J Am Med Inform Assoc doi:10.1136/amiajnl-2012-001123
  • Perspectives

Sorrell v. IMS Health: issues and opportunities for informaticians

  1. Bonnie Kaplan4
  1. 1Global Business Solutions, Mayo Clinic, Rochester, Minnesota, USA
  2. 2Department of Medical Informatics & Clinical Epidemiology, Oregon Health and Science University, Portland, Oregon, USA
  3. 3Bioethics Program, University of Miami, Miami, Florida, USA
  4. 4Yale University, New Haven, Connecticut, USA
  1. Correspondence to Carolyn Petersen, Global Business Solutions, Mayo Clinic, 200 First Street SW, Rochester, MN 55905, USA; petersen.carolyn{at}
  • Received 23 May 2012
  • Accepted 5 October 2012
  • Published Online First 27 October 2012


In 2011, the US Supreme Court decided Sorrell v. IMS Health, Inc., a case that addressed the mining of large aggregated databases and the sale of prescriber data for marketing prescription drugs. The court struck down a Vermont law that required data mining companies to obtain permission from individual providers before selling prescription records that included identifiable physician prescription information to pharmaceutical companies for drug marketing. The decision was based on constitutional free speech protections rather than data sharing considerations. Sorrell illustrates challenges at the intersection of biomedical informatics, public health, constitutional liberties, and ethics. As states, courts, regulatory agencies, and federal bodies respond to Sorrell, informaticians’ expertise can contribute to more informed, ethical, and appropriate policies.


The ability to distribute, exchange, and use data from multiple sources is integral to clinical informatics, as well as to research, public health, quality improvement, and other healthcare operations. Patient safety is a fundamental goal of meaningful use, and drug safety is an important aspect of patient safety that can be advanced through clinical informatics.1 Trust and a sense that the use of personal health information beyond clinical care will be appropriate and reasonable is the foundation of patients’ willingness to interact with providers.

Advertizing of pharmaceutical products has received considerable publicity in the past 15 years as a result of regulatory changes allowing manufacturers to market prescription drugs directly to consumers. However, drug promotion and one-to-one marketing of prescription drugs to physicians (detailing) have existed for more than 60 years.2 Marketing, continuing medical education, and other interactions between industry and providers influence provider prescribing and professional behavior.3 In recent years, state legislatures have sought to regulate or restrict how the pharmaceutical industry interacts with physicians, particularly with regard to the use of provider information for drug marketing. This article examines one such effort to restrict the sale of prescription information and the potential implications for informaticians.

The law and the case

When pharmacies fill prescriptions, they collect detailed information including patient and provider names, drugs and the dosages and quantities prescribed, and the dates that prescriptions were filled. Under existing laws in nearly every US state, pharmacies can sell prescription information to data-mining companies once patient information has been de-identified to meet the standards of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).4 Data mining companies can aggregate prescribing records by provider and sell these reports to pharmaceutical companies, prescription drug marketers, and others. These data omit patient names and other unique identifiers, but contain prescribers’ names as well as information about the drugs they prescribe, that is the names of the drugs, their doses, and the frequency with which they are prescribed.

Vermont legislators sought to restrict the sale of prescription data for marketing purposes by restricting its sale through the prescription confidentiality law of 2006.5 This statute required data mining companies to obtain permission from individual providers before selling prescription records that included identifiable physician prescriber information to pharmaceutical companies for drug marketing. The legislation did not affect other uses of prescriber-identifiable information permitted under HIPAA, such as data use for research and public health monitoring. In response, data miner IMS Health, the Pharmaceutical Research and Manufacturers of America, and others challenged the constitutionality of the law. The US District Court ruled for Vermont,6 but the US Court of Appeals for the Second Circuit overturned the ruling (in a 2–1 decision).7 After the reversal, the State of Vermont sought US Supreme Court review. The US Court of Appeals for the First Circuit had previously upheld similar statutes in Maine8 and New Hampshire,9 and more than 20 US states have taken steps to limit the use of prescription information.10

