Evan Schuman's StorefrontBacktalk

Offering to alert pharmacy customers to prescriptions that are about to expire would be a terrific idea, were it not for privacy restrictions imposed by the U.S. Health Insurance Portability and Accountability Act (HIPAA). That’s something Walgreens learned the hard way last month. Winn-Dixie, the $7 billion regional grocery chain, tackled the same issue and debated and ultimately rejected several tech approaches.

With so many chains offering pharmacy services, the debates provide a glimpse into how mobile strategies can slam into privacy rules and, sometimes, technology simply can’t get around that.

Tim Bell is the director for pharmacy managed care and systems at the 460-store chain operating in Florida, Alabama, Louisiana, Georgia and Mississippi. Bell said the issue is that the best approach for sending a quick alert (such as “Your Prescription for Lipitor is due for renewing. Should we renew?”) and accepting (“Renew”) is the least secure: text messaging. But because of the absence of any encryption, no drug names can be used.

One option Bell’s team explored was using the prescription number instead of the name. “We had a lot of discussion about the RX number,” he said.

If the message was intercepted, no privacy would be violated, because it would have no meaning to anyone who didn’t already have access to the drugs or to the pharmacy’s database. (If the bad guy already had access to the pharmacy’s database, an intercepted text would be the least of Winn-Dixie’s worries.)

The downside is that it wouldn’t likely have much meaning to the customer, either, unless he/she was either standing by the medication at the time, had access to the Web to log into his/her account and look it up or somehow had it memorized. (If the patient’s memory is that good, he/she probably doesn’t need the reminder to renew.)

But there was fear that it could backfire.