Information about the medications doctors prescribe is supposed to be confidential. According to one report, such data isn't always sufficiently anonymous, helping pharmaceutical companies better market their products.
Are US data specialists able to track doctors' prescriptions back to their patients? This is a question many Germans are now asking following a report in German news magazine Der Spiegel.
It is not about US government surveillance activities but rather about a thriving business in trading prescription data.
Pharmaceutical companies are naturally keen to acquire information on doctors' prescriptions for commercial purposes. Because prescriptions are confidential, any data they contain must be forward anonymously in Germany to so-called pharmaceutical datacenters.
'Something is fundementally wrong'
These centers settle with health insurance companies on behalf of pharmacies. They collect prescriptions, sort and scan them and then inform health insurance companies how much money the pharmacies should be reimbursed.
But there is more to it, Spiegel has learned. The pharmaceutical datacenters, according to the magazine, crunch the data further and then sell it to medical research companies. These companies compile the data in studies, which they, in turn, sell to drugmakers.
According to Spiegel, something is fundamentally wrong at the VSA pharmaceutical datacenter in southern Germany, one of the country's largest. There, prescription data is not anonymous but rather contains a pseudonym in which the name of a patient is replaced with a life-long code. And that data goes to IMS Health in the United States, a giant in the medical market research sector, according to Spiegel.
"This is a scandal, a long-term scandal," said Thilo Weichert, data protection commissioner of the German state of Schleswig-Holstein. "I view it as any data protection expert would - namely, that replacing the name with a number is not anonymous and that such mapping is not only possible but intended," he told DW.
Highly valuable information
The Bavarian Data Protection Agency, which is responsible for VSA, has a different view, however. President Thomas Kranig defends VSA's handling of prescription data. "The data that is generated is encrypted in such a way that the prescription behavior of the doctor or the patient can't be tracked," Kranig told DW.
But traceable data is exactly what pharmaceutical companies want, according to Roland Holtz, a former pharmaceutical representative. The prescription behavior of doctors is highly valuable information for these companies, he said.
Pharmaceutical companies can only make recommendations to doctors who, ideally, prescribe their drugs. Before they had access to prescription data, the companies had no way to determine how successful their salespeople were in marketing their products to doctors.
Trading prescription data changed that, according to Holtz. "The industry was absolutely thrilled because it was now able for the first time to see how successful their pharma reps were," he said. The information, he added, could be broken down into regions, each containing about 300,000 inhabitants.
"The marketing pressure continued to grow in the pharma industry, with companies seeking more and more detailed data," Holtz said. As a result, the tracked regions became smaller so that it was easier to trace where certain drugs were prescribed. The doctors could also be more easily identified.
In 2007, however, German lawmakers intervened and required that the regions had to comprise at least 300,000 inhabitants or 1,300 doctors.
What has become increasingly valuable to drug companies is information that allows prescription behavior to be mapped to individual doctors. And this is possible with data that is not sufficiently anonymous.
"It is obvious that this data was used by the pharma industry to send reps to doctors to sell specific drugs," said Weichert. "That is the aim of this data processing, which the anonymous data is supposed to prevent."
Some centers respond
VSA has called Spiegel's allegations "simply wrong." IMS Health also claims that it receives no personal information from the German pharmaceutical datacenter. Yet many people are critical of VSA's anonymous data policy.
The NARZ pharmaceutical datacenter in northern Germany has meanwhile stopped transferring the controversial pseudonym codes, as has the center in Berlin. In the German state of North Rhine-Westphalia, data protection authorities have gone to court over their concern that data is insufficiently anonymous.
But in Bavaria, everything can remain the same, in the eyes of the state's data protection commissioner Kranig. "The fact is," he said, "there are different views on the issue of anonymous data and the necessary requirements."
Luxembourg has stalled European Union efforts to crack down on tax evaders. Finance ministers from EU countries have though made progress on setting up an agency to control rogue banks.
Crimea's Parliament has said if the region votes to join Russia it'll declare itself independent and propose to become part of Russia. Europe's security and democracy watchdog has called the upcoming referendum illegal.
The European Parliament will vote on an action plan on the future of data protection in the EU on Wednesday. Despite allegations of mass surveillance, the package may be rejected.