At issue in Sorrell v. IMS Health, Inc. is whether physician prescribers have a right of privacy and whether that right takes precedence over a particular use of information or data (speech) for commercial purposes. Data miners claimed that the statutory restrictions on marketing infringed on their right to interface with their customers, at least in part because advertising in the past has enjoyed certain constitutional protection within the concept of free speech. Private speech has had broad protection throughout the history of the USA. In contrast, commercial speech has historically been afforded less protection. For example, in the 1980 case Central Hudson Gas v. Public Service Commission of New York the Supreme Court held that, to be protected, a governmental rule limiting commercial speech must concern lawful activity, directly advance a substantial government interest, and not be more extensive than needed to support that interest.11 In Sorrell, however, the court decided by a 6–3 majority that the Vermont law merited ‘heightened scrutiny’ because it restricts speech based on the speaker (pharmaceutical companies) and the message (marketing of brand-name drugs).12 The Supreme Court held that the constitutional test to be applied in Sorrell was, ‘the State must show at least that the statute directly advances a substantial government interest and that the measure is drawn to achieve that interest’. Although the Supreme Court speculated that broader privacy laws restricting information use, such as those found in HIPAA, would be constitutional, it is unclear how the Supreme Court will rule in future data use and information cases, which creates some uncertainty for informaticians.

Opportunities for informaticians

Changes in restriction on data use

One criticism of the test applied in Central Hudson is that judges are free to decide what forms of information delivery are covered under the First Amendment (provided that the speech is truthful), which can lead to inconsistent rulings.13 ,14 If other courts apply the more stringent review taken by the Supreme Court in Sorrell, data uses that previously would have been restricted may not be impermissible in the future, and data uses now permitted might be restricted. Therefore, if the courts apply the Sorrell test in future data use cases, it might ensure a more open data environment but could be good for informaticians. For example, fewer restrictions on the use of de-identified electronic health record data could facilitate the identification of medication adverse effects that now go unrecognized (although this objective may be achievable in ways other than providing greater access to prescriber information). At the same time, increased drug marketing to physicians and consumers could drive the use of branded prescription drugs, thereby increasing the cost of healthcare. (The American Medical Association's physician data restriction program (PDRP)15 allows physicians to withhold their prescribing information from pharmaceutical sales representatives, but does not prevent data mining for use by other pharmaceutical company employees or others. Also, PDRP does not cover non-physician providers with prescribing authority.) Had the Supreme Court upheld the Vermont law, it is possible that informatics activities now permitted might be subject to restriction or prohibition. As a result, the problems that Sorrell presumably sought to resolve through the Vermont statute are not likely to be effectively resolved by such a statute or by the PDRP.

Moreover, the Sorrell decision highlights the possibility that the particular use of health information (ie, research, population surveillance, marketing) might determine or guide the restrictions placed on such activity16 and legislators and courts—not physicians, nurses, and allied health professionals treating patients—are most likely to determine how health information can be used.

This issue is very close to the center of Sorrell, and it raises difficult and important ethical and policy questions. While clinicians and researchers are arguably best positioned to identify what they need and want to be most effective, society has an interest in balancing the values in play between patient rights and the legitimate needs of those who seek to make use of patient information. The question whether the state should have such authority is then to be answered by appeal to the best mechanisms for striking an optimal balance between values that are (sometimes) in conflict. It is worth suggesting in this context that ‘best mechanisms’ will be those that incorporate patient values. While the values and expectations of patients should be identified by empirical research, it is reasonable to hypothesize that most people in the capacity as patients are more inclined to support the use of their information to improve clinical care and advance its scientific mission than they are to agree that their information should be used to support industry marketing efforts.

Public health challenges

The government regulates the claims manufacturers may make about drugs, nutritional supplements, food, and other products Americans consume to manage and improve their health. If laws and regulations developed by government to ensure that manufacturers make accurate product claims and act in the public's best interest come under heightened scrutiny, public health goals such as smoking cessation may become more difficult to achieve.17 Some experts in public health law suggest that, as a result of Sorrell, manufacturers will challenge food and drug marketing regulations aimed at improving public health.18 ,19 For example, restrictions on advertising tobacco or other products linked to health problems to children may be the subject of litigation. In such a case, informaticians may need to adapt data collection instruments, research protocols, or related tools supporting public health and quality reporting initiatives. In the absence of comprehensive information about drug adverse effects, for instance, informaticians may implement data collection instruments capable of gathering larger quantities of more detailed data and analyzing collected data for relationships previously described by product manufacturers.

