Hubert H. Humphrey Building
Room 405-A
200 Independence Avenue, SW
Washington, DC
Call to Order and Introductions
Third Panel: Pharmacy Benefit Management Firms
DR. HARDING: I am Richard Harding, the vice chair of this committee. As is our custom, we are going to ask everybody to go around and identify themselves and their sponsoring organizations, so to speak, so that that can be on the record. Those of you who are back away from the mikes, speak loudly, so the mikes can pick up your name and so forth.
We will begin, Kathleen, down at that end.
DR. FYFFE: Kathleen Fyffe. I am a member of the National Committee, and I am employed by the Health Insurance Association of America, also known as HIAA.
DR. GELLMAN: I am Bob Gellman. I am a privacy and information policy consultant and a member of the committee.
DR. HORLICK: I am Gail Horlick. I am at the Centers for Disease Control, and I am staff to the subcommittee.
DR. HARDING: I'm Richard Harding. I am a child psychiatrist in South Carolina.
DR. COHN: I'm Simon Cohen. I am the national director for data warehousing for Kaiser Permanente and a member of the committee.
MR. BLAIR: I'm Jeff Blair. I am at the Medical Records Institute. I am a member of the committee.
MR. FANNING: I am John Fanning. I work in the Office of the Assistant Secretary for Planning and Evaluation of HHS, and I serve as the privacy advocate of the Department.
DR. PEEL: I am Deborah Peel. I am a physician from Austin, Texas, a psychiatrist, a psychoanalyst. I am president-elect of the Texas Society of Psychiatric Physicians.
MR. WALDEN: Dan Walden, vice president legal of Merck-Medco Managed Care.
MS. LOWE: Jennifer Lowe, associate general counsel of Express Scripts.
MS. SACKS: Diane Sachs, PCS, vice president, government affairs.
(The remainder of the introductions were performed off mike.)
DR. HARDING: Welcome. We appreciate everyone being here this morning, and look forward to a good morning of presentations as well as discussions.
If I could tell you all the format for this morning, we have four individuals who will be presenting material to us. Each one will be given 15 minutes to make their presentations. Because no one has to leave early, we are going to wait until the end of the first hour, which would be 15 times four, and at that time begin questions.
We will break probably for a 15 minute period about 10:30 and then come back and continue the questioning by the members of the committee. After the committee members have finished their questioning, as we did yesterday, we will open the floor to those present here. If they have questions, we will ask them to come to a microphone and limit their comments and questions to three minutes so everybody can have an equal opportunity to ask those questions.
We are pleased that we have representatives from different areas of the pharmacy benefit management companies here in the country, a relatively new phenomenon that has grown up in the 1990s, although it was around a little bit more than that.
We are going to begin the presentations this morning, unless somebody has a question or a comment from the panel, with Daniel C. Walden, who is vice president of legal matters for Merck-Medco Managed Care Limited Liability Corporation, LLC. Mr. Walden, welcome, glad to have you.
MR. WALDEN: Thank you. Thank you for asking us here today. We are very pleased to be here, and be in a position to explain what we think is a very exciting business and an exciting opportunity for health care in the United States today.
We talked a little bit before this about our presentations, myself and from PCS and Express. Obviously, there is a certain amount of overlap in our presentations, so we will try and move along at some point to defer to later presentations so we can get things moving.
I would like to start first at the very basics. We were presented by this committee a series of questions, one of which is, what is prescription health management, what do PBMs do, or what is the role of PBMs.
I would like to start back a step or perhaps two steps, with what is the benefit. First we will describe a bit the funded prescription drug coverage business.
Today in the United States, the ambulatory market, the market for drugs for those people who are not in hospitals, not in nursing homes, is in excess of $70 billion. Estimates are that 60 to 70 percent of all the prescriptions for ambulatory patients filled in a given year are paid for not by the patient, but by somebody else. It is a benefit which is made available by government, by employers, by unions, by other associations.
The patient's share of the cost of their drugs runs somewhere around 30 to 40 percent. That 30 to 40 percent is of their entire annual spent on average, obviously, and their portion is made up of the deductible. Many people have a deductible before your coverage kicks in. Most people even in the managed program have some sort of a payment, five dollars for generics, 10 dollars for branded drugs. Then many plans do not cover all drugs. So patients are paying for some drugs 100 percent out of pocket.
This is, I think everybody would agree -- certainly probably most people in this room are in the position where you have a funded benefit. You are able to send in your prescription by mail or you are able to take your prescription card down to the retail pharmacy and present it, and you will get your drugs, whether the cost is $100 or $200 or more, four or five dollars, 10 dollars, whatever is your copay.
We were at a conference yesterday where there was a lot of discussion about Medicare reform. There is much discussion in that debate about adding a prescription drug benefit to Medicare, to make prescription drugs available to the elderly, who currently are paying full price, because mostly they don't have a funded benefit.
In this discussion yesterday, listening to Congressman Waxman, the staff from Kennedy's office, staffs from the House Finance Committee, one of the things that they are clearly looking at as a solution to that problem of how to affordably provide a drug benefit to the elderly is a managed prescription benefit, in effect, a PBM.
A funded market is very important. It is a benefit which although I think was a little bit before the 1990s, has been around, but it has been increasing over time, and it is one that I think we all find very important and very helpful to us in our personal lives.
Which leads really to the question you asked us to answer, which is what is the role of prescription benefit managers. Continuing on, this funded benefit is funded by someone. I mentioned employers and unions, retirement plans, governments. It is a benefit which is increasing every day.
When they decide to make this benefit available, which is cost obviously to them, they don't have the ability to do it directly necessarily, although some can. They can hire somebody to provide a series of services, which go to make up the prescription drug benefit. Those services include -- and this is I think something where I may move through quickly, because there may be additional discussion about some of the specifics from some of the others on the panel. But some of those services include claims processing, the presentation of that card at the retail pharmacy and the determination at the moment that you have an eligility, you are a member of a particular plan, what is your copay.
We in particular are a very large mail service provider, so these payers have retained us to make the mail service available. When a prescription is presented in one format or another, we conduct eligibility to determine whether it is an appropriate prescription to dispense from a plan benefit side. We also do DUR, prior authorization, utilization management. We engage in formulary compliance activities, something that I will specifically address in a little bit more detail.
Other utilization management programs, disease management programs, something I think people are very interested in hearing from us, and of course manufacturer contracts. We on behalf of -- and Express and PCS as well, on behalf of these payers in effect aggregate purchasing of prescription drugs from the manufacturers who are making these drugs. We bring them together and deliver them to the individuals by one of a couple of different means.
Now, who does that? Who might a payer hire? A payer might hire an HMO. Many HMOs do all of these services internally. Kaiser I believe is one which has a complete prescription benefit management capability internally and does all these services. They have made a decision to build this capability rather than to buy this capability from someone else. Blue Cross-Blue Shield plans similarly, carriers similarly; I won't go into the intricacies.
Then there are the quote PBMs, end quote, which are the freestanding PBMs. You have the three largest represented here today, but it is important to understand that while we are the three largest stand-alone PBMs, there are many other types of entities that are doing exactly the same activities that we are doing and make up this list of services. So there have been attempts in recent years to put us in a box together. We are in fact just another provider of the management of the prescription benefit.
Very quickly, running through Merck-Medco and some of its history, we have been managing a prescription benefit on behalf of plan sponsors since 1982. We were initially a publicly held company, rapid growth company throughout the '80s. We were acquired by Merck in 1993. Since then, we have put in place -- and I am sure many of you have heard the independents' position, the firewall that we have put in place between ourselves and Merck to insure that we continue to operate serving our plan sponsors rather than the interests of Merck or any other particular manufacturer.
We serve over 50 million patients, so we provide this funded benefit management for over 50 million people in the United States today, and rising. We do this in two primary ways. One is through paid prescriptions, which is a point of sale pharmacy network manager. In other words, we have organized networks of 55,000-odd retail pharmacies, which could be local pharmacies, retail chains, could be others. We have organized them so that we can communicate with them instantly online at point of service, and communicate back to them eligibility of patients, UR messages and other things. We also established in that context pricing for these networks, so that they are able to provide the drug instantaneously to the individual across the country at a five dollar copay, 10 dollar copay, whatever it might be, and the finances of payment for the drugs are worked out between us and them later, or are handled between us and them later. And of course we are acting when we make those payments on behalf of our plan sponsors, the employers, the government entities and the unions.
The other business that we have to be in, and we are the largest, although I believe both of you have also mail service capabilities, we have the ability to take the prescription in by mail and send drugs back out by mail. This is a very substantial quantity of prescriptions that are handled this way. We do over 50 million mail prescriptions ourselves annually. We have 11 pharmacies in eight different states. I welcome you to come and visit one. These are quite remarkable facilities in terms of the quality, the scale, the ability to turn around prescriptions accurately and very quickly.
We happen to have two licensed pharmacies that function primarily as information management centers. They are locations where we make phone calls from -- and those are both outbound calls that we might be making, but they are also locations where issues which may arise in the other pharmacies are for logistical purposes consolidated into one of these pharmacies. In other words, if an issue arises in Washington, it may be that we respond to that issue out of one of these call center pharmacies rather than directly from the Washington pharmacy.
We have a total of 12,000 employees, which includes 1700 -- I'll move quickly. I am just going to pass the pages on the summary of sources of information. We get information from very narrow sources. Eligibility, the claims tape, medical claims, which is very infrequent. Then we also get information from patients and doctors.
The uses of information I will let you read for yourselves. What we wanted to move to was some of what we believe are the principal areas of concern of this subcommittee, the principal areas that we are hearing concern around the country today as we try and establish the appropriate balance between the very, very critical need for patient privacy, patient care and actually making the prescription benefit workable and making it available to patients.
These principal areas of concern include maintenance and use of large databases. People are just generally afraid that there is this big database that may have information about them. The use of patient identifiable information, disease management programs, benefit and formulary compliance activities and of course employer access to patient identifiable information.
Addressing the first issue, which is the computerized databases, we heard yesterday at the conference we were at a concern: somebody has my records. There is a big database that contains my record. Yes, there is. We have a database which is made up of our transactions, 300 million transactions a year. A patient who brings a prescription to the pharmacy, a patient who mails a prescription to one of our mail service pharmacies. We look at that, we do the eligibility, we do DUR, we do other responses. We keep track of the fact that we have done that.
It is in our shop, inside of our organization, for approximately one second. There may be a little bit more time between us and the retail pharmacy, for instance, if it is coming from there. But we complete that transaction and we store it. We have readily available those transactions going back three years, which adds up to about a billion claims in the database.
They are patient identifiable. In order for us to know that you are the patient who is presenting the card, we must be able to link up your name. In order for us to do DUR, we must be able to link your prior transactions to your current transactions.
We have a number of -- I think really the best protection possible at this stage, and we are improving continually on these computerized databases. We have written policies, of course, we enforce these policies. Access to these databases are limited on a need to know basis. There are some individuals in our organization who need to know patient identifiable information, there are others who do not. We separate them out.
There is obviously no time today to go into the nature of the data systems, but we could come back another time and go through some of the detail. We actually have been in a room very similar to this in this building a couple of years ago to explain some of the security issues.
I think it is important to understand that most people within our organization, if they have a view of this data, which we think of as very important data to us from a competitive point of view, this is data which is not just patient identifiable, but it is information which should be maintained private, as against some of our competitors. The view of this data internally is largely blinded.
There are people, the pharmacists who are dispensing prescriptions have available this data on a patient identifiable basis. However, if we are doing outcomes research, if we are doing opportunity analysis, generally that is conducted by people who would not have access to patient names. It is not to say that the information cannot -- that you could not from the data which is there get back to a patient name, but the people who are actually doing this work do not have access to patient names.
We have an audit trail capability to know who comes and goes from our databases. As new systems replace old systems, we continue to move and better improve our ability to conduct an audit trail. Very key point: there seems to be a suggestion that somehow lists are being made available and outside organizations are getting access to lists and mailing to patients. This is simply not true. We do not sell lists of patient names, and we do not make patient data available to Merck or to any other manufacturer on a patient identifiable basis.
DR. HARDING: So you said no sales of patient identifiable data?
MR. WALDEN: Correct. We do act on this data. In addition to dispensing activities, clarifying what the doctor has written on a prescription, we act on the data to provide additional services at the request and on behalf of our plan sponsor clients.
Good examples of this would be a diabetes newsletter. We send out a quarterly mailing to persons who take insulin. We know this from analysis of our database, and we send out a newsletter which goes out quarterly. This newsletter has on the back of it an opportunity for the patient to say that they do not want to receive it in the future. We have a very, very low response rate saying somebody does not want this information coming in the future.
Multiple sclerosis program. We do a very similar activity by telephone. We are aware of people taking certain injectable drugs. We are aware of certain issues because of the literature and our clinical knowledge with taking those drugs. Many people who have multiple sclerosis either have trouble complying or perhaps don't have adequate training in taking injectables. There is a program in which we call, we explain who we are, we explain why we have this information, that we are the provider of their prescription benefit management, and that we have programs which arise out of that role, and we offer to talk to them. If they want to talk to us, we will continue through the conversation and we will give them some guidance in terms of training for using their injectables.
