Bass, Berry & Sims attorneys Shannon Wiley and Jaime Barwig authored an article for Pharmaceutical Executive summarizing the California Consumer Privacy Act’s (CCPA) key impacts on business practices related to data flow in specialty pharmaceutical channels, including feedback on areas of particular note for drug manufacturers, specialty pharmacies, insurance companies, data aggregators, and hubs. The CCPA took effect January 1, 2020 and establishes the most stringent comprehensive data privacy protections in the United States and gives individuals more control over how companies collect and manage individuals’ personal information, including patient information. As the authors point out, certain “complexities can make it challenging to determine whether the CCPA applies to certain data sets, and if it does, what are the organization’s compliance responsibilities. As a result, close attention should be given to the data types managed by your organization, including an assessment of whether it qualifies as PHI [personal health information] under HIPAA or medical information under the CMIA [California’s Confidentiality of Medical Information Act], or if your organization is holding ‘patient information’ as a HIPAA-covered entity or CMIA-covered provider of healthcare.”

While there are still many unanswered questions about the CCPA’s reach and how the CCPA intersects with HIPAA, Shannon and Jaime provide some insight into how companies within the specialty pharmacy industry could be impacted. They also provide some practical examples common within the industry and how CCPA applies, such as hub drug adherence calls, analytics on pharmacy-provided patient information, and employee records.

The full article, “California Law Requires Legal, Compliance Scrutiny to Maintain Pharma Data Sharing,” was published on January 6, 2020, by Pharmaceutical Executive and is available online.