By Tony Schueth, Editor-in-Chief
Sweeping new legislation was signed into law on October 24, pulling together 70 bills from both sides of the aisle to address various aspects of the opioid epidemic. The new law is the “Substance Use–Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act’’ or the ‘‘SUPPORT for Patients and Communities Act” (aka HR6 and Public Law 115-271). Among its dozens of treatment, prevention and enforcement provisions are several that directly impact electronic prescribing (ePrescribing), electronic prior authorization (ePA) and prescription drug monitoring programs (PDMPs).
ePrescribing. Section 2003 mandates that prescriptions for all controlled substances covered under Medicare Part D must be transmitted electronically beginning on January 1, 2021, with a few exceptions. Requiring electronic prescribing of controlled substances (EPCS) will give a needed shot in the arm to use of this transaction. That is because we expect prescribers who are required to use EPCS for Part D prescriptions will ePrescribe controlled substances for commercial lives as well. In addition, private payers and states are likely to follow suit and require EPCS for all controlled substance prescriptions, not just a subset.
Although EPCS adoption has lagged generally, it has shown strong growth in states where EPCS has been mandated. This trend will spread nationwide as a result of this new national mandate. We know that physicians respond to mandates. For example, Surescripts data shared at the last National Council for Prescription Drug Programs (NCPDP) meeting show EPCS jumped in response to mandates in Maine and Connecticut, rising from virtually zero in January 2018 to nearly 50% by mid-September in Maine and 43% in Connecticut.
Now physicians (the vast majority of whom treat Medicare patients) will have to get onboard. The impact of adoption should be minimal. Virtually all electronic health records (EHRs) — the most frequently used method for ePrescribing — are already compliant with EPCS standards required by the Drug Enforcement Administration (DEA).
At the same time, the costs of prescriber adoption — a major barrier — are coming down, and the widespread availability of biometric authentication on computers and smart phones is helping to ensure security. The DEA has already approved biometrics as an authentication method for sending controlled substance prescriptions electronically. The new law calls for updated guidance on their use as part of Section 2003.
Electronic prior authorization. ePA has been around for a while but has not experienced the adoption uptick originally expected. The new law should change that. Section 6062 mandates that all covered Part D drugs requiring prior authorization (PA) must be electronically submitted to Part D sponsors and processors electronically — and responded to electronically — by January 1, 2021. Those ePA transactions must use an as yet-to-be named standard specified by the Secretary of the Department of Health and Human Services (DHHS). In addition, facsimiles, proprietary payer portals that do not meet standards specified by the Secretary, or electronic forms don’t count as complying with the law.
A potential challenge is that a standard has yet to be named by the Secretary. There is a choice of two. There is the ePA standard from the NCPDP, which is part of NCPDP’s SCRIPT standard used today for ePrescribing. The second is the ASC X12 278, the Health Care Review and Response transaction. The 278 is among the suite of standards named under the Health Insurance Portability and Accountability Act, but so far has not been widely implemented. Resolution concerning use of one or both standards is likely to come from the National Committee on Vital and Health Statistics (NCVHS). NCVHS is the federal advisory group charged with recommending health data standards to DHHS after consulting various stakeholder groups, including those mentioned in the legislation. This needs to be done sooner rather than later so an implementing regulation for NCVHS’ recommendation can be drafted and issued with enough time for stakeholders to comply.
The lack of a named ePA standard has several consequences. The first is that many states will have to change their legislation to comply by specifying use of the ePA transaction, whatever DHHS decides to use, and eliminate the use of facsimiles, noncompliant provider portals and electronic forms. So far, slightly more than half the states have adopted or are considering legislation or regulations addressing ePA. However, many don’t specify a standard and only require an online system to receive PA requests electronically — the details of which can vary from state to state.