There are a number of other programs that we can go into in more detail in the question period.
We believe that this is a very important activity that we are engaged in. We need to be able to talk with the patient, the physician and the health plan to coordinate treatment. We are not a stranger to this transaction. We are their prescription benefit manager, and in many contexts we are in fact their pharmacist. They have come to us as their pharmacy. So the fact that we may be on the phone at a given time with a patient's physician is not an unusual thing; in fact, it is the way pharmacy has been practiced for decades.
DR. HARDING: If I could ask you to sum up with a comment on the two final issues, which seem to be important issues before our committee, that being the employer access and then the consolidated authorization, if you could just comment.
MS. FOX: Would it help if I gave five minutes of my time?
DR. HARDING: That would be fine.
MR. WALDEN: That would be great, thank you.
MS. FOX: You are very welcome. Remember this.
MR. WALDEN: The next issue is very much a related issue to us. Disease management has been separated in many ways from other health care activities that we engage in. But another type of activity is benefit management or formulary compliance activity.
We speak to doctors, we speak to patients, we write to them about what is the nature of their benefits, just as your insurance company writes to each of you to explain what is your benefit, when is your benefit going to change, just as other companies write to you and say some aspect of your relationship has changed.
We obviously speak to doctors about clarification and safety issues, drug coverage issues, prior authorization, which we will assume other people are generally familiar with. Formulary compliance, including interchange calls. We make phone calls to doctors who have prescribed certain prescription drugs to advise them that it would be in the economic interests of the plan sponsor to consider an alternative drug. It is a voluntary activity. Our P&T committee has required that we provide certain additional information, for instance, if this patient is being treated for X disease rather than Y disease, he might want to consider this, or to make sure that they understand certain warnings which may be of concern.
If the doctor says no, then we do not make that change. We dispense the drug as originally prescribed. We do by the way in other contexts have clients who have closed formularies. Those clients require us to say to the patient or the doctor, if the doctor does not change the prescription, you the patient will have to pay 100 percent of the cost of this drug. You will have to pay a higher percentage of the cost of this drug than if you chose the client's preferred drug.
We also cover a number of other issues which we may go into in more detail.
We think that these are very important activities. We know that these actually are very important activities, and they are necessary to retain the benefit. I think that the challenge for this subcommittee and the challenge for all of us here in Washington particularly -- and we heard some of this yesterday -- is to find the balance between those activities which are necessary to retain the benefit without compromising privacy.
I'll move on to the issues that you wanted us particularly to address. I'll deal with the employer health plan access and maybe defer on the statutory or consolidated authorization.
An employer health plan access to information is an issue which is clearly around. There seems to be quite a bit of concern that somehow information is being passed on by prescription benefit management companies to employers, which is then being abused. There does not seem to be -- we certainly have not heard many instances of actual abuses of this nature. There is a lot of talk about potential abuses, but I think that the anecdotal evidence is actually quite good on that.
The truth is that we do provide to many employers, many of these plan sponsors and government agencies information about the drugs which we dispense. This is a funded benefit. They are paying the cost. They are asking us to provide a service. It is a complex service. They then ask us to report back to them on the service, both to be able to audit our performance and to be able to audit whether the people that we are providing the drug benefit to are the people that they intend it to go to.
MR. BLAIR: So patient identifiable information that goes to the employer with respect to the drug?
MR. WALDEN: It is. These health plans use this data to audit our performance. They bring in outside auditors often to look at the distribution of health care through this funded mechanism, and it is something that is very important to them. Some of our clients are paying several hundreds of millions of dollars a year to fund this benefit for particular patients on a particular basis, and they want to know that we are doing it in the way that they have directed.
Some of those health plans may in fact use that data once they get it for other reasons. They may use it to determine whether there are opportunities for improvement in their plan design. They may use it to identify candidates who may be appropriate for case management.
We are talking at this stage about the provision of the prescription drug benefit. In addition, I mentioned a couple of others, and I think we will have probably some more detail about other programs which involve patient care, disease management programs, compliance programs.
We do not provide the identity of persons who are participating in those disease managements without authorization from the plan sponsor. Generally we do not provide that data at all. Most clients have not asked us who is a participant in your diabetes program, who is a participant in one or another program.
That is beginning to change. We have many clients who are HMOs who have decided, rather than to build their own PBM services, have decided to buy the service from us. They have for instance NCQA requirements. They put in place a diabetes program or another program and establish its effectiveness. In order to establish their effectiveness, they must know they are having an effect. Subcontracting with Merck-Medco to provide that service, they must then go back and identify that that service has been provided to that particular individual and do an outcomes analysis or otherwise be able to comply with their NCQA requirements.
In short, on this issue we don't think that there has been any significant abuse on this level by employers, by governments, by unions. But we suggest that if there is an issue here, that it be dealt with on that side, that it dealt with on the employer or government side, controlling their use of the data they get, and not through the implementation of process requirements in a privacy context.
The real exception is -- there are many reasons why people in the health care delivery system, and we are another part of the health care delivery system, should have data. Many of these funders of the benefit are also participants in the health care system. There are many reasons why they should have data. I think that we should protect against privacy on the outside, and that we should then -- if there are issues in terms of abuse, should deal with them appropriately with them.
Thank you very much.
DR. HARDING: Thank you very much, and we will be back with some questions after everyone has presented.
Our next speaker is Jennifer Lowe, an attorney, an associate general counsel with Express Scripts.
MS. LOWE: Thank you very much, and good morning. I too also appreciate the invitation to address the subcommittee. I think what we see in the media, at least at Express Scripts and I think in the industry and probably all of you, is that there is not only a lack of understanding of what a PBM is or does, but there also seems to be a great fear of what people think we do.
So I am going to try not to be repetitive of what Dan said, and hopefully what Diane says, because I suspect that we are going to find much similarity in how issues with respect to confidentiality and structure of these programs are handled.
My handouts look like this on the front, and you may want to follow. I am going to try to follow my slides this way. I was asked to say what is the role of the pharmacy benefit manager. Essentially, you have a list here of what we are. I think I could summarize it by saying that we are specialists in pharmacy care. We also have hundreds of pharmacists who are in our employ. We have five pharmacies in five states. We offer mail order pharmacy, and we cover 47 million lives.
As Dan mentioned, there are the basic services. If I may, I don't know if you have ever walked into a drugstore, handed your card over and wondered how the pharmacist knew how much to charge you. I used to wonder. Then I got to Express Scripts and I found out how it all works. This is my drug card. I go into Walgreen's and I give this in, and there is enough information on here for Walgreen's on line to connect with Express Scripts. Express Scripts tells Walgreen's, Jennifer Lowe is covered by a benefit. This drug is covered. This is the amount of her copay for that drug, this is the amount that you charge the plan for the drug. Oftentimes we negotiate with pharmacy discounts, and so our computers essentially determine the billing amount for the pharmacy to us. We turn around the bill the plan, and Jennifer Lowe pays her portion of that drug, which usually is much lower than the amount of the overall prescription.
Now, within seconds, what happens in that transaction with this little card is eligibility, looking back six months or so as to what my other drug utilization is to see if there is any problem with the new prescription I am getting compared to what I was on before. So drug interaction. It also determines whether I am trying to get my drug filled too early, because the benefit design that the health plan gives to us is very specific on how many days' supply you can get and how early you can get a refill.
There are several hundreds, I understand, thousands of different rules that the computers are going through in the seconds that this transaction happens. One of the older members of our company who has been involved not only in the pharmacy business but for the advent of PBM, but certainly since then, told me that it used to cost seven dollars for a pharmacy to process a prescription in the old days. Now it takes pennies and seconds.
What pharmacies used to do is not even submit certain claims, because the amount of the reimbursement was less than the amount it cost them. So I look at us as specialists in pharmaceutical care, and we have also taken technology, applying it to pharmaceutical care and really taking pharmacy to new heights and to its highest levels.
I just want to say one other thing before I move on. That is, it is very important to remember that what we do is administer a benefit that a plan sponsor has designed for us to administer. We may give advice. Because we are pharmacists, we do have this information, a lot of clinical knowledge, but essentially we are acting on behalf of the plan.
From whom does Express Scripts receive information? I have to say that I was really surprised when I was coming up with this list at how narrow the range was of sources of information about members. Certainly the health plan, which can be an employer, it can be a third party administrator working for an employer, it can be an HMO, an insurer, et cetera. Basically we get eligibility information, name, date of birth, social security number, all that from the health plan.
The member may give us information. Sometimes it comes through -- if they are going to get a mail prescription, they fill out a form with their allergies, et cetera. We get a lot of information from the member.
We get information from the retail pharmacy in that transaction that occurs within seconds. We get information when the member uses the mail service pharmacy. Finally, we get information from the physician.
To whom is the information disclosed and in what form? I think it is very important to distinguish -- the way we typically do it, we describe identifiable data and anonymized data. So for our purposes, identifiable data is any data that would include name, address, social security number, even in some cases date of birth if that can be used to identify the member.
I want to say that we are extremely sensitive to this issue, always have been, not just because of the advent of the confidentiality issue that the states have been dealing with, Congress, and certainly you committee.
So identifiable data would be given back to the health plan. Typically, in our situation -- and I would assume it is probably across the industry, we don't just give information back to a health plan. We give it to designated personnel in the health plan.
So in the case of an employer, it may be the human resources or some benefits person. We don't just send the information to anyone in the company. To a managed care plan, they obviously have designated the people who get information. There is billing information versus utilization information.
For a TPA which is acting on behalf of an employer, they usually control that information and we are told who to provide that information to. The information may go back to the physician either because of drug interaction, that we want to notify the physician of, or interchange activities, et cetera.
The information may go back to the member, because we may send a compliance letter because we noticed that the person didn't -- let me back up. We can send a member a notice of compliance because it is a drug that requires a lot of attention or may need certain special instructions for how to take it, or we may send a refill reminder, because the person is on a chronic medication and obviously the person is healthier if they take their prescriptions as opposed to letting them go.
We might provide information back to the retail pharmacy or the mail service pharmacy. Finally, there are cases where we are asked for information by government agencies. It could be an attorney general, et cetera. We will only release patient identifiable information pursuant to a valid subpoena, or the member has signed a release.
So sometimes you may have a lawsuit that the member is involved in, and they need this data. The member signs something telling us it is okay to give that data to their lawyer or someone else.
Anonymized aggregate data. Anonymized data could actually be person by person, but no way to know who that person is, or it could be summary data. We provide that back to our health plan clients for benchmarking purposes, to be able to compare their utilization, their cost to other HMOs in the region or other types of plans that may be similar to them.
We provide anonymized aggregate data to pharmaceutical manufacturers. They use it for utilization, to research efficacy and outcomes. We also provide the information to academics, whether internal or external. We work with colleges of pharmacy and other universities to examine information that can be gleaned from this information.
We also -- and I left this off and I think it is important -- we also use anonymized data for formulary development. Our P&T committees utilize this information. When decisions are made about whether to include a drug or not on a formulary, the issue is not cost, the issue may be compliance, it may be quality of life, it may be efficacy, it may be safety. This information can sometimes be gleaned from this information if you can get patterns with respect to certain drug utilization.
In terms of anonymized data, sometimes it is encrypted that there is longitudinal value. You can follow an individual over a period of time, but you cannot tell who that person is.
I think it is also important to distinguish that what we might give to an HMO in terms of identifying people who may be involved in disease management programs, et cetera, should be distinguished say from an employer. We absolutely do not give identifiable information to an employer.
What we do is, we set up in our system where we refuse to give names of people who are participating in disease management programs, because it really isn't what is important. We may give summary information that two people or three people are participating. We may also tell them how many compliance letters we send out. We don't tell them who we sent those letters to.
I'm not going to go through this too detailed, but what I provided is our standard -- some terms from our standard client agreement. What this does is essentially say to the client, you want us to perform these services, you need to give us authorization to utilize this data to communicate with members, with physicians, with you. We also in our agreement say, you acknowledge and say that it is okay for us to use anonymized data. We do not release patient identifiable data, but we do use anonymized data for other purposes other than the direct provision of services to the health plan.
So again, I'm not going to read all this, but I think you may find it interesting. We do -- again, I think it is evidence of acknowledgment of the sensitivity of confidentiality and the privacy of identifiable information.
What is the information used for? In no event have we, do we or will we disclose, transfer or sell patient identifiable to third parties. It is something that appears to be proposed by others who are maybe not familiar with PBMs. I know that there are anecdotal issues. I think people are sloppy in what they say and it is dangerous. We would never do this. If we were to, I don't think we could be in the business that we are in. We certainly have an obligation of trust to our plan sponsors.
The only benefit of providing this benefit aside from retention of employees is to keep their employees healthy, which pays to the employer. If the employee doesn't think that the information is going to be handled properly, they are not going to use the benefit, and therefore the whole purpose of the benefit is basically for naught.
Interestingly, just as an aside, people say that we are just interested in cost and cost containment. Certainly we are, but the fact that we send out compliance letters and refill reminders, because we think that it actually helps the overall health care system to keep people on their drugs,especially chronic medications, because it keeps them more well.
