Pharmacy care services company OptumRx is requiring 340B covered entities to get its consent before they share OptumRx contract pharmacy claims data with drug manufacturers to satisfy manufacturers’ conditions on 340B pricing.
OptumRx—a part of information and health services business Optum, which in turn is part of UnitedHealth Group—told entities about its new requirement in a May 26 email.
Background
OptumRx operates specialty, infusion, home delivery, and behavioral health pharmacies that serve as 340B contract pharmacies. It also is a pharmacy benefit manager. Sixteen drug companies put conditions on 340B pricing when entities use contract pharmacies. Ten of the 16 make entities submit contract pharmacy claims data to a contractor, 340B ESP, which checks the claims for duplicate 340B discounts and Medicaid, Medicare Part D, and commercial rebates on the same products.
The federal government so far has told eight of the 16 companies their policies are illegal. Seven of the drug manufacturers are suing to have the government’s decisions struck down. In the meantime, covered entities that are spending more and earning less due to the companies’ denials of 340B pricing are weighing whether to give in and supply the claims data.
The security of patients’ personal information—and who is on the hook if legally protected health information leaks when it is shared pursuant to manufacturers’ policies—is a big sticking point in this evolving environment. 340B provider groups have told the government that providing claims data to a drug manufacturer or drug manufacturer third-party vendor will compromise patient privacy and puts their members at legal risk.
OptumRx’s Conditions
“We are aware that drug manufacturers may request that you share certain contract pharmacy claims data related to 340B eligible prescriptions,” said the email to entities signed by “your OptumRx 340B Team.”
“As you know, such claims data includes information that is protected under applicable law and the terms of our agreement,” the email continued. “If you elect to participate in such pharmaceutical manufacturer programs, we have outlined the way by which you can release certain data to pharmaceutical manufacturers.”
OptumRx said entities must provide it with the following information “as a condition of Optum’s consent to disclose our data”:
- name of the pharmaceutical manufacturer
- date request received
- specific data points to be shared
- date range of claims
- date by which the entity intends to share the data
- method to be used to share the data
- data is secure and de-identified in accordance with applicable privacy laws
- whether the pharmaceutical manufacturer and any vendors handling the data have represented to the entity that it cannot combine de-identified data with other data either in its possession or the possession of a third-party vendor to identify individual patients.
“If you have already provided data to any pharmaceutical manufacturers, please notify us with the above information as soon as possible,” the email said. “Optum is open to supporting lookbacks for the time that your program may have been disrupted.”
OptumRx said it needs the specified information from entities “to protect patients’ protected health information as well as confidential information as defined in your 340B Pharmacy Services Agreement with Optum.”
“Optum’s consent to disclose any data is contingent on individual patients not being identified as a result of the disclosure,” the email said. “If you provide any data to pharmaceutical manufacturers, then you, either directly or through the drug manufacturer (or third-party vendor), are confirming that individual patients cannot be identified as a result of such disclosure.”
Optum Specialty Pharmacy wrote to at least one health system in August 2020 expressing concerns about sharing claims data with manufacturers Sanofi and Merck via 340B ESP. “Specifically, we want to protect the confidentiality of our patient’s information and be certain that the disclosure of our patient’s protected health information is compliant with HIPAA,” that letter said. “Additionally, some of the information requested may be considered ‘confidential’ under the terms of our pharmacy services agreement and/or non-disclosure agreement.”
Optum said in an interview this week the company wrote and sent the May 26 email in response to feedback from covered entities seeking guidance about sharing claims data with manufacturers via the 340B ESP platform. It said its conditions are meant to protect all parties including patients. Optum said it is an advocate for covered entities as their contract pharmacy partner and is dedicated to ensuring that vulnerable patients have access to health care.
340B ESP and 340B Covered Entity Reaction
Aaron Vandervelde, Founder and Business Development Lead for Second Sight Solutions, the company that offers the 340B ESP service, said, “We were not contacted by Optum regarding this notice and have not had conversations with other contract pharmacies about any similar policy that they may be contemplating.”
“In our terms of use, we do require 340B covered entities to represent that they have the right to submit 340B claims data to us and we would encourage all 340B covered entities to work with their contract pharmacy partners to ensure they are providing 340B claims data in a compliant manner,” Vandervelde said. “Second Sight is not taking any position on these requirements.”
Covered entity representatives expressed concern this week about OptumRx’s statement in its email that, if entities disclose any claims data to manufacturers, OptumRx considers it confirmation by the entity that individual patients cannot be identified because of such disclosure.
Entity representatives also expressed concern about the additional time and work needed to obtain OptumRx’s consent on top of the time and work needed to satisfy manufacturers’ claims data submission requirements. They note that some manufacturers have 45-day time limits for replenishment orders and claims submissions written into their conditions on 340B pricing.
“Timing is everything,” one said. “It will take covered entities additional time to seek, communicate, and negotiate the ‘allowance’ to share claims data.”
