Massachusetts AG Presses Pharmacies About Collection and Use of Vaccine Patient Data

The Massachusetts Attorney General, following up on a letter from EPIC and a coalition of civil society groups, wrote to major pharmacies today seeking details about their collection and use of personal data from COVID-19 vaccine recipients. The federal government is coordinating with retail pharmacies to facilitate vaccine distribution. But as EPIC and coalition partners warned last month, some pharmacies "are requiring patients seeking access to the vaccine to register through their existing customer portals, which in turn exposes patients to broad personal data collection and marketing." The Massachusetts AG letter calls on pharmacies to explain what personal data they collect from vaccine patients, what disclosures they make, whether the pharmacies will use the data for commercial purposes, and whether the data is being stored separately from general customer information. "[A]ccess to life-saving vaccines should not be conditioned on a consumer's consent to provide personal data not necessary for the vaccination administration," the AG's letter explains. "Nor can consent to such data collection or marketing be presumed based on a consumer's desire to obtain a vaccination." The CDC recently issued a directive prohibiting health providers "from using any data gathered in the course of their participation in the CDC COVID-19 Vaccination Program, including any Protected Health Information or other Personally Identifiable Information, for commercial marketing purposes." EPIC and coalition partners also asked officials in California, Illinois, New York, and the District of Columbia to investigate and prevent pharmacies from putting vaccine patient data to commercial use.