I made a list here of the purpose for how the information is used: identifiable data, certainly payment, drug utilization review, notice of regulatory actions, there may be a drug recall, compliance, patient and physician education which Dan went into in more detail. We do very similar programs. Therapy management. Everybody I think is aware that there are certain additions which are prevalent in the public, diabetes being one, asthma being another, and then if you can focus attention and educate the patient on how to treat their conditions, you can keep them more well.
We are very involved in promoting those type of activities. We offer them. First of all, we don't offer it to the patient until we have asked the client if this is something that they want. We make an offering to the client, the client may say, I don't want to offer these types of programs to my employees, and that's it; we do not contact patients unless the client has authorized us to. Then we may contact patients and let them know about the opportunity to participate say in a diabetes program. If they don't choose to, they don't choose to, and that is the end of the communication.
Identifiable data is used by plans for benefit administration. Again, we may use it for our HMO clients that have P&T committees, pharmacy and therapeutics committees, for formulary development. Actually, that is anonymized.
Let's move over to anonymized data. That may be used by health plans for NCQA and other regulatory reporting. As you know, that has become more of the norm. They may use it for research, we may use it for research. We used anonymized data to submit claims to manufacturers for rebates, and we may use the anonymized data for outcomes studies and also as I mentioned before, for formulary development.
Are there written confidentiality policies and procedures? Emphatically, unequivocally, yes. I have made a list here of what I could think of in terms of where we have policies and procedures. I think the whole issue pervades our company in many ways. How we respond to a health plan request for member information, how we respond to third party requests for information. That goes back to the subpoena or written release.
We get requests from state Medicaid agencies for requests on eligibility. Unless our clients have authorized us to release that information, we cannot release that information. A client may request that our activities with respect to the benefit be audited. We require the third party auditor to sign a confidentiality agreement and the health plan has to tell us that it is okay for this auditor to come in and look at this information. We never allow the auditor to take patient identifiable information out of the audit site. We also limit their access to it. It is very unlikely that even in an audit situation they would get access to it. But we do take a lot of precautions with respect to that.
DR. HARDING: If you could finish up.
MS. LOWE: Okay. We have corporate employee confidentiality policies and as it is described on the last two slides, significant restricted access, passwords. I have put in here our standard agreement terms with respect to our use of confidential information.
I think that there is no doubt when you read that that we do not disclose to third parties member confidential information. We take confidentiality very seriously.
I will close by just reiterating that in order for this benefit to be valuable and meaningful to members -- when I say members, I mean employees, enrollees, subscribers to health plans. In order for it to be meaningful, we have to provide confidentiality, we have to respect privacy. We are very sensitive to the issue. I would be happy to answer specific questions about how we handle it in terms of our policies.
Thank you for the opportunity to address you.
DR. HARDING: Thank you very much. What I am going to do is, because you got 20 minutes on that, actually, 18 and a half --
MS. LOWE: I'm sorry.
DR. HARDING: No, that's okay. But what I want to do is be fair and say that the remaining two will get that amount, too. Then we will try to finish up just a couple of minutes late before the break.
Our next speaker is Diane Sachs, vice president of government affairs for PCS Health Systems. Welcome, and glad to have you.
MS. SACKS: Thank you. Thank you very much for the opportunity to be here and for inviting us. I understand that you had wanted to invite us on an earlier occasion. Unfortunately, that invitation did not reach us. If it had reached us, we would have been very pleased to have been here on that occasion.
Much of what I am going to say is really going to be emphasizing or a repetition of what Jennifer and Dan have said. So I will try and move through my presentation fairly quickly and highlight where it differs.
I think as both of them have indicated, we get information as a result -- from pharmacies. Information is transmitted to us electronically each time the pharmacy fills a prescription for a PCS cardholder.
Just a bit of historic information. PCS began in 1969 essentially as a claims processor. In those days, claims were processed by paper. It was far more expensive. The pharmacy benefit was far less prevalent. PCS was the first company in 1987 to do this on line, to initiate an electronic transmission of online, real time pharmacy management. This has now become standard in the industry. It means that when you walk into a pharmacy, you just hand your card in, you will get the benefit, you will be told who your copay is. There is no paperwork. It makes the benefit extremely efficient. It makes it much cheaper. It means that drugs and this benefit are available to millions more people today than it would have been 10, 15 years ago.
Who has access to our data and for what purpose? First and foremost, within our company only those individuals have a need to have access to information, or given access to those who provide care to administer the benefit or to implement our programs.
We are extremely sensitive to the nature of the information that we are using that it is medical information, that this is private information, that individuals are very sensitive to how it is used. Each software system of ours has a data owner who is responsible for determining who may have access to that information. We have a full time information security department of 10 individuals whose responsibility is to safeguard the data, to certify individuals who have access.
The reasons people have access I think have been explained well by Dan and Jennifer. We have member services and pharmacy help desks. Individuals call us to ask where the prescriptions are, to ask why something hasn't been filled. We give information about potential drug adverse reactions, about drug interactions. We tell individuals when they may be filling their refill too soon or when they may need to get a refill. It works both ways.
Essentially we provide information for individuals to take better care of themselves. We are an intermediary between the pharmacy and the physician and the health plan. We act on behalf of the health plan. We try to help them provide a pharmacy benefit in a way that is cost effective, and it results in better care for the individuals and the members and their plans.
We also have a mail service pharmacy, one in Texas, and we are building a new one to provide disease management, drug utilization review, that is, explaining to physicians best practice guidelines, giving information about new drugs and new practices, prescribing habits, fraud and abuse detection, when individuals are perhaps filling five prescriptions for the same drug, non-compliance program, outcomes research.
In all of these programs in which individuals have access to patient identifiable data in the company, there is a strong corporate policy to warn individuals never to leave the data visible or accessible on their screens, and to always sign off when they leave their desks. Hard information is shredded on site.
Access to information is made extremely narrow for the specific purpose for which it is used. For example, in the case of our clinical specialists who visit physicians those clinical specialists are given access only to the data for the physician they are going to visit. In addition, they are only able to access information for the last four month period, because they are not on site. They can access information, but they can't download it to their PC because there is a chance that it could be stolen.
We are extremely sensitive all the way through in everything we do to make sure that whatever information is accessed, that the risks and the limitations are kept in mind.
Finally, with respect to information that is sold to manufacturers and third party, you have heard from my colleagues before, but it is never patient identifiable information. We do not make it available to them. No patient names, no addresses, nothing from which they could reverse engineer. All our agreements and contracts with manufacturers require that they do not even attempt to reverse engineer, and even if they do, we do not give them the kind of information that would enable them to.
What kind of physical security measures do we take? Eery PCS employee that comes on our site has to have a photo ID. There is an electronic monitoring of individuals entering and exiting the building. Guests have to be signed in. Our mainframe and computer equipment is housed in a separate area in which there is even a higher degree of security.
We have an information security manual and as I mentioned, an information security department.
Access codes, passwords, restrictions on data classification. Passwords are changed frequently. Employees who work outside of the office have to have very tight security measures. They get electronic passwords that change every 60 seconds.
When employees leave PCS, their system access is removed immediately. When they transfer to another position, the information access is reassessed to see exactly what they need to obtain and for what purposes.
We have a corporate policy, a credo on the use of confidential information, essentially re-emphasizing, driving home again that individuals may only use information on a need to know basis. Only the small core of individuals involved in our clinical programs should answer questions about member services, access to information.
The credo is visibly posted throughout our facility. We have a corporate compliance program that backs up that credo, that has information about our measures. Every individual, every employee, every contractor has to sign a confidentiality agreement, has to sign on to our credo, has to sign on to and read it and say they have read and understand our patient security manual, about use of information, security of information, about protecting it, about understanding that there are rules about confidentiality, there are ethical obligations in signing on to those, by agreeing only to use information as authorized by the plan members.
Yes, we do give information to employers, but we would hope that that would be intuitive. We are working on behalf of employers. This is their health benefit plan, this is a part of their plan. They need that information -- they ask for that information in order to monitor and in order to better manage the care they are giving to their members.
When they sign up for a plan in implementation documents, we ask them if they want the information. If they say they do not want it, we do not give it to them. If they say they want non- identifiable data, we give them only non-identifiable data.
In all our contracts, we require them to tell us and represent t us that they have all the authorizations that we need in order to perform the programs for their members. We require them in addition to that to tell us that they will not use the information for improper purposes. In the case of self insured employers, that means not for improper employment purposes. Unfortunately, we cannot police that, but we hope that is the case.
Many of our employers do not ask for the information, they do not want the information on an identifiable basis. Some of them do, and they want it for very legitimate reasons. They want to be able to monitor how the drug benefit is being administered. They want to do case management of the medical side, with the pharmacy side. They want to check for fraud and abuse. They want to verify that we have paid as we said we paid. They want to monitor our services to them.
I will end up just talking about our position on the federal legislation that is being considered. I think PCS and probably my colleagues at the other companies all believe that there should be strong confidentiality legislation at the federal level. We believe that we are all now currently probably fully in compliance with what the legislation would be, based on some of the drafts we have seen, certainly Bennett and Jeffords.
We believe that the way it should be done is to deter the inappropriate use of information, but really to facilitate and allow access for the appropriate purposes. In that regard, we believe the consolidated authorization is the appropriate way to go, that the individuals at the time of signing up to the health plan know how the information will be used, who it will be disclosed to, and at that point, let them sign up to say that the information will be used for those specific purposes. Thereafter, as an individual moves through the health system, they should not need to continue to collect authorization forms.
At any stage in the program, in an individual -- and I know this is one that comes up all the time in disease management programs -- chooses not to participate, that individual may notify us of that and they will be taken off the program. Nobody is forcing people to be sensible about their health care or to do it the way we think they should. At any time they don't want to, they can choose not to do it.
So we believe in consolidated authorization. The second point -- and I don't know if this is relevant to the committee, but we very much support federal pre-emption. The reasons we support it are very simple and straightforward. Health care information crosses state lines. Health care information is not limited within a state.
In addition, in many cases the integration of health care information in a national company such as ours is done most efficiently because you are looking at huge databases, you are looking at a huge number of patients. You are able to do tremendous things with the data. The great difficult becomes, if you have 50 different state laws, and even within those sub-laws for different parts of information, it becomes administratively impossible to do. One, you don't know what all the laws are. Second of all, if you don't know what the laws are, in some cases you simply do not use that information or you block out series of information. You do not conduct programs that would otherwise be beneficial. Essentially, you put a blockage on the benefits that we now have and that we all sing praise to, about the ability to access and use information efficiently administratively.
We do not want a law that is going to be weak. We do not say that there should be federal pre-emption because we believe the federal law should be weaker than the state laws. What we believe is that you need a uniform law because that way, you will get compliance and you will get the ability to use the information for the benefit of the patient.
I'll be happy to answer any questions.
DR. HARDING: Thank you very much. We will have questions, but we are going to have each person give a presentation first.
Our next speaker is Dr. Deborah Peel, who is currently the president-elect of the Texas Society of Psychiatric Physicians. Welcome, Dr. Peel, glad to have you.
DR. PEEL: Well, I just want to thank you and the committee for giving me this opportunity to come and talk with you on behalf of physicians and patients in Texas. Although you invited me as an individual, knowing of the legislative work I have been doing in Texas, we are trying to pass some laws regarding e benefit centers now, I want you to know that the views that I express are completely consonant with both the Texas Society of Psychiatric Physicians, their views about privacy, as well as the Texas Medical Association.
What I want to talk to you about are really the prescription privacy breaches that are occurring systemically because of the kinds of corporate activities of these entities known as pharmacy benefits managers.
Let me first say that listening to what we have heard today, yesterday, and also reading the transcripts of testimony from February, where you all heard from data warehousers, all kinds of pharmacy wholesalers, all kinds of other giant systems involved in getting medications to patients, I don't know whether people are missing the point about privacy here. But let me just say, when you ask them about privacy breaches, they tell you about how their employees have sworn on 500 stacks of Bibles they are not going to release information and everything is protected from hackers.
But the breaches of privacy that are so damaging and that affect every citizen in this country are not due to disgruntled employees or hackers, they are due to the systemic corporate practices of these entities. It is the corporate practices themselves that are causing the privacy abuses. It is not somebody hacking into the system and getting the information.
Let me just explain. It wasn't so long ago that when a patient came to see a physician that they thought that whatever they said was private. That is why in your stack of information, I couldn't resist putting in the Hippocratic Oath. That is where we started. The basis, the foundation of medical care, not just psychiatric care, really is the trust that patients have in their physician, that whatever they tell us, it is sensitive, it is personal, it is going to be held in confidence.
What these entities have done, what managed care and computerization has done is, they have appropriated what any ordinary person would consider their medical record, that is, a prescription. They have appropriated this information and declared it be corporate proprietary information, which they then use and sell for all sorts of purposes.
I wish some of the purposes had to do with improving patient care, and hopefully they will begin to address that. But they have appropriated information and prescriptions absolutely in most states, if you ask anybody, would be considered to be part of the medical record.
How have they been able to do this? Well, I guess we have to go back first of all to ERISA. It is widely known that ERISA has pre-empted liability for managed care companies for their medical decisions, but what is less known is, the ERISA law has exempted these entities from state privacy protections.
