Electronic prescribing company Surescripts has terminated its contract with ReMy Health, claiming new allegations about the startup's fraudulent behavior.
The move has serious repercussions for Amazon's online pharmacy PillPack.
PillPack used ReMy Health, a third-party data intermediary, to access patient medication history data collected by Surescripts. With limited methods to obtain patient medication history information, PillPack may have to manually collect the data by contacting patients and doctors.
"PillPack is hopeful we can work directly with Surescripts, the only commercial clearinghouse for comprehensive medication history in the U.S.," Jacquelyn Miller, a PillPack spokeswoman, told FierceHealthcare.
Having to rely on patients to accurately remember all the medications they are taking could lead to errors, PillPack says. Miller referenced a quote from Surescripts executive Paul Uhrig in a recent Politico article: "Before Surescripts, if you went to your physicians' office, they wouldn't know what meds you were on, necessarily. They would ask you (and) rely on a patient's memory, which is sometimes faulty, right?"
"We agree with a top Surescripts officer that 'rely(ing) on a patient's memory … is sometimes faulty,' and hope that Surescripts wants patients and their pharmacies to have the most accurate information available to improve patient care," Miller said.
Surescripts, owned by PillPack competitors CVS Health and pharmacy benefit manager Express Scripts, manages about 80% of U.S. prescriptions, according to the company's data. In its antitrust case against Surescripts, the Federal Trade Commission (FTC) claims Surescripts has maintained at least a 95% share over many years. The FTC filed a lawsuit against the company for "illegally monopolizing the e-prescribing market."
The dispute over access to patient medication data stems from Surescripts' allegations about fraudulent behavior by ReMy Health. Surescripts now claims that ReMy Health's "improper activities" go deeper than it first thought. The company first alleged back in July that ReMy Health provided one or more of its customers, such as PillPack, unauthorized access to Surescripts' health information network.
As a result of Surescripts' ongoing investigation into ReMy Health, "the evidence shows that the fraud extended to tens of thousands of requests for patient health insurance and prescription price information, which ReMy Health provided to websites that market specific medications to consumers," Surescripts CEO Tom Skelton said in a statement.
At least some of ReMy Health’s requests for patient health information included National Provider Identifier (NPI) numbers for physicians who had no relationship to the patient, Surescripts alleges. NPIs are unique numbers issued to physicians, pharmacies and other healthcare providers that allow networks like Surescripts and providers receiving requests for protected health information to know who is asking for the sensitive health information.
These actions were not a HIPAA violation, Surescripts said, and there's no evidence that pharmaceutical companies knew the data access violated its network policies. There also was no harm to patients, Surescripts added.
"The volume of ReMy Health’s activity on the network was very small, but fraudulent behavior of any kind cannot be tolerated," Skelton said.
Aaron Crittenden, ReMy Health president and CEO, said in a statement that Surescripts’ allegations are "completely unfounded," and the company has "always acted in full compliance with our contracts with Surescripts."
"We have never provided any data from the Surescripts network to pharmaceutical companies for marketing purposes. ReMy Health expedites patient access to medications at reduced costs, but reduced costs do not mean less security," Crittenden said. "We only transmit data for uses authorized by the patient and securing that data has always been and remains our top priority."
"ReMy Health is working to make health care more affordable, more available, and that should not be a threatening proposition to anyone," Crittenden said.
In July, Surescripts said it was barring ReMy Health from accessing its patient prescription data and was in the process of turning the matter over to the FBI. Surescripts said ReMy did not take any action to address the alleged fraud despite being given a 30-day period to address the situation.
Terminating the contract with ReMy Health was necessary to maintain the integrity of the Surescripts network, the e-prescribing company said. "At a time when patients are already skeptical of the healthcare industry’s ability to protect their sensitive data, we are taking steps to protect it on behalf of patients and the people who care for them," Skelton said.