A second issue is that this standards vacuum will lead to more retrospective PA. Retrospective PA is better than fax, phone and paper but nonetheless a burdensome, usually propriety process in which PA is sought after the prescription has been rejected at the pharmacy by the payer. Retrospective PA frequently results from missing or incomplete data in the current ePrescribing process. In an EHR, ePA is triggered based upon an indicator, or flag, in the formulary and benefit (F&B) file provided by the payers and pharmacy benefit managers. However, the PA flag is frequently not populated by commercial payers. Even when the flag is provided, the need for PA is not always accurately presented. These inaccuracies, plus the traditional manual paper and fax-based PA process, result in delays and frustration.
Innovative solutions are on the horizon. Artificial intelligence (AI) is one that some organizations are testing to predict if a PA will be required. Another is the real-time pharmacy benefit check (RTPBC), which provides real-time patient-level information at the point of prescribing, pulled directly from the payer’s claims system, which is where the most accurate and timely information is stored. It enables the prescriber to see patient-specific plan restrictions (such as PA and step therapy), true out-of-pocket costs for a medication (specific copay/coinsurance amount) and specific deductible information. This will prevent dispensing delays caused by inadvertent prescribing of a drug that is not covered by the patient’s insurance or requires an expensive copayment. Even with these innovations, the need for F&B files will not go away with the advent of RTPBC. Rather, they will evolve to support RTPBC by consistently alerting prescribers of the need to perform a PA due to mitigating factors, such as noncovered drugs. Thus, eligibility-informed formulary is still important because it helps determine whether a PA is needed. The bottom line is that payers must address the shortcomings in F&B data at the same time as they are innovating with AI and RTPBC.
A third issue is that the law speaks to ePA for medications covered under a patient’s pharmacy benefit. However, a significant number of prescriptions for drugs and medical devices are covered under the patient’s medical benefit. The industry is working to address the gap for medical ePA, but this effort is in its early stages. (Click here for our article on the need for medical prior authorization.)
PDMPs. PDMPs are state-specific databases of controlled substance prescriptions. Electronic consultation of PDMPs before the prescriber “writes” the prescription is viewed as an effective way to prevent drug diversion, overprescribing and doctor shopping – and is required in many states.
The SUPPORT for Patients and Communities Act has numerous provisions related to making PDMPs more interoperable. Under Sections 7161 and 7162, states, the District of Columbia, US territories and others will be eligible for grants to implement, enhance and improve various PDMP functionalities. These include improved and interoperable sharing and accessing of controlled substance prescribing data across the states; integration of PDMP data into EHRs and the “health IT infrastructure” workflow; and “integration of automated queries into clinical workflow to improve the use of such data analytics by practitioners and dispensers.” Other interoperability-related provisions include sharing dispensing data across state lines in real time and linking PDMP data with other data systems within the states, such as those for coroners, the Department of Veterans Affairs and the Department of Indian Affairs.
Receipt of the grant money requires that a state must have a PDMP program in place, which likely puts additional pressure on Missouri as the sole state without a true statewide PDMP program. These provisions will require states to revisit their legislation to sync up with requirements in the SUPPORT for Patients and Communities Act. We expect states will also revisit legislation due to Section 1016. This addresses PDMP data sharing for Medicaid, granting authority for state laws to permit sharing of data among providers, as permitted by state law.
The statute also allows the DHHS Secretary to issue guidelines specifying a uniform electronic format for the reporting, sharing, and disclosure of information pursuant to PDMPs.
The requirements in these sections are to be overseen federally by Centers for Disease Control and Prevention, in coordination with the Office of the National Coordinator for Health Information Technology. Timing and amounts of the grant awards were not specified. Many of the activities are suggested but not required, which begs the question of whether they actually will be implemented without a real mandate in place.
Want to know more? The SUPPORT for Patients and Communities Act has numerous other provisions of interest to stakeholders, including expanding use of telehealth in Medicare for substance abuse treatment and expanding eligibility for medication therapy management for beneficiaries at risk for substance abuse. Contact Keith Fisher (email@example.com), who co-leads our Regulatory Resource Center (RRC). We can provide a complete look at the act’s provisions, as well as explain the depth of information available from the RRC on laws and regulations pertaining to ePrescribing, ePA, and other topics of interest. Drop me a line (firstname.lastname@example.org) if you’d like to know more about the changing health IT landscape and what it means for your organization.