Is Your Prior Authorization Program Demonstrably Compliant?
A recent settlement announced by DOJ serves as a good reminder of the need for device and pharmaceutical manufacturers to periodically revisit their prior authorization assistance programs, to assure that the programs are operating within appropriate compliance guardrails.
Many device and pharmaceutical companies run prior authorization support programs designed to facilitate patient access to therapies. These programs allow manufacturers to use their resources and expertise to advocate for consistent and coverage of their therapies, and are particularly important in establishing broad coverage for innovative, expensive therapies.
Manufactures have an evident, legitimate self-interest in running such programs. They are motivated by a proper purpose: to establish coverage for their products. As well, these programs may not, in fact, relieve providers of any costs they would otherwise incur (e.g., provider input required for these programs may be similar or in excess to what a provider would do in any event). Consequently, prior authorization programs should generally not be seen as implicating the federal anti-kickback statute. That said, prior authorization programs conducted for the wrong reasons, and that do result in relieving providers of costs that they would otherwise bear, can be seen as problematic. In this regard, the recent DOJ settlement announcement observed:
Insys … bribed large Subsys-prescribers, …by hiring individuals, often close to the doctors, to work as an Insys liaison to facilitate the approval of insurance forms for Subsys, including those submitted for Medicare patients.
This announcement underscores the importance of structuring prior authorization programs in a manner that makes it clear that they are not being used or perceived as improper inducements.
Given the central role that intent plays in anti-kickback cases, it is important to clearly articulate that the purpose of the program is to establish coverage so as to facilitate patient access. The program should be tailored to support this goal and should be reevaluated once coverage is well established. To underscore the proper purpose of the program, the program should be designed to avoid assuming traditional back-office provider functions. Also, to make it clear that the program is not being used as an inducement, it should be available to patients without regard to the volume or value of business conducted by their provider and should not extend any guarantees of coverage.
Finally, it is preferable that prior authorization programs access private patient data by asking that patients sign a HIPAA-compliant authorization to share their records with the manufacturer operating the program, rather than by the manufacturer entering into a Business Associate Agreement with the provider. A Business Associate Agreement positions the program as providing services on behalf of the provider, which is precisely the characterization the program should seek to avoid. A patient authorization avoids the complication of that characterization as well as the need to assume the responsibilities of a business associate.