The American Society for Pharmacy Law (ASPL) is an organization of attorneys, pharmacists, pharmacist-attorneys and students of pharmacy or law who are interested in the law as it applies to
pharmacy, pharmacists, wholesalers, manufacturers, state and federal government and other interested parties.

ASPL is a nonprofit organization with the purposes of

  • Furthering knowledge in the law related to pharmacists, pharmacies, the provision of pharmaceutical care, the manufacturing and distribution of drugs, and other food, drug, and medical device policy issues;
  • Communicating accurate legal educational information; and
  • Providing educational opportunities for pharmacists, attorneys, and others who are interested in pharmacy law

Latest News

April 5, 2021

Concerns expressed over pharmacy chains’ gathering of customer data when scheduling vaccinations
According to a report by Politico, privacy advocates are pressing for oversight on how pharmacy chains use customer data obtained from patients seeking COVID-19 vaccinations. Many chains require patients to provide phone numbers and e-mail addresses at the point of booking an appointment, while others, reportedly including Walgreens, Sam’s Club and Walmart, and Health Mart pharmacies, “require that people create online user accounts before they can search their websites for still-limited vaccine appointments.”

According to the report, the online appointment portals often fail to make explicit how the companies will use the customer information. Some watchdog groups and members of Congress have expressed concern that the pharmacies will later use this data for marketing products related to the vaccinations, such as ibuprofen. Also, some customers may unwittingly join pharmacy loyalty programs.

The Electronic Privacy Information Center sent a letter “urging a group of Democratic state attorneys general to investigate how major pharmacy retailers are using data from Covid vaccine sign-ups.” One letter was linked to in the report, sent to Karl Racine, AG for the District of Columbia, specifically focusing on CVS, and urging him to “require CVS pharmacies to: 1. Refrain from automatically enrolling vaccine registrants in any marketing database; 2. Collect and use only the minimum data that is necessary to facilitate administration of the vaccine; and 3. Segregate vaccine registrant data from all commercial and marketing databases.” [Center for Digital Democracy et al. Letter to Karl A. Racine, 2021 Apr 2;]

The authors did note that although the companies could use the data to provide patients with certain information on related clinical services, other forms of use of this data for marketing are restricted under HIPAA. A privacy attorney was quoted as saying that “I don’t want to dismiss people’s privacy concerns, but this just seems part and parcel of what pharmacies do on a daily basis. As long as the outreach is in the confines of the [HIPAA] privacy rule, they may make that outreach.”

A CVS spokesperson said “the company is now using customer data for Covid vaccinations just for appointment confirmations and reminders, but he said that using that information for marketing is ‘an option for the future. ... What I can say generally about our patient programs is that they’re opt-in, so everything we do is with the consent of our customers.’” [Ravindranath M,  Luthi S. Pharmacies score customer data in vaccine effort. Some are crying foul. Politico 2021 Apr 3;