Skip to content Skip to navigation

Study: Patient Data at Risk in Walgreens’ New Pharmacy Setup

September 25, 2013
by Rajiv Leventhal
| Reprints

A redesigned pharmacy setup at Walgreens could result in widespread violations of patient privacy, according to a study by the labor union-funded group, Change to Win Retail Initiatives.

As pharmacies rapidly expand their healthcare services, America’s largest drug chain, Walgreens, is beginning to remove pharmacists from their traditional work area and placing them at a desk “out in front” of the counter. The stated purpose of the model, branded “Well Experience,” is to make pharmacists more accessible to patients and broaden the focus of the pharmacy by expanding services Walgreens can offer in its drug stores, such as vaccinations and acute and primary care.

Change to Win Retail Initiatives investigated Well Experience pharmacies in Illinois, Indiana and Florida—three of the largest markets for the new model—in June, July and August 2013, and found that patient information was left unattended and visible to anyone in the pharmacy at 80 percent of stores visited. This included sensitive information about patients’ prescriptions and medical histories, which pharmacies are required under federal law to protect.

Additionally, over the course of 32 hours of observation, field researchers noted 442 individual interruptions or distractions to pharmacists, and more than a third of these were specific to the pharmacist’s new location in the Well Experience model. Research suggests that interruptions and distractions are related to increased medication errors.

And in 46 percent of stores visited, prescription medication was left unattended on or near the pharmacists’ desks, within the reach of customers in the pharmacy waiting area. Insufficiently secured prescription drugs were frequently bottled and labeled for patients and included leaflets containing private health information.

Based on the study’s findings, Change to Win Retail Initiatives filed a complaint alleging numerous breaches of the Healthcare Insurance Portability and Accountability Act (HIPAA) with the U.S. Department of Health and Human Service’s Office of Civil Rights (OCR).

Walgreens officials have yet to respond to a request for comment.



EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.

Healthcare Organizations Again Go to Bat for AHRQ

Healthcare organizations are once again urging U.S. Senate and House leaders to protect the Department of Health and Human Services’ Agency for Healthcare Research and Quality (AHRQ) from more budget cuts for 2017.

ONC Pilot Projects Focus on Using, Sharing Patient-Generated Health Data

Accenture Federal Services (AFS) has announced two pilot demonstrations with the Office of the National Coordinator for Health Information Technology (ONC) to determine how patient-generated health data can be used by care teams and researchers.

Is it Unethical to Identify Patients as “Frequent Flyers” in Health IT Systems?

Several researchers from the University of Pennsylvania addressed the ethics of behavioral health IT as it relates to “frequent flyer” icons and the potential for implicit bias in an article published in JAMA.