Our principal concern with iPledge is that the FDA has failed to set privacy standards for the iPledge program [2] or for similar programs that mandate patient tracking. As a result, the iPledge registry has privacy shortcomings that may potentially impact the individuals who take Accutane or Isotretinoin generics.
The FDA has not paid attention to privacy standards that should be applied to RiskMAP programs. Unfortunately, this lack of FDA attention has resulted in inappropriate and unethical marketing to patients using patient information gathered for treatment purposes. If these marketing activities were being conducted by HIPAA-covered entities, the activities would be illegal. These activities may well be illegal in California, which has a strong state-level medical privacy law that goes beyond HIPAA.
FDA privacy standards – RiskMAPs – World Privacy Forum executive director Pam Dixon testified at an FDA/AHRQ joint public workshop about the need for the FDA to set robust privacy standards for drug risk minimization programs, which are put in place for drugs the FDA has determined to be high risk in some way. Drug risk minimization programs (like the iPledge program for the acne drug Accutane) are not typically covered by HIPAA, and some programs have a privacy policy that allows marketing use of patient information collected as part of the risk program. This kind of marketing activity would not be allowable if the programs fell under HIPAA, and Dixon’s testimony stated that patients in these programs should have the same kinds of privacy protections as HIPAA covered programs, and that marketing activities involving patient information should not be allowable in these programs.