Editor's Note: This story has been updated with a statement from ReMy Health CEO Aaron Crittenden
As part of an ongoing feud with Amazon's PillPack, electronic prescribing company Surescripts is barring a startup, ReMy Health, from accessing its patient prescription data and is in the process of turning the matter over to the FBI.
At issue is PillPack's access to patient medication history data it says it received indirectly from Surescripts via a third-party company. If PillPack loses access to those data, that would complicate its business model.
CNBC reported July 19, citing sources at PillPack, that PillPack was considering legal action against Surescripts and other drug supply chain players because it was being cut off from patient medication data. The company also sent a cease-and-desist letter to Surescripts, according to CNBC.
Surescripts is owned by competitors CVS Health and pharmacy benefit manager Express Scripts. The company manages about 80% of U.S. prescriptions, according to Surescripts' data.
In a statement sent to FierceHealthcare Monday, Surescripts CEO Tom Skelton said after a preliminary investigation the company uncovered evidence that third-party vendor ReMy Health provided one or more of its customers unauthorized access to Surescripts' health information network.
ReMy Health or its customers also provided fraudulent information to Surescripts when making requests for patient data from the Surescripts network, the company said.
Surescripts is still investigating the full scope of these "improper activities" but took immediate steps to suspend ReMy Health from its network, Skelton said. Surescripts is terminating the contract with ReMy Health and is turning the matter over to the FBI for further investigation, he said.
In an emailed statement sent to Fierce Healthcare August 1, Aaron Crittenden, co-founder and CEO of ReMy Health, said Surescripts' claims are "unfounded, false and appear to be part of their overall market strategy."
ReMy Health operates in full alignment with our contracts and privacy law, Crittenden said. "We support patients facing some of the most complex and costly health challenges – expediting patient access to medicines by equipping patients and their care providers with essential medical and plan coverage information. ReMy Health believes competition in the healthcare marketplace is best for patients and will continue to fight for what we know is right," he said.
According to Surescripts, ReMy Health contracted with the company to deliver providers access to a patient’s complete medication history in addition to other services related to e-prescribing and prescription benefits.
Under the agreement, medication history information is to be used by providers when delivering care to support clinical decision-making before prescribing new medications or during the normal process of provider-discharge planning for patients leaving a hospital or health system.
"We found that ReMy Health had provided this medication history data to an entity that is not a provider in this type of care setting. This not only directly violates ReMy Health’s contract with Surescripts, it violates our partners’ trust in the appropriate use of the data they provide to the network and the privacy of the patients they serve," Skelton said in his statement.
While Skelton did not name Amazon's PillPack directly, the company's chief administrative, legal and privacy officer Paul Uhrig told FierceHealthcare July 19 in a statement that the company does not provide its medication history data to retail pharmacies, "regardless of whether they are traditional or web-based."
"While we’re not at liberty to speak to the specifics of any one contract, we can say that we do not contract with any entity to serve as a source of medication history to pharmacies," Uhrig said in the statement.
Jacquelyn Miller, a PillPack spokeswoman, said in a statement sent to FierceHealthcare that pharmacists need access to patients' medication history data to perform interaction checks and drug utilization reviews as well as to provide other clinical services.
"That’s why customers authorize PillPack, as a healthcare provider, to assemble their medication history," Miller said. "Given that Surescripts is, to our knowledge, the sole clearinghouse for medication history in the United States, the core question is whether Surescripts will allow customers to share their medication history with pharmacies and if not, why not?”
Surescripts began investigating ReMy Health in the fall of 2018 after it saw unusual activity on its network. Surescripts also alleges that ReMy Health obtained the patient data fraudulently for one or more of its customers, Skelton said in his statement.
"Either ReMy Health or its customers concealed unauthorized access to the Surescripts network by fraudulently using third-party providers’ identifying information to access the system—even though those providers appear to be entirely unrelated to the patients whose information was requested," he said.
The dispute between Amazon and Surescripts comes as the e-prescribing company is under scrutiny from the Federal Trade Commission (FTC). The FTC sued Surescripts in April and alleges that the company is "illegally monopolizing the e-prescribing market."
The FTC alleges in its complaint that Surescripts has maintained at least a 95% share over many years.
Surescripts filed a motion to dismiss the FTC's charges in federal court July 15, arguing the FTC’s complaint includes significant factual errors. Surescripts also said in its court filing that the federal court lacks jurisdiction for the case and claims the FTC is seeking to stretch the boundaries of its regulatory mandate.
Skelton said Surescripts spent two decades establishing trusted relationships and legal agreements with hundreds of data suppliers and electronic health record vendors across the country to securely exchange health information.
"These agreements ensure that the information we exchange is only used for patient care and not for the commercial benefit of any one data supplier. These agreements also help ensure that patient data is properly secured," Skelton said.