Drug and patient safety issues

When new medications reach the market, they go into use in a much broader population than that in which the drugs were tested, and adverse effects not reported in trials may be identified, as was the case with COX-2 inhibitors.20 ,21 Aggressive marketing of drugs through visits with targeted providers (drug detailing) changes prescribing patterns, increasing prescription of the promoted drugs.22 When new drugs are the subject of detail visits, patient exposure to adverse effects associated with the new medications may be more rapid than if manufacturers were unable to use prescribing patterns to identify providers for detailing. The promotion of unapproved (off-label) drug uses has resulted in patients' experiencing adverse effects that could have been avoided had their providers prescribed approved medications.17 ,23 Perhaps most concerning is the fact that when drug-related health problems are identified, multiple safety alerts may be needed before use of the affected drug drops.24

Much of what is known about problems with individual drugs and inherent issues in the prescription drug approval and monitoring system came to regulators’ attention as a result of product liability lawsuits.25 The authors believe that such litigation is effective in highlighting problems, but does little to prevent future recurrences of similar systemic issues. Drug approval applications that foster sophisticated patient outcomes measurement and quality improvement may reduce drug safety issues and enhance the quality of care and patient health.

Increased drug costs

When prescription drugs are approved, manufacturers launch these medications with marketing campaigns directed at the providers they believe can write large numbers of prescriptions for the new drug. The availability of prescribing data by providers facilitates additional marketing efforts targeted to providers writing the fewest prescriptions of a given drug, a cost that may be passed on to patients through drug price increases, higher prescription co-payments, or other mechanisms.26 The prescription of new drugs that cost more than older drugs available in generic form increases therapeutic costs, and providers who more frequently use information from pharmaceutical companies are associated with higher prescribing costs.27 Newer medications are often not included in treatment guidelines due to the lack of a track record, but adherence to treatment guidelines has been shown to result in reduced prescription drug costs.28 Even the distribution of small gifts of relatively little value can add to the cost of prescription medications in that drug companies’ primary goal in gift-giving is the development of relationships in which providers reciprocate by prescribing manufacturers’ products.29 The development of analytical tools supporting comparative effectiveness research will facilitate more efficacious and judicious prescription drug spending.

Patient–provider relationship effect

To receive appropriate and effective healthcare services, patients need to be able to trust the professionals who care for them. When pharmaceutical companies can apply finely tuned pressure to physicians to prescribe specific drugs after identifying the target prescriber and drug through data mining, patients can no longer assume that the drug they are prescribed is the most appropriate therapy.30 If patients question the confidentiality of their prescription drug record, they may decline written prescriptions or choose not to tell providers details about their health that patients believe might cause providers to prescribe medications.31

Physicians must take the lead in protecting the patient–physician role,32 but informaticians are in a position to support them. Implementing established technology design and usability practices in product development will further a healthy patient–provider relationship in an increasingly complex clinical environment. The ability of providers quickly to access clinical decision support tools encompassing relevant medical evidence offers a powerful, effective alternative to biased promotional information provided by industry.

Patient privacy

Although the Vermont law targeted provider prescription data and prescription drug information intermediaries such as IMS Health, the data records covered may include identifiable patient information. HIPAA and other statutes require that records be de-identified before distribution. To protect personally identifiable patient information in compliance with HIPAA, as well as to allay patient concerns, informaticians must continue working to develop more robust ways of preventing inappropriate data re-identification. With the implementation of health information exchanges the opportunities to use patient health information for patient-focused purposes such as outcomes research and quality improvement will grow substantially. Privacy-preserving data de-identification techniques that make inappropriate re-identification more difficult and less likely are needed.


Sorrell v. IMS Health, Inc. highlights the difficulties inherent in regulating and protecting commercial speech. Multiple issues underlie the case—pharmaceutical marketing practices, patients’ care-related needs and expectations, and providers’ need to treat patients as providers see fit within a healthy patient–provider relationship among them. Although there is a desire on behalf of policy makers to restrict certain uses of data, after Sorrell there are greater limits on their ability to do so. Informaticians have a significant role to play in helping the healthcare system improve clinical care and patient outcomes in an environment that protects free speech.


  • Contributors BK authored the first draft and reviewed the subsequent drafts. CP reviewed the first draft, authored the subsequent drafts, and coordinated revisions to the subsequent drafts. PD and KWG reviewed the first and subsequent drafts and contributed revisions to all drafts.

  • Competing interests None.

  • Provenance and peer review Not commissioned; externally peer reviewed.


Free Sample

This recent issue is free to all users to allow everyone the opportunity to see the full scope and typical content of JAMIA.
View free sample issue >>

Access policy for JAMIA

All content published in JAMIA is deposited with PubMed Central by the publisher with a 12 month embargo. Authors/funders may pay an Open Access fee of $2,000 to make the article free on the JAMIA website and PMC immediately on publication.

All content older than 12 months is freely available on this website.

AMIA members can log in with their JAMIA user name (email address) and password or via the AMIA website.