On Monday, June 19, 2017, Elizabeth Gurrieri became the second former employee of Insys Therapeutics (Insys) to plead guilty to federal anti-kickback charges related to the drug Subsys, an expensive fentanyl-based painkiller. According to the indictment, former employees (including the CEO and regional sales directors) utilized dubious and aggressive sales practices and offered bribes and kickbacks to doctors across the country to induce them to prescribe their fentanyl spray for “off-label” uses such as neck, back and joint pain. Prosecutors alleged that, starting in 2012, Insys targeted prescribers who had a record of prescribing large quantities of fentanyl with an aggressive marketing campaign of “speakers’ fees,” expensive dinners, free administrative support staff, and nepotistic hiring practices.

In order to facilitate payment for the Subsys prescriptions, prosecutors alleged that Insys set up a “reimbursement unit” or call center to mislead and defraud insurers who were hesitant to complete prior authorizations for the drug when prescribed to non-cancer patients. Insys allegedly set up its phone system to block the origin of its calls, encouraged employees to adopt practices that mislead insurers to believe they were calling from a doctor’s office, and mislead insurers about the diagnosis of patients and whether patients had tried and failed other preferred medications. Though pharmaceutical companies have paid out billions in recent years to settle claims that they sold drugs for uses that were not approved by the Food and Drug Administration, criminal charges against pharmaceutical executives are still relatively rare and federal prosecutors clearly intend to put companies on notice.

The Insys case joins a lengthening line of government investigations into pharmacy or manufacturer malfeasance to encourage prior authorizations. Pharmacies must evaluate their prior authorization processes to make sure that they are acting transparently, are consistently identifying themselves correctly and that their caller ID information is accurate. We have seen increased government focus on enforcement of these issues, and the Insys and Warner Chilcott prosecutions indicate that the government is increasingly willing to target executives.

Additionally, the Insys case illustrates that pharmacies must be cautious about how a patient’s health information (PHI) is being shared with manufacturer representatives due to federal and state privacy laws, including HIPAA. Manufacturer representatives often inquire with pharmacy staff (especially sales representatives) regarding the clearance-status of specific patients. Under the HIPAA Privacy Rule (Rule), pharmacy staff (including reimbursement specialists, patient care coordinators, etc.) may legally and appropriately access and use PHI for treatment, payment and healthcare operations purposes. By contrast, a valid authorization is required for any use or disclosure of PHI not otherwise allowed by the Rule. While the Rule may permit pharmacy field personnel to access PHI for interactions with the treating physician’s office to determine the status of a patient’s prior authorization, HIPAA does not typically extend this same permission to a third party such as a drug manufacturer. Pharmacies should educate their employees on how to protect PHI for which the pharmacy does not have a valid authorization, and should focus training on whether a patient can be identified from the information given (i.e., is the patient information de-identified). However, best practices would require no communication with manufacturer representatives in the absence of a patient authorization.

Content from this alert was included in the Drug Channels News Roundup, July 2017: CVS, Anthem, Specialty Pharmacy, INSYS, and Big Box Pharmacy, and is available online.