Florida’s insurance regulator is demanding detailed prescription data on millions of patients, raising alarms over patient privacy.
In January, the Florida Office of Insurance Regulation asked pharmacy benefit managers — companies that manage prescription drug plans — to hand over highly personal data about prescriptions filled in the state last year.
The data request includes the patients’ full names and dates of birth, names of medications filled and doctors they’ve seen.
It’s unclear why the state wants these details. In a letter to one benefit manager reviewed by The New York Times, the regulator said Florida needed to check whether pharmacy benefit managers are following a 2023 state law that aimed to lower drug prices.
But employers and others say the request could expose highly sensitive health data to misuse.
“You don’t need such granular patient information for purposes of oversight,” Sharona Hoffman, a health law and privacy expert at Case Western Reserve University, told The Times.
“You have to worry: Is the government actually trying to get information about reproductive care or transgender care or mental health care?” she added.
The data demand comes at a time when Florida has passed strict laws restricting abortion access and transgender care.
These laws require that doctors dispense abortion pills in person and limit access to gender-affirming care for minors.
Florida’s data request could, in theory, be used to check whether doctors are following these laws — although the state has not said whether that’s the reason, The Times reported.
The American Benefits Council, which represents 430 large employers and service organizations, said the request “violates the health privacy and security of millions of Floridians,” and that the state had failed to clearly outline its authority or reasons for the action.
“We have a duty to employees and their data,” Katy Johnson, the president of the council, said in an interview.
Shiloh Elliott, a spokeswoman for the Florida Office of Insurance Regulation, said the objections “are clearly from those who do not want to be regulated or have any oversight in their industry.” She added that the office “will continue to request data in the best interest to protect consumers.”
Elliott added that concerns “should be addressed to the actual health care insurance companies that have had countless data breaches exposing millions of Americans’ sensitive information.”
Experts say Florida already has access to prescription data for Medicaid patients, but that data is usually tightly restricted to staff who need it.
Joseph Shields, president of Transparency-Rx, a trade group for smaller benefit managers, called Florida’s request “pretty expansive and unprecedented.”
Rosa Novo, benefits director for Miami-Dade County Public Schools, which provides health insurance to about 45,000 people, told The Times she supports efforts to reduce drug prices — but not at the expense of their privacy.
“My doctor is the only one who should know that,” Novo said.
More information
The U.S. Department of Health and Human Services has more on the HIPAA Privacy Rule.
SOURCE: The New York Times, March 5, 2025
Source: HealthDay
Copyright © 2025 HealthDay. All rights reserved.