In Texas, we have over 30 statutes that cover the privacy of medical records. They are blown for people in these self funded plans. So ERISA has contributed to the ability of all of these entities to accumulate amounts of data that people have expected to be private.
I guess what we are saying in Texas and what we are saying to you, and hope that you would advise the Secretary about, is that the privacy of prescription information really is should be a part of patient protection laws and statutes. Privacy fits right in with the intent of the administration of this country to protect patients from health care abuses.
If we don't protect privacy, I think it weakens the entire patient protection effort, because privacy is the heart of medical care.
Let me just go further down this outline. Prescription privacy breaches are really a direct and indirect cause of therapeutic failure. Let me tell you about how that happens. One of the things that is really interesting for me to hear is, all these other entities have decided that it is their job to help the patient take care of their illness or get well or stay on their medicine or whatever.
I am kind of surprised. When a patient comes in to see me, I think it is my job to help them figure out what works and whether to stay on it or not, or how to deal with their illness. I don't know that anyone knows that they are signed up for all these other entities to manage their care.
But particularly in the case of mental illness, often it can take months or even years to find a regimen of medication that works to stabilize a particular patient. Then if they are switched to -- if their company switches to a new managed care entity or whatever, the new PBM or whoever is doing the pharmacy management typically have in place policies that do the following sorts of things, and hopefully this committee has heard of them.
They do typically drug switching, they have fail first policies, they have limited formularies. Then basically what happens is, the physician and the patients are both profiled. There are reprisals for physicians if they prescribe too many drugs that are either too expensive or that cause hassles. This gets back to whether physicians are going to be kept on as providers on particular plans.
But there are various kinds of reprisals to patients, if they use too many drugs that are not the favorite drugs on a particular pharmacy. You have heard of first, second or third tiered pricing; these are reprisals to patients for using a drug that the company has some reason not to push.
In some of the material I gave you, there are some facts about how many people were drug switched. I think one of the articles said there were a million and a half last year. To induce pharmacies to get people to switch drugs, they are frequently paid 12 or more dollars per person to induce the patients to change drugs.
So we have all of these kinds of pressures, both on patients and physicians about what medication to take. And of course, all of us, every one in the country, physicians and patients, are very interested in reducing costs, but we are saying that what has to go into this equation is not just cost, but actually valid clinical scientific studies of what drugs are effective and efficacious. We think that part has been missing from this whole picture.
Let me just talk to about -- I passed out a little handout with some surveys. In here there is a mental health care survey from last November-December Texas Psychiatrist. I thought you ought to hear what they had to say about what is going on in regard to these matters.
Seventy-five percent of our patients have reported fears of retaliation or discrimination when using insurance benefits. More than three-fourths, 78 percent of psychiatrists, have seen specific cases in their practices where managed care policies have adversely affected the quality of care. Seventy-eight percent -- and this gets into the restricted formularies and what these entities do -- 78 percent reported patients were adversely affected by restricted formularies. Even two thirds of us have given people samples of medication because the plans won't pay for the drugs we think are best or work best for that patient.
I put some other stuff in there. People sometimes have the idea psychiatrists see Woody Allen, who is not particularly ill, but they rated patient impairment, that 36 percent of our patients are severely impaired, another 43 percent moderately, and then a breakdown by age group.
On the next page of this little handout, there is some other relevant information from a California Health Care Foundation poll that is very relevant to this privacy matter, that 70 percent of adults do not want -- would not allow drug companies to review their medical record for the purpose of marketing new drugs and products.
These are the kinds of privacy invasions that people really resent. Again, it is not the hackers and disgruntled employees. These are the deliberate major activities of these entities.
Further on on that particular survey, it shows you our patients, those with mental illness that use mental health services, are the ones who have been traditionally most likely to be harmed by privacy violations.
I joke about this, but it isn't a joke. I have been in practice 20 years. For all of the 20 years, I have had to give my patients a Miranda warning. If you use your insurance or if you get a prescription filled, your life can be wrecked. You may be fired, you may not get hired, you may not get health, life insurance, disability insurance. You may not be able to get into a certain school.
Now we have the phenomenon where every patient in this country should get a Miranda warning from their doctor before they will a prescription, because all of this information has been appropriate and is being used. I hope the information will eventually be used to benefit patients, but it is not looking like it.
We are in an escalating cycle for pharmacy costs, everyone knows this. We have multiple new medications, prescription costs are increasing at a rate of 17 percent a year. The yuppies are very demanding. They want the latest drug for hair loss, skin complexion, the latest cardiac drugs, on down to what is new for taking care of toenails, so there is going to be tremendous pressure on this whole part of the health care system to drive down drug costs. What we are seeing are incredibly creative, inventive and arbitrary systems set up to try to control these costs.
What you have heard from these people, and they have said it very clearly, is, we do drug utilization review, we do drug utilization review. What is drug utilization? Drug utilization review is where medical decisions are made about what medication is going to be good for a patient.
In Texas, we are basically saying to these entities, hey, that is a medical decision. You need to come under our patient protection statutes, just like the rest of the managed care industry has done. If you are going to make a medical decision, we need to protect patients. That would create privacy protections for patients, it would insure the proper qualifications for the persons conducting the reviews, it would insure that patients have adequate appeals when treatment is denied or a prescription is denied, and it would insure accountability for negligent acts.
What else can I say? As you know, medical privacy is very critical. Let me just walk you through two examples from Texas that some of you may have seen before. Both of the physicians are friends of mine.
Dr. Karen Hill's patient -- and I think you can find that in -- I gave you a little section called examples of PBM drug utilization review. We can't go through all of these, but I really wanted the committee to see the kind of stuff that doctors get.
This first one, February 18, 1998, this is the one that went to this friend of mine, Dr. Karen Hill, an internist in Boston, saying that her patient had been enrolled in -- has Motorola written all over it, had been enrolled in one of their disease management program. So this physician did what I wold do. Whenever I get any information about a patient from some third party, I hand it over, because my job is to protect the treatment, protect the privacy. I would never act on anything or accept anything without sharing this with my patient. As a psychiatrist, I have a luxury of time that perhaps other physicians don't.
I am extremely, exquisitely sensitive to privacy, because nobody would tell me anything if they thought it was going to be on the Internet. So maybe I am more tuned in to this than most physicians. But she gets this letter about her patient with the name of the employer right on the letter. On the last page, it listed a whole bunch of people and asked whether it revealed a number of names.
So this is one of the places where they told you they don't reveal peoples' names, but they sent Dr. Hill a list of 10 or 15 names and said, please check off which ones are or aren't your patients, let us know. So there is a danger that using these particular corporate paradigms, that information is revealed about a particular patient to someone who shouldn't have it. I don't want -- if Dr. Cohen is treating me, I don't want Dr. Harding to get a letter saying, is Deborah Peel your patient.
Anyway, so there are revelations that come about through these kind of disease management programs. But Karen's patient got very, very upset. She had worked for this company for a long time. She was assumed to have depression because of the prescription information that was picked up by a PBM. The PBM assumed that because she was on an anti-depressant, she was depressed. She was actually being treated for a sleep disorder.
Anti-depressants, you may or may not know this, but anti-depressants are used for many reasons. Pain, for various kinds of conditions that aren't depression. While these disease prevention management programs may be well, we are simply saying why not ask the patient and the doctor first? Why not get permission?
The next one I would like to talk with you about is another friend of mine, Patty Raleigh. You can see her fax. Because of their incredible computer capacities, they scan the entire town. They wrote this letter to Patty and they said, we can't find that these three women who are your patients, who are over 50, we can't find that they are on any medicine to prevent osteoporosis, why don't you prescribe it. That is the kind of capacity these systems have to detect information.
Maybe patients want these other entities to suggest what their physicians should do, or pressure their physicians or themselves to take certain medicines. Maybe they do, but I think they should at least have the chance to choose whether this happens.
Let me just tell you, at the hearings in Texas, when we were talking about PBMs, basically what we are trying to do down there is to limit their ability to sell the information they collect for commercial purposes, to use the information for commercial purposes, and to prevent them from leaking the information to employers. Those are the two main things, and to bring them under our patient protection law, and to say that since you are doing medical necessity decisions, you are making medical decisions you need to play like the other players and have the right protections for patients.
One of the things that came out in that discussion was -- in fact, I think it was a man from Merck-Medco, was asked about what the patient permission was, what permission did the patient give. So I have included somewhere in that whole bundle of information for you an HMO enrollment application. I challenge you to find on this anywhere anything that describes in any kind of detail pharmacy benefits management services, disease management programs. There is nothing on here that tells the patient anything.
This is the danger of these single consolidated authorization forms that you are hearing the industry wants to become federal law. This one is from PCA. Maybe if we get out a microscope and look at the fine print, it might be something about these things, but I don't think so.
DR. HARDING: We are about out of time, but you just mentioned a difference that you had between yourself and the previous about consent. The other issue I see you have here is pre-emption. Do you differ in your feelings about that issue, too?
DR. PEEL: Yes, that is probably a good place to finish. I think patients and physicians would be more interested in a series of legislative key elements that I also passed out to you.
We believe very much that federal law should provide a floor, not a ceiling. We think the floor ought to be really high so that you do get the standardization that the industry wants. We believe the authorizations should be used only for treatment and payment, and that if these entities want to do other things, some of them may well be very valuable and important, that these should be not coerced, that patients should be permitted to consent to these things or not.
We are very much in favor of research. But as a physician, I can tell you, the vast majority of research doesn't need identifiable patient information. Most of what has been done with the identifiable information has been specific patient targeting and marketing, or medical information, prescription information has been used to discriminate against people, because they cost too much medically. It hasn't been really used to help patients.
So we are saying, let's make massive use of non-identifiable, de-identified information for research and oversight purposes.
I just want to close by saying that it is really important for everyone here to recognize that patients don't understand when they fill a prescription what happens to that information. They do not understand what is being done with the information. I think when they do, they are going to be as outraged as they were when they discovered that their driver's license pictures and information has been sold.
DR. HARDING: Do you just have a closing comment?
DR. PEEL: I am hoping so much that your committee will really advise HHS and Secretary Shalala that privacy is really the foundation of our health care system. If we destroy it, there is going to be a massive abyss. What we are going to find is that the rich go to private treatment, get private care, and the poor are stuck in a system where they will be forced to conceal information, avoid treatment, lie about treatment. Then the data that gets aggregated is going to be distorted and false. I don't think we want to create a black market in medicine where the only people who can have private treatment are the rich people and the poor people as a condition of treatment lose all of their privacy. I don't think we want that.
I really thank you for this opportunity to speak. Thank you very much.
DR. HARDING: Thank you. We appreciate all four of your presentations this morning. We are going to break for 15 minutes exactly. It is 10:30, and we are going to start right back up at 10:45. We are going to at that point run straight through to around 12:00 or 12:15. At that point we will stop the hearing. That will give us about an hour and a half of questions and comments. We look forward to that.
(Brief recess.)
DR. HARDING: Welcome back to the Subcommittee on Privacy and Confidentiality, the National Committee on Vital and Health Statistics, here in the Hubert S. Humphrey Building, coming to you live over the Internet.
We have with us four individuals who have just given testimony. I will read their names again. What we will ask is that each committee member -- because we are on the Internet, if you would please identify yourself before you begin speaking, that would be helpful for everyone. We have with us Daniel C. Walden, Jennifer Lowe, Diane Sachs and Deborah Peel. We will begin the question and answer period.
Again, after the members have completed their comments and questions, if those here in the room would like to ask a question or make a comment, we will ask you to go down to that end of the table and sit down in front of a microphone, identify yourself, and limit your comments to three minutes for the sake of everybody.
Does anybody have any questions they would like to start out with? Jeff.
MR. BLAIR: This is directed to all three of the witnesses that are here from pharmacy benefit management firms. Could you help me a little bit better understand, if it turns out that regulations are put forward that would constrain or limit or eliminate your ability to share person identifiable health information with employers, at one end of the spectrum, if you have large companies -- we had IBM testify yesterday that essentially they would not ask for person identifiable information in almost all cases, except for just a few areas where they do their own health care assistance.
What I really want to drive to is to have a better understanding of the consequences of that kind of restriction. When you come down to small employers that don't have the financial resources and the populations to be able to distribute the costs over a large population, then we have a different situation. I don't know how many of your clients are smaller employers.
So could you give me some idea of the impact or effect of constraints or limits on your ability to share person identifiable information with employers?
MS. SACKS: I'll start first and then Jennifer and Dan can continue. I first of all think that that is a question that needs to be directed to employers rather than us. Ultimately they know why they want the information and how they would use it.
I will say that in many cases, small employers do not ask for patient identifiable information, because they generally find that they are least able to use it effectively. It is generally the health plans that would ask for it, or potentially large employers that have in place the means to use it effectively, either to monitor or supplement the benefit administration.
But this is not our issue, it really is the employer's issue.
MS. LOWE: I would simply agree, and just point out with respect to smaller employers, our experience is, most smaller employers will use a third party administrator. In talking to third party administrators about this, they actually just urge employers not to receive the patient identifiable information, but allow the third party administrator to be the go-between, and let the employer know of certain problems perhaps with payment and things like that.
