Privacy Assessment Services for Pharma Marketing Partners

One fateful day in June, 2001, an Eli Lilly employee -- untrained in privacy-safe practices -- created a new computer program to access Prozac medication alert subscribers' e-mail addresses and sent them an e-mail message announcing the termination of the service. The e-mail message included all of the recipients' e-mail addresses within the "To:" line of the message, thereby unintentionally disclosing to each individual subscriber the e-mail addresses of all 669 subscribers.

This breach in privacy led to Lilly becoming the first major pharmaceutical company to settle an online consumer privacy complaint with the FTC. (See "Eli Lilly Settles FTC Charges Concerning Security Breach"). The consent decree, which remains effective until 2022, requires that Lilly and its "agents…acting within the scope of their authority on behalf of, or in active concert or participation with, Eli Lilly and Company" abide by a four-part information security program (for more information, see "The FTC-Lilly Consent Decree: What it Means for PHARMA Vendors and Partners").

By "agents," FTC means pharmaceutical marketing partners such as interactive agencies that build and maintain Web sites, direct marketing agencies, fulfillment centers, market researchers, etc. ...any company that collects, manages, and uses personal consumer information on behalf of pharmaceutical companies for marketing purposes.

If you are one of these agents/partners and wish to work for Lilly -- or, for that matter, any other pharmaceutical company -- it behooves you to carefully upgrade your own privacy and security practices in order to maintain a competitive advantage as well as pass muster with pharmaceutical companies that are likely to invoke "privacy due diligence" when selecting providers.

To help small and large vendors to the pharmaceutical industry prove that their privacy practices meet the highest standards established by the Lilly-FTC decree, VirSci offers a Privacy Assessment Service that includes the following services:

  • Help in answering self-assessment questionnaires from pharmaceutical companies (Lilly requires all partners to fill out one).
  • Upgrading your standard operating procedures (SOPs) to comply with privacy best practices
  • Gap analysis of your current privacy and security procedures to determine changes necessary to comply with SOPs
  • Training personnel in privacy awareness and SOPs

Read about VirSci's Privacy & HIPAA Compliance Practice (pdf) to see what we do for you.

A Scenario You May Need to Prepare For

A marketing agency is ready to pitch a proposal to a major pharmaceutical company on a new project. But, at the last minute, the account manager gets a 20-page "Privacy Assessment" questionnaire from the Chief Privacy Officer of the pharma company. The assessment asks about the agency's privacy and security practices for handling consumer data and training personnel. It also wants to know about the agency's written Standard Operating Procedures (SOPs). The problem is, the agency doesn't have any written SOPs!

DON'T WAIT FOR THIS TO HAPPEN TO YOU!

PREPARE NOW! LEARN WHAT YOU NEED TO DO TO CERTIFY THAT YOU ARE COMPLIANT WITH PRIVACY AND SECURITY STANDARDS DEMANDED BY PHARMACEUTICAL COMPANIES.