According to an article ("Online Age Quiz Is a Window for Drug Makers") in today's New York Times, "Pharmaceutical companies pay RealAge to compile test results of RealAge members and send them marketing messages by e-mail. The drug companies can even use RealAge answers to find people who show symptoms of a disease — and begin sending them messages about it even before the people have received a diagnosis from their doctors.
"While few people would fill out a detailed questionnaire about their health and hand it over to a drug company looking for suggestions for new medications, that is essentially what RealAge is doing."
Really? Are you sure "few" people would fill out a detailed questionnaire about their health and hand it over to a drug company?
It just so happens that a recent study by Epsilon concludes that 38% of patients they surveyed prefer to learn about pharmaceutical products via e-mail from a brand or a pharmaceutical company (see chart below and this excellent Dose of Digital Blog review by ePharma Pioneer Club member Jonathan Richman). That beats out offline (ie, TV) advertising.
Although Pharmaceutical companies like to maintain physician email databases, they do NOT want to own databases of patient information. Not after Lilly got its you-know-what in an FTC wringer several years ago for sending out email to 600 or so patients with all their e-mail addresses visible in the BBC line. Let sites like RealAge assume the risk.
There is, however, one catch. RealAge may know how to collect patient e-mail addresses, but do they know how to protect those addresses and other personally-identifiable health information?
I've worked with several agencies and web sites that collect consumer data on behalf of pharmaceutical companies and found that their internal policies and procedures often do not match the promises they make in their public privacy policies. That's how the FTC got Lilly to sign a 20-year settlement that requires the company to have ALL their agencies that handle consumer data on its behalf go through a rigorous privacy/security self-assessment. For more on this see "Good Privacy Practices."