But with the smaller groups, they are not only not able to utilize the information that effectively, they typically have a different party handling it for them anyway, who might also be involved in administering their health benefit and other benefits.
MR. WALDEN: I would agree with what has been said. If such regulation were to be put in place, we would of course comply with it. There might be some cost to that.
Largely today we are able to provide and do provide to many employers any reporting we do on a blinded basis. I would just encourage that as you begin to think about that kind of a regulatory scheme that you think through the entire problem, which is I think where you are going. This will cause the employers some difficulty in their ability to audit our work, to assure that the benefit is going where they want to direct it, and ultimately maybe to do add-on activities with respect to it.
You need to think through what all of those are and address them, rather than just put up a wall and say nobody can share information with the employers.
DR. HARDING: Just a question in followup. So you all have really nothing to do with informed consent with the patient. The patient has informed consent with the payer, and you then contract with the payer, is that correct?
MS. LOWE: Actually, that would be generally yes. When we do certain disease management programs, we do actually get into consent. But that is not the issue of whether ahead of time we are using the data to identify them. But in terms of doing the program, we do an informed consent type of process.
DR. HARDING: But the basis of what you do with the payer is on the basis of a contract with that payer?
MS. LOWE: Correct.
MR. WALDEN: Our direct contractual relationship is with the payer. There are a number of places where we are able to advise or make disclosure as to the nature of our services, and at the same time we make disclosure of the nature of the uses. Those would be on installation by the patient into whatever benefit plan they are. That might be at the prescription benefit level or it might be at the ultimate payer level.
DR. HARDING: You would feel that the payer has the duty to have the informed consent that tells them about the contracts that they have with you and so forth for that patient's informed consent as they sign on?
MS. LOWE: Yes. I think what you are saying is, is it the employer or the health plan's obligation to tell the employee or the member that this arrangement is going on between the employer --
DR. HARDING: Yes.
MS. LOWE: Yes.
MS. SACKS: I think on a more general level, what I think needs to be done is that the employer when they sign up an individual needs to explain to him what the information generally will be used for and who it will generally be shared with. I don't believe that it is appropriate to list every entity that it is going to, simply because at each stage you may subcontract with a vendor or somebody to provide services. You would not want to have to go back to each employee and get another consent form.
But certainly when the individual signs a consent form, they should know what the information is going to be used for and how it is going to be used, and they should consent to that and authorize that.
DR. GELLMAN: I have a bunch of questions, so feel free to stop me and let somebody --
DR. HARDING: Please identify when you are talking for our folks at home.
DR. GELLMAN: It is Bob Gellman. Can I ask each of you in turn, do you have a notice that you have prepared for patients of your information practices?
MS. SACKS: We have a credo which is something that I have attached to my testimony, which explains exactly how we use information and how we protect it, and what our policy is with regard to protecting it. We do not have a notice that we send to patients about how we use information.
MS. LOWE: Basically we have the same. We have a confidentiality policy, but it is not something that is distributed, although if anybody requested a copy, it certainly would be made available.
DR. HARDING: Mr. Walden?
MR. WALDEN: I think this takes us back to the question asked by Dr. Harding. Yes, we have a confidentiality policy. We have also a separate policy on uses of patient identifiable information, which are internal policies. But we are providing the prescription benefit management services on behalf of plans.
When the plans retain us, there is an initial communication which goes out to the patient. It is often drafted by us or sometimes -- and commented on by the client, sometimes the client writes their own.
In ours, for instance, that does include a notification that in connection with providing your prescription benefit, we will have access to any information, we will make use or uses of information generally, unless the employer discloses that we will make information available to the employer.
DR. GELLMAN: It seems to me that this is a significant flaw in your activities, that you guys claim on the one hand to be working for the employers or health plans that hire you, which is certainly fair enough. On the other hand, you say we have a direct relationship with patients, we are providing them with treatment and we are providing them with pharmacy services. It seems to me that you have the same obligation -- you should have the same obligation to disclose your information practices directly to patients, as should everyone who is providing health care services to patients. This is one way of informing patients of what is going on, and possibly giving them choices about what is being done with their information and how they may be contacted.
MS. SACKS: It seems to me when a patient signs up for a health plan, we believe that the notice should be given then. We believe that it appropriate, and that they should understand how the information is being used, what it will be used for, what is authorized to be disclosed and to whom it will be disclosed. That should be done by the health plan.
DR. GELLMAN: Do you have a notice --
MS. SACKS: This is something that should be done by the health plan at the time they sign up. Once that is done, it doesn't seem to me -- I don't understand what more you are needing to be done.
DR. GELLMAN: You are passing the buck here. You are saying we have patients that we treat, and we don't want to tell them what we are doing with information. We think somebody else should tell them. Do you tell the companies that hire you, the health plans that hire you, these are our information practices, and do you require them to notify their patients of your information practices?
MS. SACKS: We require the plans when they sign up with us to assure us that they have authorized it and that they have told their patients how the information will be used and to whom it will be disclosed. We think that is the important point here, that the patients know how the information will be used, that they authorize it and that they know to whom it will be disclosed. We contractually are an agent of the health plan.
MS. LOWE: We have the same structure. If you look at the information I have provided in terms of our contractual provisions, the health plan is the one that has to communicate to the member that this information is going to be used.
I just want to also take a second to distinguish between our role as the pharmacy benefit manager and our role as the pharmacy in terms of mail service pharmacy, where we would in a sense look like any retail pharmacy, in terms of how that information is used.
Again, with respect to our obligations as a pharmacy benefit manager to the plan, that is detailed in our contract, and we act as an agent of the plan when we do any of the communications that we do to members or enrollees or their physicians.
DR. GELLMAN: Well, I just say again, you are having it both ways. You are saying we are one thing one time and another thing another time. You are evading your responsibilities to tell your patients.
One of the things that I think is a perfectly reasonable activity is the exchange of information for treatment purposes. You go back and forth with physicians, they write prescriptions, you talk with them. Some of those activities -- I'm not saying all of them, but some of those activities are perfectly reasonable on the grounds that you are both providing treatment to the same patient. But if you are going to claim that you are providing treatment to patients, you have the same obligations as others should to provide information to those people about what your activities are with respect to information, what your policies are. Do patients have a right of access to their records? Do you tell patients that they can come to you and see their records? Can they come to you and see audit trails? If patients aren't told they have these rights, then they don't have them.
MS. LOWE: They have a right to see what we call a member benefit statement. When someone decides to use our services for mail service pharmacy, they fill out a form, and it has the same type of disclosure or informed consent about information being shared with a physician or being used for payment purposes or with the plan.
So we do do that when we act as the pharmacy, and actually are treating the patient as our patient, because they are getting the prescription from us. We act as a pharmacy in that manner just like any other retail pharmacy. We may contact the doctor because it appears to be an inappropriate prescription, because of other drugs that the member is taking. We would -- again, we act like any other pharmacy in that respect.
With respect to the other services we perform, eligibility, sending compliance letters, et cetera, that is on behalf of the health plan. The health plan under our agreements have notified the members or their enrollees as to what our services are. It is usually a condition of participating in the plan that they sign something that says they acknowledge what the uses of information are and where it is going to go.
DR. GELLMAN: When you contact patients, do you tell them, we are contacting you today in our role as a pharmacy and a provider of treatment directly to you, or we are providing them in a role as an agent to your health plan? Do you make it clear to them exactly what your role is at any time?
MS. LOWE: I can't tell you exactly what is said when a phone call is made, but if it is because of a prescription that has come into the mail service pharmacy, then the person knows when we call and say this is Express Scripts. We have a prescription here. We usually would call the doctor if we can't read it, but whatever, if we need some kind of confirming information. They certainly sent in a prescription, they know it is us, and they understand what the connection is.
When we send them information about compliance, that is sent as our role as pharmacy benefit manager. We state who we are, who we are acting on behalf of, and what -- if you get a compliance letter you can throw it away, in terms of what your rights are, with respect to acknowledging the particular communication.
DR. GELLMAN: For the moment, I am just talking about what information is provided to patients and what they are told about what your role is.
MR. WALDEN: I would guess the two roles are -- you are saying we have to be in one or the other at a given time. We are, and this is what our disclosure says, we are contacting you as the manager of your prescription benefit on behalf of your plan's sponsor.
Now, in that context we are either adjudicating claims through a retail network or we are dispensing prescriptions through our mail service pharmacies. All of those are consistent. We are actually part of a continuum of care, if you will, between and around the circle which goes around the patient, which includes the physicians, the various specialists, it includes their pharmacies, and it must include ultimately their pharmacy benefit manager, whether it is an individual benefit manager or whether it is an HMO or other managed care organization.
DR. GELLMAN: Let me get off this topic and onto another one. But I will just say that one of the provisions in all of the bills that have ever been proposed in this area is that people have to prepare notices of information practices and provide them to patients. I haven't found anyone who has said we are against that. But I'm asking you, and you guys don't do it. You guys have no interest in doing this. You don't want to tell your patients how you collect information, rights they have with respect to that information, how you use the information, how you disclose the information.
MR. WALDEN: I believe I said that we do include in our installation package information about what we do with the data.
MS. LOWE: We have member packages.
MR. WALDEN: Sometimes we present a draft of an installation package to go out to patients, to our clients, which our clients change, because maybe that is not what they want disclosed, or maybe they write their own. I don't think that you have heard any of us object to additional disclosure.
DR. GELLMAN: Well, none of you do it.
MS. LOWE: I'm not sure I understood the question, but the fact is, we have member packets that go out that explain who we are, who we are acting on behalf of, and how we interact with them and what happens with the information.
MS. SACKS: I don't understand what the concern is here, what the wrong is, what the fear is. Everything that is going to be done with the information is disclosed to the patient. Exactly who is going to get it for what purposes is disclosed to the patient at the time that they sign the authorization. What is the mischief that you are concerned about? If you consent -- rather than that comes through the health plan, that comes through the health plan, and every subcontractor that works for the health plan, whether that is a claims processor, whether that is a data manager, whether that is a switcher at the pharmacy, and you want all of them to send their information practices to the patient, then we can do that. You are not telling the patient anymore than a single notice at the time that they enter the health plan saying how the information will be used and who it will be shared with. You are not giving the patient anymore.
But if ultimately that kind of level of practices for each subcontractor down the chain is asked for, we don't have a problem with it. We are not hiding how we use the information, and we are not ashamed of how we use the information.
DR. GELLMAN: Okay. Let me go on to another topic. I don't want to talk about the flow of information, I want to ask you guys about the flow of money. I want to know who gives you money to exploit your databases.
Now, I am not talking about disclosure of databases. You made the point, Mr. Walden, that you don't sell information. The most offensive junk mailer in the world who has databases and lists of information, lists of clients they make available to other people say the exact same thing.
Nobody sells lists. Nobody sells lists. They rent them, they trade them, they license them, they do all kinds of things. They don't sell lists. So saying that you don't sell lists probably is doing yourself a disservice, because I suspect your policy is broader than that.
But one of the ways that information is used is that people are contacted on behalf of others. I want to know if you can describe when you are paid or get concessions of some sort of another from drug companies to contact patients or physicians with respect to the use of drugs.
MR. WALDEN: I'm not exactly sure what the question is that you are asking. We engage in a series of activities. Jennifer actually went into a longer list of activities that have to do with patient health care, DUR activities, prior authorization on behalf of our plans, and others. We contact patients by mail, by letter. This is the nature of our business.
If where you are going at is the question, do we contact for instance doctors as part of our formulary compliance activities, the answer is yes. Is ultimately there a financial benefit to that? The answer is yes. Yes, we do use the databases that we have available for us to be able to do that.
Now, the ultimate beneficiary of that is the plan sponsor, who is getting either better pricing from us or pass-throughs of rebates from manufacturers, because of these activities.
DR. GELLMAN: That's fine. I want the description of this to be on the table. Whether this is appropriate or inappropriate, it seems to me it is less of a privacy issue than one of ethics. That is not my issue, so I don't want to get into that.
I do have here, and I call your attention, in the information that Dr. Peel provided, examples of PBM drug utilization review. Does everybody have one of these? Everybody with me?
I'm on the last two pages. I find this to be very interesting. I am going to read pieces of it. It is a letter to a physician. It says, as part of our quality improvement activities, Lucent Technologies, the employer, the sponsor of the health plan presumably, is promoting improved compliance in the appropriate use of anti-depressants. To achieve this goal, Lucent has opted to implement transitions to better health -- and this by the way is a letter from Merck-Medco -- a depression management program with support from Pfizer Health Solutions. One of the goals is to support the appropriate use of anti-depressants.
It says, please fill out the attached indications for treatment form, specifying the treatment plan for your patient and the reasons for continuing to treat her with anti-depressants for longer than 12 months. Return the form to us.
I notice that it says the information is completely confidential and will not be disclosed to your health plan sponsor. But you said earlier that you do share information with health plan sponsors.
So my first question is, do you only share some information with health plan sponsors? Do you have other information that you refuse to provide them, and that you can refuse to provide them, consistent with your contractual relationship with them?
