1. Did Giant violate HIPAA? Did Elensys? Why/why not?
According to HIPAA Health privacy rule, an individual’s private information can be disclosed to a business associate (a third party that provides services on behalf of the entity on contractual basis) and only needs customer approval in case of marketing communications. Given the fact that the partnership with Elensys was solely focused on prescription compliance and avoided any sort of DTP marketing communications, neither Giant Food nor Elensys blatantly violated the HIPAA. Elensys in this case does not represent an outside party but a qualified inside agent, therefore limiting further the perils of information spillage. Giant Food took also additional security measures when building the information database, splitting the information in two and placing a high level of protection against unwanted leakage. Elensys did not own or receive complete private medical information about individuals. These actions were meant to assure that the business associate, in this case Elensys, will properly protect the information as required by HIPAA.
The evident flaw in the course of actions of Giant Food would be the initiation of the compliance program without prior obtaining the consent of its customers as dictated per law. It is also not clear how much information was disclosed about the privacy rights and practices to the customers. However, they were duly informed about the program before its start, and were given an easy and accessible way to opt out. Moreover, it was believed that the ethical issues arising from sharing private medical information would be soon overshadowed by the direct and undoubted benefit of the compliance program for both customers and pharmacies. I therefore consider that no direct violation of the HIPAA was committed, with only obvious ethical issues constituting the body of the problem.
2. What course of action should Giant take given the Washington Post article? Be specific.
The Washington Post is a reputable publication, with at least 800,000 readers at the time of the article’s publication. Therefore, such an article would have a high resonance and impact on the company’s brand and perception amongst customers. Immediate actions should be taken in order to reverse any damage to the image, before a significant number of clients are lost in the process.
Throughout the history of Giant, the customer’s interests were always a priority for the company, and the corporate culture was built around the motto – “There is nothing too good for the Giant customer”. Therefore in such a sensitive matter, involving customer privacy and ethics in medicine, Giant Food has to retreat and abandon the prescription compliance program. Moreover, the outsourcing of services goes against the “keep it in the family” strategy adopted by Giant, who was one of the first to successfully combine the food and pharmacy aspects.
A public apology has to be issued with personalized justifications and assurance to the customers that complained directly about this issue. The apology should explain that the reasons for the initiation of such a program came from the desire of improving customers’ lives, and that Elensys was not affiliated with any pharmaceutical manufacturer that would incur personal benefits. Moreover Giant Food took particular care in safeguarding the customer’s privacy by undertaking severe measures like avoidance of “controversial” drugs and dubious programs, the creation of a complex information database system and inclusion of tight contractual obligations with Elensys as well as strict monitoring of processes. All these should alleviate the impact on Giant Food’s image and portrait the company as greatly concerned with customers’ well-being and preferences. The general trust level for marketing firms in matters of confidentiality, when it comes to private medical records of individuals, is extremely low. By immediately retreating from this program, Giant Food will only show their responsiveness and deep acknowledgement of customer’s opinions.
The contract with Elensys should be terminated immediately, taking care that the provided information is erased from their database. Customers should be assured that no such actions will further be initiated without their consent and desire.
3. What is Fair’s role in these actions?
Russell B. Fair is the Vice President of Pharmacy Operations for Giant Foods Inc. and it was him who initiated the prescription compliance program at his company. Moreover, he made the decision to partner with Elensys based on his professional reasoning, and closely supervised the negotiation of agreements with pharmaceutical companies. Therefore, he is one of the main figures in the development and application of further actions, after the scandal break-off. It is him who has to issue the public apology as well as provide additional information about the intended prescription compliance program safety levers, as to disseminate its dramatic portrayal already done in the press. Together with other VPs Mr. Fair has to quickly build a new strategy and erase the remaining of this unfortunate experiment, as to avoid customer loss and backlash.
Works cited
Jones, Alex S. "The Media Business; Washington Times Moves to Reinvent Itself." The New York Times. The New York Times, 27 Jan. 1992. Web. 18 Apr. 2012.
Piccoli, Gabriele. "Chapter 13: Security, Privacy and Ethics." Information Systems for Managers: Text & Cases. John Wiley & Sons, 2012. Information Systems for Managers: Text & Cases. John Wiley & Sons. Web. 18 Apr. 2012.
