[CodeAndCuffs]

> Now consider states make it illegal to get birth control pills and retroactively go after anyone who has them prescribed. It's according to the law, ain't it?

Are we discussing legality, morality, what should be legal, or what should be moral? I agree that would be bad morally, and shouldn't be legal, and currently isn't. My original comment was regarding how the process currently works, and why. It was also to explain that any concern of privacy regarding prescriptions comes more from the department of health/board of pharmacies than it does from 3rd partys providing documents, as the documents arent invading privacy anymore than what already happens.

> The states should keep their noses out of this and in effect all drugs should be made legal.

The whole "your right to swing your fist ends where someones face begins" thing applies here. The problem with some heavier drugs, and their addictive nature, comes in how it effects others. When something is so addictive that a person would sell their own child to acquire more of it, maybe we should limit access to that thing. Ive known a lot of addicts professionally and personally. They come in various degrees of wanting help. Some are in denial, some would do anything to kick the addiction. Some don't care at all and would fight to refuse any help under any circumstance. Its a super complicated issue, "Just legalize all of it", and "Just criminalize and punish all of it" are both equally shortsighted solutions.

> we should make it trivially easy to get help I agree 100%

> it should be trivially easy for a pharmacy to check if a doctor did indeed prescribe something without raping the privacy of everyone involved

It is, and they do. They call the doctor, he says "I didnt write this". Then he gives me a list of people who filled prescriptions he didnt write. The biggest invasion of privacy of unaffected people is when we have a confirmed suspect, we see what other doctors he filled a prescription for, and then go through that list with the new doctor to see what is and isnt legit.

So yeah, at some point in a table of a few hundred people I probably saw some names of people who were a doctors patient, and that they have a prescription from him. I've been inside their privacy just as much as the receptionist at the doctor's office and the pharmacy tech at the CVS

[x86x87]

> as the documents arent invading privacy anymore than what already happens.

Nope. Invading privacy is invading privacy. Just because something is happening today does not make it okay and acceptable

> call the doctor

Is this the 70s? Call the doctor? Do you call the doctor for every prescription?

Here is a wild idea: we have tjis thing called the internet and this other wild thing called PKI. Give the doctor a certificate pair and they digitally sign every prescription. You don't ever need to talk to the doctor, you just need to pull their public certs.

Since we're doing privacy, give the chumps that need the prescription a cert pair and encrypt their shit + make it a crime to store any of their PII at pharmacy level.

[lazide]

Ho man. Do you think the Dr’s illegible scribble on the prescription pad as it is, is because Dr’s are so great at attention to detail and learning new things that they’ll be able to do that effectively?

Without it being an even worse situation where they get a Trojan from opening random emails or surfing for porn, and then all the sudden 100k valid appearing prescriptions for controlled medications all the sudden show up in pharmacies across the country?

[Spooky23]

This stuff is mostly fixed with EMRs. For most applications, paper scripts are rare.

[CodeAndCuffs]

> Nope. Invading privacy is invading privacy. Just because something is happening today does not make it okay and acceptable

Thats not what I was trying to say. My point was that the state already has this data, and I've already seen it before I get a copy of the data from the pharmacy. If you're concerned about the privacy of the data, you should consider the root issue of warrantless access to the PMP by investigators. Anything I get from the pharmacy is just a piece of paper that says the same thing that I already had from that

> Here is a wild idea: we have tjis thing called the internet and this other wild thing called PKI. Give the doctor a certificate pair and they digitally sign every prescription. You don't ever need to talk to the doctor, you just need to pull their public certs.

This is a great idea in theory, but currently has some problems. Some of them probably could and should be addressed, some not.

- Old people who dont want to learn. The PMP lets doctors get a list of every prescription filled in their name in a spreadsheet. You can sort and filter by where it was filled, patient name, type of medication, etc. Of the doctors Ive dealt with, maybe 10% knew about this and used it. A few learned about it from me, got excited, figured it out, and used it to its fullest extent. Most just went "yeah okay" and ignored it because spreadsheets are too complicated.

- Where are we storing this? Can only the doctor do it? From only one computer? Can his receptionist call in the prescription? Can anyone else access that computer? Basically is there any way at all for fraud to happen? What if its the doctor whos the one doing it? Ive seen pharmacists say "Were getting a lot of suspicious prescriptons from this one doctor" who was just flat out selling them to people who had no problems. E-scripts are a thing, and ive seen cases where nurses and receptionists hop onto the system to write illegal scripts.

> Since we're doing privacy, give the chumps that need the prescription a cert pair and encrypt their shit

My mom thinks opening chrome dev tools is going to get her arrested for hacking a website. Please dont put the onus of key pair encryption on her in any way

> + make it a crime to store any of their PII at pharmacy level Im not sure if its a legal/regulatory requirement, or just a moral thing, but Pharmacists are highly trained, with a Doctorate in what they do, and they catch things. Whether its a Doctor wrote the wrong script, or a potentially lethal contraindication between meds. Them having records of what else a person is on is a legitimate medical use case. There may be ways to keep this sort of data without PII, but it would be another concern to address.

[x86x87]

Bake the cert pair into the id you are giving out to people. Look at the system in Estonia