MR. WALDEN: The answer to the latter is yes. Maybe I was moving quickly through the presentation at that point because of time pressure. But yes, we do share with our plan sponsors, those who desire it, information which enables them to audit the provision of the prescription benefit. We do not share information about participation in disease management programs or compliance programs. I think that is consistent with what Jennifer said.
MS. LOWE: Right, I had said that before. We don't say who we sent the letter to for compliance purpose. We may give numbers and summary information about the number of people who may participate in something, but we do not give that specific information.
DR. HARDING: Dr. Peel?
DR. PEEL: Yes, I just want to make a point, since you brought this up. If you look at that middle paragraph, here is part of what I think is particularly offensive to physicians and patients about privacy. They are asking the physician to send your treatment plan to God knows who, not to another physician. These aren't physicians that are reviewing these treatment plans. Why would a pharmacist have the ability to review a physician's treatment plan?
This gets back to my point about why these activities belong under patient protection, where there are some standards involved. You will notice in the last paragraph it talks about the Agency for Health Care Policy and Research. I am a physician, I never heard of these people. Some of the information I passed out to you here is a letter from some other doctor saying, who are these people, never heard of them.
Anyway, they quote their own scientific experts as opposed to using standards in the field.
MR. WALDEN: Let me -- or maybe first if you want to describe AHCPR.
MS. SACKS: No, I wasn't going to do that.
MR. WALDEN: Let me describe the program. This is part of a program which was developed internally by Merck-Medco of internal clinical capabilities. We use outside advisory boards of physicians.
This program starts from the presumption, which came from the Agency for Health Care Policy and Research guidelines, which are an organization here in Washington which operated under HHS, which developed a policy.
What that guideline basically said was that for first episode depression, it is likely that there is a period of time that -- after a certain period of time you should try taking the patient off of their anti-depressant medication and see if they are able to go without the medication. I'm sure that it could be stated more clinically than that.
What this program does is, we do because of our databases -- we are aware that there are patients taking anti-depressants for a long period of time. We do not know at that stage what their diagnosis is, but we know they have been taking them for a long period. It may be that their diagnosis is for sleep disorder, maybe it is for something else.
We communicate with the physician on behalf of the plan sponsor that they should perhaps consider whether, if this is a first episode depression, taking the patient off of the drug for a period of time. The benefit to that is, it reduces the drug utilization.
DR. GELLMAN: Do you have the consent of the patient to collect information from their physician?
MR. WALDEN: We have advised the patient as part of our installation that we engage in programs such as this, yes. I think that is what I was trying to say earlier. We do tell the patients that we have programs as part of the installation package. We have programs in which we review information we have about you, and we may contact your doctor.
MS. SACKS: I'd like to also respond to some of the comments that Dr. Peel raised. I do think that many of the issues that are being raised don't directly deal with privacy and confidentiality.
I think as Dan has really well expressed, the PBM is an integral part of the health care delivery system today. In the 20th century, we are no longer in the position where the only person who knows information about an individual is that individual and the doctor. That is not 20th century medicine.
It seems to me that a great deal of the concerns expressed and the anger and the frustration is from the physician community that wants a monopoly of the relationship. There are other caregivers, there are others involved in providing the benefit, there are others involved in the treatment. If we are really concerned about what is in the patient's interest, I think you have to recognize that, and pharmacists and others have recognized that.
I think we are needing to think what is going to benefit the patient. PBMs have this information. The only disclosure being made is back to the patient, who also has the information. There is no issue of privacy here.
Physicians may object to this, and may not think that this is the appropriate way to go. They may object to managed care. I think that is a separate discussion.
DR. GELLMAN: Let me just respond. I agree with much of what you said about the description of health care in America today. That is exactly correct. I don't think we can possibly go back to the way people think it was in the past. However, to say that when a PBM is sending a letter to a physician to collect information about a patient without notice to the patient, without and patient's consent, and to say that there is no privacy interest or issue raised by that I think is outrageous. Dr. Peel?
MS. SACKS: I don't think anybody said that.
DR. HARDING: I'm in charge of this meeting. I appreciate everybody's affect and so forth. It is a very good discussion and I appreciate it. But we have got to go in order. If I could please be the person who calls on the next person to talk, I would greatly appreciate it, and will insist, as a matter of fact.
Now, if we could limit comments briefly to the policy issue that is going on, that would be helpful. I appreciate that. Next we will call on Dr. Peel. Mr. Gellman, do you have another question?
DR. GELLMAN: I'll pass for this round.
DR. HARDING: Then after that we'll go there and give people a chance to comment.
DR. PEEL: I just want to say that it is unfortunately that I didn't know that the Agency for Health Care Policy and Research is part of HHS. But most of us follow the practice guidelines from the American Psychiatric Association. Maybe HHS needs to publicize that.
The other comment is, I am not interested in monopolizing patients or removing managed care from the scene. I just think that what we need to do, first of all, to have a fair health care system is protect privacy and let patients know what is going on with their information, that's all. Ask them, tell them, get their permission and don't coerce them. That's all.
DR. HARDING: Kathleen? Could you identify yourself?
DR. FYFFE: This is Kathleen Fyffe, member of the committee. I have a couple of questions. In the Merck-Medco handout, on page eight, you talk about in the last bullet point there linkage to patient ID is necessary for both payment and treatment. I am wondering what the elements of the linkage is. Are you using social security number as the identifying number or what?
Let me preface this by saying that in the past 10 years, I have used mail order pharmacies several times, and in most cases, the number that they have for me is my social security number. So I am curious about what identifying schemes you are using.
MR. WALDEN: I can certainly respond to that question. I may have more trouble talking about what we use for linkages on the more technical side.
The linkage to patient ID which we generally use today in the absence of a better linkage is the plan member number. That is the one number that we have. Now, many plans have adopted a plan member number, and many companies, which is coincident in one way or another with the social security number. So it is likely for many patients that the common link that we would have is the social security number.
We are working on an ability to have a common number, an AGN number which we could link all data to.
MS. LOWE: Just to add, I know that there was an attempt under HIPAA to come up with a uniform patient identify and it got scrapped, or it has been delayed.
DR. HARDING: The funding has been delayed for one year.
MS. LOWE: Okay. My guess is that when something like that happens, that would be what us and I am assuming the entire health care industry including employers would have to use for purposes of health care.
MR. WALDEN: Instantly. I think the allusion is to the use of the social security number has other implications. We would rather if we had another number available to us use another number which could not be linked back to any other part of the patient's life.
DR. FYFFE: One more general question for the PBMs and then I have a question for Dr. Peel. How do you know that the prescriptions that are sent through the mail are actually getting to the patients? Have you had problems with people stealing the gray plastic bags that the prescriptions come in, in different zip codes, for example? I'd like to hear a little bit about this.
MS. LOWE: First of all, I'm going to guess that this is the case for all our competitors. We never identify the package as coming from a pharmacy. That is number one. So the first issue is just, we think that is smart. That way, you don't draw attention to the package itself.
The second thing is, how do we know if a package doesn't get there? You hear from the patient and we send out a tracer on it. If it has been like an overnight, that is very easily done, but we can do that through the U.S. mail as well.
While I don't know if it is an important point, but very little is actually lost in the mail. I think it is because we don't identify that it is from a pharmacy.
MR. WALDEN: Without going into a lot of detail, we know that we have 11 mail service pharmacies plus the two which deal mainly in information. They are regulated as pharmacies in their respective states. There are arrangements between those pharmacies and the other states. The mechanism by which we mail prescriptions has been working out with the boards of 50 states in great detail. There are occasionally efforts to change the way that we deliver packages. We have discussions around the country about that, but we are in compliance with the law which regulates this practice today.
DR. FYFFE: Thank you. I know have two questions or comments for Dr. Peel.
First of all, I wish that either you or your very conscientious colleagues could be my internal medicine doctor, because if you are willing to very much manage all the various prescriptions that I will ever take, you are a very, very conscientious physician, and I appreciate that.
In looking at this example of the patient profile that came with the suggestion that the elderly women should be taking hormone replacement therapy. If you do the math, one of these ladies is 83 years old. It could be my grandmother. If the physician who had been treating her was really busy and didn't give my grandmother some sort of medication to help her with her osteoporosis, then I would be very grateful that a PBM would do this. It would be a flag for someone to give a prescription to somebody who might need some medication.
So what I am saying is, the reality is that physicians are very, very busy people. It may not be a question of them being conscientious. But I don't see the harm in providing a little more assurance that someone who might need a medication would get it through this type of reminder.
DR. PEEL: First, let me say, certainly physicians are busy. But let's remember who is ultimately responsible for the patient's care. Maybe most physicians aren't as conscientious as me or my colleagues in internal medicine. But if you are not watching what people are on and not helping them with their medicine, if they have some adverse consequence, that is malpractice. That is the practice of medicine. It is insuring that people are on appropriate medications and that they don't clash with other medications.
I don't know, maybe medicine has changed since I went to medical school, but insuring that the treatment is appropriate and the medicines are correct really is the physician's job. I think maybe you mother or whatever would not be offended by the physician being sent reminders or ask questions about drugs. Maybe she wouldn't, but perhaps she should have a chance to say, I'd like my PBM to send my physician reminders. Perhaps she would have a chance to say, I want another person to look at my record as a check. I think she ought to be able to say that that would happen and be able to choose it.
This gets into the separate authorization, whether we should have one authorization for payment and one for other things. I think some people would say yes, talk to my physician about this. Other people might not want another third party, because they think their physician already is taking care of them.
DR. FYFFE: They think, yes.
MR. WALDEN: I just would point out that many of you in the room are physicians, and you have written prescriptions for patients who have then left your office. You don't know whether they filled the prescription or not. You don't know whether they are compliant, whether they have refilled the prescription. You certainly don't know whether they are compliant.
You may not know that there is another physician who has prescribed. Maybe your relationship with your patient is such that you know each and every drug that they are getting from each and every source. You would be in a position to provide that level of comfort that you are looking out for the interaction.
But I think many physicians do not have the capability to know where all the prescriptions are coming from.
MS. SACKS: I also would like to follow up on the same issue, in terms of the physician ultimately being the one who should provide the care. I think that we recognize that and respect that in every one of our programs. So for example when we do send out to a disease management program, we actually send it out to the physician ahead of time to tell him that we are going to be sending it to his patient, and invite him, if they don't believe it will be beneficial or appropriate, to let us know and we will take the patient off. That is in addition to the patient's having the opportunity to say we don't want to participate.
In all our therapeutic interchange programs, when we call a physician or call a patient to change a prescription, if the physician says that is not appropriate, that is it, that is the end of the story. There are no reprisals to the physician, no reprisals to the patient.
There are programs that have a three-tier plan design. This is the first time I have ever heard of a three-tier plan design viewed as a reprisal on the patient. Generally these are in the range of five, 10, 20 dollars. Some of them, we talk about drugs that are costing over $100. This is simply a form of cost sharing. To be asked to pay five dollars toward the cost of a prescription is hardly a reprisal.
DR. PEEL: The idea that physicians aren't aware of whether patients fill their prescriptions or are compliant with medications is really a shock to me. That is my job. If I put you on this medicine, is it helping you, is it working, what are the problems. That really is the physician's job.
One of the benefits of what your companies do certainly could be to inform me of what else is going on in town. Let me point out, that is my job too. If I don't ask you what other medications you're on, and ask for permission to get the records from other physicians and keep up with you, I am derelict. That is malpractice.
What you are saying is, you have other information that you can help with. That is fine, but you are really talking about here what is traditionally the physician's job with the patient.
MR. FANNING: I have questions for the pharmacy benefit managers about requests for information about patients from government agencies such as law enforcement agencies or others who might want to find patients, apart from health oversight, where there is some review in the normal course of audit.
I would like some estimate of the volume of these requests, and how you handle them, and in particular whether you will give out information without compulsory legal process, and the level of process you require.
MS. LOWE: I'm going to separate out the Medicaid requests from the issue of regulatory enforcement agency, if that is okay, because we get a lot in terms of Medicaid.
In terms of the other, I'm not sure I could give you a number. We do not have a fulltime person who handles that. It is handled -- we have 47 million members. If I were to say that there were 10 a week, I think I would be overstating by a great deal the number that we get.
But typically, what happens is this. There may be two ways something happens. One is a subpoena. The legal department evaluates it. We may have somebody on the outside, because it may come from a jurisdiction that we are not familiar with, to see if the subpoena is valid. We make a judgment as to whether the subpoena is valid. If so, then we provide the information exactly as the subpoena directs us to. If it is to the court, it is to the court. If it is to a lawyer it is to the lawyer.
When we get a request from a law firm who may be involved in litigation or from time to time I will get a phone call from a drug enforcement agency about a potential fraud. I apologetically and with the understanding at the other end, I either need a subpoena, I need a written release from the member or some other indication, it could be statutory, that we are required to provide this information. We take the pains to insure that that is the case.
There are times when we do not provide the information, period, because whatever standard has been set has not been reached. So we have written standards and policies about how this goes. It is handled out of the legal department, so that people who hopefully have the right training in terms of how to deal with these things are dealing with them.
