Skip main navigation
Close Drawer MenuOpen Drawer Menu
APA Publishing Logo

The American Psychiatric Association (APA) has updated its Privacy Policy and Terms of Use, including with new information specifically addressed to individuals in the European Economic Area. As described in the Privacy Policy and Terms of Use, this website utilizes cookies, including for the purpose of offering an optimal online experience and services tailored to your preferences.

Please read the entire Privacy Policy and Terms of Use. By closing this message, browsing this website, continuing the navigation, or otherwise continuing to use the APA's websites, you confirm that you understand and accept the terms of the Privacy Policy and Terms of Use, including the utilization of cookies.

×
Back to table of contents
Professional NewsFull Access

Internet Anxiety Real for Some Patients on Prozac

Published Online:3 Aug 2001https://doi.org/10.1176/pn.36.15.0005

Eli Lilly and Company, manufacturer of one of the world’s most widely prescribed antidepressants, was trying very hard to wipe the egg off its face last month.

The maker of Prozac admitted early last month that it had accidentally sent out an e-mail message that included the e-mail addresses of more than 600 individuals who participate in a program in which the company forwards messages about Prozac. Messages can include such information as reminding participants to adhere to their drug regimen and renewing prescriptions. None had given the company permission to release e-mail identities.

The victims of the confidentiality breach, most of whom had diagnoses of depression, obsessive-compulsive disorder, or an eating disorder, had signed up for the Lilly program voluntarily. It is not known whether all the participants use Prozac.

The two-year-old program apparently had operated without major security glitches until June 27, when messages that were supposed to be sent as individually addressed e-mails were instead sent en masse so that every recipient could read the e-mail addresses of all the other program participants.

Lilly spokesperson Laura Miller attributed the confidentiality breach to a computer programming error and emphasized that the company was instituting procedures that would prevent such a mistake from happening in the future. One of these steps is to put the Prozac e-mail program on hold until security procedures are tested, Miller noted.

“We take [patient privacy] very seriously,” she said, in offering the company’s apology for the e-mail error.

Another Lilly spokesperson, Anne Griffin, said that Lilly is now using a software program that blocks e-mails that go out from its Web site addressed to more than one person.

“We’ve always been sensitive to privacy issues, particularly related to the Internet, but since the error occurred, we’ve used this as an additional opportunity to heighten that sensitivity even further with our employees,” said Griffin.

Griffin declined a request from Psychiatric News to provide the text of its e-mail apology because Lilly considers the communication confidential.

Privacy advocates who have long warned about the leaky nature of computer security walls and of the role human error can play in breaching them, were predictably appalled at the problem at Lilly. On July 3 one of those advocate organizations, the American Civil Liberties Union, called on the Federal Trade Commission to look into whether Lilly had violated any trade laws that govern a company’s use of customer information, according to a report in the Washington Post. The ACLU’s letter to the agency said it believes Lilly’s actions may “constitute unfair trade practices.”

APA President-elect Paul Appelbaum, M.D., who has testified before Congress on the need for strict patient privacy protections, saw two critical lessons in Lilly’s e-mail error. First, when computer programs allow people to aggregate medical information about large numbers of people, “there is always a serious risk of widespread confidentiality breaches, which multiply exponentially,” Appelbaum told Psychiatric News. “This suggests the need for great caution in using databases of all kinds.”

The second lesson he drew from this privacy violation is that the federal government’s newly implemented rules mandated by the Health Insurance Portability and Accountability Act (HIPAA) have only begun to address medical confidentiality concerns. As is the case with all pharmaceutical companies, Lilly is not covered by the privacy regulations in HIPAA.

“Nothing in the act prevents Lilly from collecting and disseminating this type of patient information in the future,” Appelbaum stressed.

The chair of the APA Committee on Confidentiality, Margo Goldman, M.D., said that out of concern that just this type of breach could easily occur, she always advises patients “to proceed with caution” if they are contemplating signing up for such a program.

“The program may be presented under the guise of disease management,” she said in an interview with Psychiatric News, “but its real intent is product promotion and marketing.” ▪