Healthcare Information Security

HIPAA and Compliance News

SPAARx pursues OCR explanation on HIPAA compliance conflicts

By Patrick Ouellette

- Less than 90 days away from the HIPAA omnibus effective date, there is still confusion in the pharmacy community regarding compliance regulation overlap between healthcare and specialty pharmacies. The Specialty Pharmacy Association of America (SPAARx) recently sent a letter to the Office for Civil Rights (OCR) seeking to clarify the areas in which new HIPAA omnibus regulations interfere with current standards of care at specialty pharmacies nationally.

SPAARx is a vendor-neutral organization that is managed and governed by a board of directors comprised of executives from a group of specialty pharmacies. Though claims to understand OCR’s position in fortifying consumer privacy and data security protections, it argued that some of the regulations conflict with the compliance programs that specialty pharmacies already have in place. Here is part of the letter sent by William J Sullivan, SPAARx Executive Director.

In particular, SPAARx is concerned that certain language in the final rule regarding the statutory exception for “refill reminders.” will be misinterpreted and could seriously impede medication adherence programs with no substantive benefits to patient privacy. As such, SPAARx seeks that HHS clarify these issues in guidance or FAQs. Given that the revisions will go into effect in less than ninety (90) days, SPAARx encourages the Department to act swiftly to address these concerns.

Specifically, SPAARx seeks to have the Department clarify its position on the definition of marketing to resolve instances where the covered entity receives direct or indirect remuneration in exchange for making communications with patients, specifically compliance and persistency services including refill reminders as referenced in the Omnibus Rule. Additionally, costs related to delivering enhanced therapy management services should be allowable for a broad range of refill reminders and related communications about a drug or biologic currently prescribed or expired. As currently defined, the Department is limiting remuneration to the specific direct cost of making the communication (e.g., drafting, printing, mailing), which does not fairly recognize the additional expenses of clinicians and staff that deliver therapy management traditionally telephonically.

This is just the latest pharmacy concerns with “refill reminders” related to HIPAA regulations. CVS announced this summer that it longer uses patient prescription drug records for the purpose of sending patient pharmaceutical-paid refill notices because it was worried about the effects of HIPAA omnibus provisions.

SPAARx also offered some resolutions to the issues it raised with the convergence of HIPAA and pharmacy compliance. It suggested that OCR use ‘Fair Market Value’ as a guideline for remuneration, which offers a consistent and uniform measure as expressed by HHS’s Office of Inspector General (OIG). OIG had previously recognized that healthcare providers’ sponsored programs are generally not of anti-kickback enforcement concern, assuming that the payments do not exceed Fair Market Value of any legitimate service rendered to the sponsor. Using Fair Market Value as a standard would have value in two ways, according to SPAARx:

- Determining the “reasonableness” of the remuneration allow for the healthcare improvements available through better adherence and compliance of patients

- Allowing for alignment of healthcare provider’s compliance programs to ensure that compliance with the Privacy Rule does not create non-compliance with anti-kickback obligations.

SPAARx also asked OCR to review its restrictions on the use of patient contact lists and other marketing using PHI especially as it relates to the use of mobile devices and social media. It argued that the current language is inconsistent with emerging methods of physician – pharmacy – patient communication that is designed to enhance the care team concept, an emerging and integral component of new best practices.



SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...