If everything is met, if there is a statutory requirement for us to release it, then we do provide the information that is requested. Obviously, in terms of law enforcement, we do participate in helping. We have had situations where it is the regional pharmacy that has been involved in the fraud, not so much the member. Our obligations are to help investigate that as our audit responsibilities to the plan. But that goes beyond your question. But that is basically how it works.
MR. WALDEN: I can confirm our process is much the same. It is also handled inside the law department by a particular person who has many other duties. So it is by no means that common an occurrence.
It is nothing like -- if the law enforcement comes in and shows a badge, we provide them the information, quite the contrary. We do not provide information without the necessary legal process.
MR. FANNING: To your knowledge, have you ever gotten a request for information not with the name of a person, but to look at your records to see who might fit a particular set of characteristics?
MS. LOWE: No. By a law enforcement agency? No.
MR. FANNING: Have you received any from other people?
MS. LOWE: No, but in terms of identifying people who might be on ACE inhibitors and -- yes. But no, not who fit certain profiles in terms of the types of drugs they take.
MR. FANNING: Has that been the experience of the other witnesses?
MS. SACKS: I don't have any knowledge of receiving that kind of request. Our practices in terms of disclosing information are very similar to what is being described here. We have written policies as well. It is pursuant only to subpoena in any civil matters. We only disclose with the patient's written permission.
MR. FANNING: Thank you.
MR. WALDEN: Neither have we gotten such a request.
DR. GELLMAN: Could I follow up on that? When you receive a subpoena for a patient record, do you ever notify the patient you have received a subpoena?
MS. LOWE: I don't think so, unless we require -- I don't think we do notify.
MS. SACKS: I'm not familiar with what the process is. I do know that our legal department has an entire manual, and whatever is required by law, they would comply with it.
MR. WALDEN: If the patient were the subject of an investigation, then to notify the patient would probably be in
inappropriate, perhaps illegal. If it is a legal process, we would go back through the lawyers who were representing whichever side and do what is appropriate.
MS. LOWE: I would confirm that.
DR. GELLMAN: I assume that you are all familiar with Bob O'Hara's story about CBS and Giant Food from last year. I can't remember when it was, but you are all nodding your heads yes, so I assume --
MS. LOWE: For my benefit and the folks on the Internet, could you give an overview of the issue?
DR. GELLMAN: Yes. The article revealed that several Washington, D.C. area pharmacies were -- it is very hard to characterize this activity with precision -- that they were accepting funding from drug manufacturers in support of a program that contacted patients, and I believe either encouraged them to continue taking the medication that they were on or maybe tried to get them to do other things, I'm not 100 percent sure of the range of activities.
Is that a reasonably neutral description of the basics? What I want to ask you guys is for your interpretation or explanation or whatever. How do you assess the public reaction to that story, which was, for those of you who aren't familiar, that three days later, within three days, both of the pharmacies that were identified stopped the program. As far as I know, none of them have started it again.
I just wonder how you interpret the public reaction to the disclosure of this program and what you think that means.
MS. SACKS: I can begin, and Jennifer and Dan can each speak. Ultimately since we are not close enough to it, I don't know what their program encompassed, either. I do know that at least from what I understand from CVS, that there was no disclosure of patient identifiable information to manufacturers. Apparently in the various articles spoken of, that was the biggest issue that was outraging the public. So there was from what I understand factual mis-statements.
They may have been engaged in a marketing versus a compliance program. I don't know. But I do believe that the failure to acknowledge up front that there was no disclosure of patient identifiable information to the manufacturer, the manufacturers did not know who the patients were, I think is damaging, because ultimately from what I understand, the programs were legally compliant. They did have confidentiality agreements in place, and ultimately they had to pull back and stop what were essentially beneficial programs.
I say that with a caveat, no knowing whether these were exactly compliance programs or whether they were marketing programs. To the extent that they were genuine compliance programs, I think it is regrettable.
MS. LOWE: I think that this is one of those situations where the program is described by others as opposed to those who were actually involved in doing the program.
Just for comparison's sake, there was an editorial in the Austin Statesman a month or so ago that basically said that PBMs, aside from being terrible, horrible companies, they sell patient identifiable information to manufacturers.
Well, it just is not done, has not been done, and was inaccurate. So it fanned the flames. Again, it relates I think to what happened in the Alensis CVS Giant situation, where it was assumed by the writer of the article or those involved that the program involved provision of data to the manufacturer, and it just wasn't the case, which in that situation it truly was regrettable, because I think there was an over reaction of the media and the public, for what might have been a very valuable program.
MR. WALDEN: Repeating some of the same thoughts, but to conform some of the same thoughts, your direct question which is, why did the public react the way it did, I suspect that a considerable amount of the reaction was because of the inaccuracy perhaps of the way it was reported and the implication that there was a delivery to manufacturers of patient information.
I guess some of the reactions also related to some of the concerns that Dr. Peel has raised, that data which has ben collected in one format is being used in this compliance format. I think this is part of the discussion that we are engaged in today. It is a fair discussion. What we are trying to do today is make it clear to you, who are after all engaged in looking at the privacy issues is why it is that we do some of the programs that we do, and why they are necessary to continue.
DR. GELLMAN: Let me offer a couple of thoughts. I think those are all fair comments. I'm not sure that the article was inaccurate. I keep hearing from the industry, that seems to be their defense, how people didn't understand. I think the article was precisely accurate in describing who was doing what. But that is not at issue for us to debate here.
My interpretation of this activity -- and if you put the transaction up on a blackboard and describe precisely what was going on with the data and what is the matter with it, it actually is really hard to put your thumb on exactly what it is that is troublesome here, except that I think in the end, what is going on here is that the activity violated the expectation of patients, reasonably or unreasonably. This is not something that patients were told about. This is not something that patients expected, and this is something that, when the people found out about it, they were surprised, and anyone who gets surprised is unhappy with the result most of the time. I think that is my interpretation of the reaction to this, regardless of what the facts are. We can debate facts for a long time, and we won't get anywhere here.
It seems to me that that is in a way the heart of the issue here. You guys have described your programs. I don't think there is any question that some of these programs have patient benefits. Getting people to take drugs or whatever is involved in these activities, there are benefits here to the patients, possibly to the health plans, possibly the system in general, in terms of lowering costs, whatever.
One of the things that is going on here, and this is what is troublesome is, patients aren't being told about this, whether they need to give consent, whether they can opt in or opt out of programs is a separate issue. The patients really don't have any idea what is going on. There may be a notice on the bottom of a form somewhere that has some very obscure language. I'm not saying you wrote it or whatever, but it is not a full and complete disclosure. I don't think people -- yes, that is an example. Dr. Peel is holding up an HMO application with very fine print on the bottom, which is too small for me to read, unfortunately.
But in any event, part of it is what you talked about earlier, Miss Sachs, that the whole health care system is this elaborate related set of players who all work together in a variety of ways and pass information back and forth. I don't think we can do that in a lot of respects, but I don't see a lot of honesty in the system, just in general. I'm not talking about you guys specifically. I don't see a lot of disclosures to patients.
We keep hearing from people -- we have had hearings like this, and everybody says this benefits the patients. When you see the patients' reactions, they are not convinced of this. They don't agree. I wonder why people don't spend more time and more effort and have more disclosure, trying to tell patients what they are doing and what is in their interest and let patients opt in or opt out.
I don't want to fight about the opt in or opt out now, but there are benefits here, there is a case here. I think there is a case on the other side too, for some activities. Why isn't there more disclosure and discussion of all this with patients?
MR. WALDEN: Earlier you had characterized that we don't make disclosures. I think I disagree with that. We do make the installation package, we describe the kinds of things we do, and we have some specific statements about uses of information.
We are here today -- I think we are all engaged in the same activity, which is trying to come to a balance. I don't hear any of us objecting to additional disclosure, additional up front disclosure. We are here describing what we do today.
We have gotten here in a health care system in which 10 years ago the client was absolutely the driver. They could say exactly what it is you would say and what you would not say in these kinds of communications.
We have added in our programs, particularly as we move to these management programs, additional disclosures to try and make people familiar with what we are doing, to make them more comfortable with what we are doing. Frankly, we get many comments back anecdotally, like some of the others, thanking us for our help. We get letters from doctors thanking us for our help, letters from doctors saying they didn't know that the other doctor was prescribing this, didn't know the patient had another doctor. It all works both ways.
If ultimately your recommendation to Health and Human Services Secretary is for additional disclosure, I'm sure there will be a comment period. We can talk about at that time some of the ways that that would be done. But we would comply, as would our clients.
MS. LOWE: I'd like to respond. As you know, I think last year the Department of Labor proposed some changes to the disclosure requirements in the summary plan descriptions. I was asked to look at it. The list was things like, explain in more detail network, non-network options, what the coverage parameters were, what was not covered, what the prices were, what types of programs you might have, like prior authorization for products.
I remember reading this list, saying if we are not providing this information -- this was on the employer's responsibility, the ERISA plan -- then they are crazy. In fact, we do provide descriptions of like the preferred drug programs or how the prior authorization systems work. We provide example language to those who might be preparing some plan description, because it is our belief that the patient should not be marginalized in this process, an in order to navigate the plan properly and to their benefit, they should know this information.
So while I may not have responded to your questions clearly in this manner, I just want to take the opportunity to say first of all, we do have a member packet. I certainly believe and our company believes that the member who understands how the benefit works is going to not only benefit themselves, but it is going to help the health plan. These things don't come for free.
What a health plan is trying to do is offer a quality benefit, meaningful benefit that they can afford, and provide more coverage as opposed to less coverage.
So I don't think there is any disagreement that more disclosure to the member is -- I don't know if it is warranted. It certainly seems to be in certain cases, but no disagreement here on that particular topic.
MS. SACKS: I would follow the same them. I think I would look at it even slightly broader. We are very much in favor of more education of the patient, more disclosure, more understanding of the patient on what the programs are, what the benefits are and how they are used. We in fact feel that much of the hostility and much of the opposition is due to a lack of understanding and ignorance. Therefore, if patients better understood what we were doing and knew more about the programs, you wouldn't have that.
But I do believe it is a two-way street. We work with our health plans and we encourage them to -- and we would look at other ways in which we could be involved in educating patients, so that they know up front what the plans are and what they entail. This is a two-way street. We would look to others in the health care community as well. As hard as it is for us to describe our programs, and as complicated as we are as entities and as behind the scenes as we are, we would ask those and others in the health community not to misrepresent what we are, not to raise fears when those fears are justified, not to raise privacy issues when we are not looking at privacy issues. That would help us as well. We are very willing and ready to engage on both sides to do that.
DR. HARDING: If I could give you a clinical example of something that would be helpful, there is a program called Step Care. It is like a step care therapy where, if someone is in a plan, before they can use certain medicines, you have to fail on generic medicines. That is an example.
If a new one comes out, in my case a new ant-psychotic would come out before a patient could be put on that medicine, they have to fail on previously utilized medicines, Haldol or something that is a generic, that is cheap.
The issue is that that is not what I think is best as a physician. And certainly there is clear indication that newer medicines have less side effects, have less long acting side effects, and that it is putting my patient at some risk for potential serious neurologic problems to put them on those old medicines. But before that patient can get the new medicine, they have to fail on one or two medicines.
Now, again, is my patient informed that that is against my will and that somebody made that decision? It could have been a conference committee right here in this building that I'm sure had a great deal of wisdom. But it is not right, and the patient doesn't quite understand that.
How would you respond to that?
MR. WALDEN: I'm happy to respond, except it is not one of our programs. Is it yours?
MS. LOWE: No. We have some (word lost) therapy, but it is usually antibiotics.
MR. WALDEN: What you are describing sounds to me as a prior authorization program. I don't know what our prior authorization rules would be for anti-psychotics or anti-depressants.
But just looking at our role again as prescription benefit managers, we are providing the health care benefit. If it is an open formulary, open system, whatever you prescribe is dispensed and the plan pays for it.
A number of plans in recent years -- it is common managed care technique -- have decided that there should be prior authorization for use of certain drugs. The classic we use is Retin-A in the cosmetics area. We do contact physicians to ask them a series of questions based on criteria, and depending on the answers to those questions -- one might be, have you tried the generic in one or another program, that would determine whether coverage is available.
Now, the employer is advised in advance through our installation that his client, the provider of this benefit, has adopted the prior authorization for certain drugs . We sent out a mailing which lists the drugs which are under prior authorization. For some clients, we sent out a targeted mailing to patients who are taking that particular drug, saying you have been taking this drug, in order to continue, you will have to go through a prior authorization process, which puts the question to you: is this appropriate, do those meet these criteria.
If it does not, the initial coverage determination would be no. Then you move through the layers of appeals as with any other managed care organization. Many of our clients which are HMOs are subject to NCQA standards, which would provide for two layers of appeal and then an external appeal.
The Department of Labor has recently come out with regulations on procedures to follow in the case of a denial. I think they got thousands of responses to it. That would apply to self insureds employers as well.
So ultimately, I would hope that if you as the physician believe that the criteria do not fit in this case, you ultimately would be able to prescribe the drug and have it be covered. If not, ultimately the patient of course can pay for it.
