPAA and the 'federal Privacy Rule' are one and the same, although it has nowhere made the connection clear," writes David Lazarus for the LA Times about the final step in the signup process, which explains to customers that they are no longer protected by the federal Privacy Rule. "The company also assumes you are aware of what it means to no longer be protected by HIPAA, although, again, it hasn't spelled out the implications of giving up your HIPAA rights."
"We do not require customers enrolling in wellness+ to waive their HIPAA privacy rights because we do not disclose or share patients' medical information enrolled in this program," said Ashley Flower, a spokeswoman from Rite-Aid, to the LA Times about her company's prescription rewards program. Likewise, Walgreens does not require its customers to sign away their HIPAA protections in order to enroll in its Balance Rewards program.
So why does CVS demand that its ExtraCare Rewards customers relinquish their medical privacy rights? CVS spokesman Mike DeAngelis refused to say, according to the LA Times, nor would he divulge with whom the company feels it should be allowed to "re-disclose" customers' private medical information.
What this means for the general public, in other words, is that enrollment in the CVS ExtraCare Rewards program is an enormous sacrifice and privacy risk, and one that is clearly not worth a lousy $5 cash reward for every 10 prescriptions filled.