DR. HARDING: The original issue of a consolidated consent allows all that to happen, you are saying? The patient when they sign up with their employer to get health insurance, the rest, all that that you talked about would flow from that original consent.
MR. WALDEN: To get health insurance, including whatever is the prescription benefit.
DR. HARDING: Which they don't usually know.
MR. WALDEN: No, which they would know at that moment that they signed up. I don't think anybody is saying -- maybe that is the misunderstanding.
DR. HARDING: But again, I'm just saying, the clarity of what they are signing is --
MS. SACKS: In part, what you are going into is, what is the plan design and what parameters, and what does the plan cover and what doesn't it cover. It is more than just disclosure of information. There is more an issue there of coverage. I think that is something that the summary plan description should cover, what other programs.
MR. WALDEN: If the implication is we would hide the prescription benefit behind an HMO enrollment form, the HMO enrollment form would be i a book which would include a description of your medical, your hospitalization, your prescription benefit, and our disclosures would be included at that point, as opposed to included separately.
DR. PEEL: I just wanted to talk about what you were saying, the kinds of delays that might follow that sort of policy are particularly frightening for our patients, particularly someone psychotic or depressed, because the risk of relapse causes great distress and harm.
So the significance of using those kinds of procedures for patients, where if they relapse we are looking at the possibility of suicide, aggressive and violent behaviors, loss of job, loss of home, even imprisonment. The consequences particularly for our patients, if they don't timely get the most effective medication, are more severe than if somebody maybe didn't get the right antibiotic for an upper respiratory infection. The kinds of damage can be much more extensive.
MS. SACKS: This isn't really a privacy debate. This is a debate on managed care and some of the therapies and some of the programs, which are instituted. In many of these therapies you would be looking at drugs for example -- and I am not a pharmacist, but things like Zantac that are going off patent and charge 10 dollars a month, and new therapies that are coming that are over $100 a month, things that are suitable for sub-categories, but not across the board. The idea here is simply to be sure that there is thought and that there is consideration of a cheap medication. Ultimately, all these decisions need to be clinically backed up and the protocols are clinically determined and physicians should be able to work through the process.
But we are talking about managed care programs and not privacy here.
DR. HARDING: Mr. Gellman.
DR. GELLMAN: I have some other questions. Last year or early this year, the AMA passed a resolution of some sort, and I haven't seen the resolution, but I saw a secondary account of it. Some of you look like you have seen this thing.
It was critical of PBMs in a variety of ways, including confidentiality policies. I just wonder if you have any comments or reactions to it, what the industry has had to say about that.
MS. LOWE: I know that our trade association actually responded. We certainly can get you a copy of that.
Again, it has been awhile since I looked at that. I do remember it being critical. But I think that in fact, it does go to the issue of the relationship of physicians and other provides in the health care system and how they relate to one another, unless the issue of confidentiality -- because remember, we are disclosing to those who already know. The patient knows they are on a drug, or the physician who we communicate with knows they are on that drug or have that condition.
But again, I would be happy to get you what our trade association developed in response to that. We did not as a company respond.
DR. GELLMAN: Well, the reason that I brought it up is, we talked about what patients understand and don't understand. The problem may be broader than patients. Whether what the AMA said was fair and accurate or not is probably something that one could debate for a long time. But it is another major group of people involved in the health care system who have concerns, and who either don't understand something or think you are doing something wrong or whatever. It is just to underscore the point about what is known and what isn't known about activities here.
MS. SACKS: I don't recall the details, but I know that PCMA, our trade association, has engaged in a dialogue with AMA specifically for the purpose of trying to address concerns or misconceptions or other ways that we interact with them in the health care industry.
DR. GELLMAN: Let me go off in another direction. I'm just fishing here, because I don't know if you guys do this. You talked about how you get information, you get information through plans and prescriptions and through interactions with physicians. I want to know if you get information from other sources.
There is lots of information available about people -- you can get all kinds of demographic information; you can find out data about people. I am wondering if you guys enhance any of your patient databases with outside sources.
MS. LOWE: We don't.
MS. SACKS: We don't enhance patient identifiable databases, but in some of the programs that we provide non-identifiable data to, manufacturers or others, they may try and append demographic data to that.
DR. GELLMAN: Who is they?
MS. SACKS: Generally there will be companies who provide that information. We don't have it and we don't provide it.
DR. GELLMAN: If you are disclosing non-identifiable data, then doing demographics for it seems difficult.
MS. SACKS: They scrub the information that goes to a third party, who then scrubs the information, puts the demographic information so that ultimately the manufacturer will only get non-identifiable information and information that they cannot reverse engineer.
DR. GELLMAN: Do you think you could provide us with some more details on that?
MS. SACKS: I could try. I'd be happy to.
MR. WALDEN: I guess I am not really following the question. But we do market research as a company. We have access to other information about what consumers may do in one sense; the patients that we have in our program are consumers. We deal with them on a very large scale. So we have all of that as an organization. I don't believe that we in any way append that to our patient identifiable records.
We do obtain information from the patients themselves, as I think I mentioned.
MS. LOWE: What we can do sometimes, we have a subsidiary that can take medical claims data and pharmacy data and put it together. It may come from two different sources, but the health plan ultimately asks us to look at that. We give it to them.
What we don't do is, -- I know there are companies out there, especially on the Internet, that you could by a social security number figure out their VISA numbers and various other demographic information about them and put it in. We don't do that.
DR. GELLMAN: That is what I am asking. You can take a list of names and addresses and go to a third party database company and they can append to it whether someone is married, has children, have a credit card.
MS. LOWE: No, it is outside the scope of what we do.
MS. SACKS: We don't do that.
MR. WALDEN: We do seek occasionally some outside sources for telephone numbers. It turns out that the eligibility claims that we get from plan sponsors often don't have the correct telephone number on them for one reason or another. So we would be using patient names and addresses to match up to other location data.
DR. GELLMAN: Let me ask about research. Do all of you make records available under some circumstances to researchers?
MS. LOWE: Non-identifiable.
MR. WALDEN: We do not make our data available, in a sense. Also we of course do research inside. There are many people in our organization who are engaged in opportunity analysis and looking at outcomes and other things.
DR. GELLMAN: The inside research may have identifiers attached, is that right?
MS. SACKS: They could have identifiers if it is necessary for the research and if it is pursuant to a request by a plan. But if it is anything that is for an outside party, it would never have identifiers.
DR. GELLMAN: How do you control these research uses? What kind of process do you have internally for deciding what is appropriate and when identifiers are truly necessary? Do you have the equivalent of an IRB that you operate internally?
MS. SACKS: For our internal purposes, when we talk about research, we talk about whether or not a certain pattern of treatment has been effective or ineffective. We simply take the data and have others analyze that data. Then we would give it back to the plan, and that is helpful for them.
DR. GELLMAN: You have information from one plan, you have information from lots of plans. Presumably if you do your inquiry over a broader base of data, you may get more reliable, better results. Do you do that? Is all research done on a stovepipe basis for one plan and the next plan?
MS. SACKS: I'm sure some of it is done across plans, but we would never share patient identifiable information of one plan with another plan.
DR. GELLMAN: But what I am getting at is, if anyone comes up with an idea or request for research, can they get access to data, or is there a process they have to go through internally in order to justify to somebody that they have got a legitimate research request here and have a need to use identifiable data.
MS. SACKS: Most of our research is done on a non-identifiable basis. Our country search in any event is a very small part of what we do, and when we do most of it, it is non-identifiable. If we do anything else, it is pursuant to a health plan request for us to look into a specific issue for them. It will generally be about efficacy or following a certain policy or medication.
DR. GELLMAN: Will the plans provide you with additional information in order to conduct the research?
MS. SACKS: I don't know.
MS. LOWE: In terms of when a plan asks for something specific, there is some reporting we do. Except for the bills, the invoice, any type of analysis is a summary, meaning not with the patient identifier.
As I explained before, we do a program where we provide broader cut of data over -- it could be for a health plan or an HMO, a broader cut of data on other HMOs for benchmarking purposes. None of that has any kind of patient identifier involved in it.
So you could look at that as internal use of the data, but it is something that we allow our clients to look at. Again, it is not identifiable.
I was involved in providing a cut of data out of our database to a university to look at certain utilization trends. That would not have any patient identifiable information.
When you talk about the plan giving more information in order to incorporate with, we do have the capability in one of our subsidiaries to merge claims -- prescription claims data and medical claims data, encounter data, to look at what we call an episode of care, a patient treatment episode.
When that data comes in, I am proud to say, it is immediately encrypted. We as a company can never figure out who those people are individually. When we give it back to the plan they have the capability of unlocking the key. But we only use the data in that situation in a way that we can't tell who the person is. We can tell who the same person is throughout time, but not who that person is.
DR. GELLMAN: Do you have a process internal that reviews research requests of this type to decide whether they are appropriate, whether the conditions are right, that sort of thing?
MS. LOWE: I'm not sure I would look at it that way, but the protocol in terms of how we conduct certain reporting and research -- unless it is plan specific for something that has to be determined for that plan that for whatever reason would involve identifying the person, it is always non-identifiable.
MR. WALDEN: Similarly, we have aggregated our internal research activities in one group. We all it sounds like operate on a need to know basis. What they do generally in terms of research is going to be looking at blinded information. When they want to look at unblinded, we do not have an external internal IRB setup looking at particular types of research. I don't believe it is necessary at this time, but there certainly is not in our organization freewheeling research going on. Research is very directed to meet certain specific needs.
DR. GELLMAN: Is there an issue with the two sides of your company, with the pharmacy research having an interesting some of your claims data or other research activities?
MR. WALDEN: Yes. Merck as with other manufacturers are vitally interested in the data which is included within our claims history. It is something they do not have. Clinical trials tend to be short term, focus on relatively narrow amounts of information you can derive. We have a rather broad longitudinal view of the patient. So we can do outcomes analysis, we can determine when there is an intervention at point A, did that change their drug behavior at point A plus 90 days or 120 days. They are very interested in that.
We provide analyses to other organization, including manufacturers on a non-identifiable and almost always aggregated basis. It is a report that says the result of this review was X.
DR. HARDING: You had testified earlier that there was a clear firewall between Merck and Medco.
MR. WALDEN: That's correct. We do this not just for Merck but for other manufacturers as well. They are a manufacturer to us. We treat them like another manufacturer in many ways, always clinical. As with any other manufacturer, we do not share with them patient identifiable information. In a need to know organization, they have no need to know Medco's business.
MR. BLAIR: Given that there are these firewalls, and you are giving me the impression that there is pretty much an equal playing field for drug manufacturers in terms of the way you would create your formulary.
I had the assumption and this may be wrong and I'd love for you to correct me on this, that Merck's interest in having equity interest in a pharmacy benefit management organization was to be able to somehow influence the formulary. If that is wrong, if that is not true, then what is Merck's interest in having an equity interest?
MR. WALDEN: Going back a way, Merck acquired Medco in 1993. It felt that it was time to branch out within the pharmaceutical care arena. They talked at the time about a continuum of care. The acquisition of Medco was followed quickly by acquisitions of DPS and Lilly, which has since been undone.
Medco has been operating under the independence policy which was adopted by Merck in early 1994, has been operating independently. We have put in place the kinds of protections that were necessary to insure that decision making in terms of what was on our formulary, decision making as to what goes into our clinical programs was not biased in favor of Merck.
There are many manufacturers in addition to Merck who desire to influence what is on Merck-Medco's formulary. We take all those into account. Obviously, in that situation, Merck owns us, the finances are different than the arrangements with other manufacturers.
Today we are an extremely successful division of Merck, I think because we stuck to our business. We are here to represent plan sponsors for patients and not to represent the interests of any manufacturer, whether it be our own or some contracting manufacturer.
DR. HARDING: Thank you. We are approaching the end of this session. I asked if anybody from the room would like to ask a question.
MR. SMITH: My name is Jim Smith. I am from the American Medical Association. I have an academic question. When I sign a so-called informed consent, when I joined my health plan, that enables a PBM and any number of other parties to access my medical record and create files or manage some portion of that.
What happens when I leave that health plan? Can I get it back, or where does it go?
MS. LOWE: I can't tell you in terms of the health plan where it goes. If we are no longer the pharmacy benefit manager and PCS becomes the pharmacy benefit manager, the client usually directs us to transfer certain records over to PCS so that they can continue providing the care.
We have to retain certain records for a period of time in our mail pharmacy because there are certain things that we have to do -- because the client has asked us to retain them for a certain period of time, because of their obligations under ERISA. So we may retain certain files, but in terms of transferring you, the client will tell us whether to transfer that information to the next PBM.
MR. SMITH: The client, me, or the health plan?
MS. LOWE: Your health plan.
MR. SMITH: So at any point would I have the opportunity to get that information back from you?
MS. SACKS: In some ways it is the same as medical records going to a provider or a hospital or anywhere else. For a certain period of time we need to continue to hold the records, whether or not you can go to a health plan and ask them to disclose to you what your records are, most of them would. Under the federal law we are looking at, you would have the opportunity to access them and make copies of the information. It wouldn't mean though that the health plan wouldn't have to retain it for a period of time for their own record keeping purposes or auditing purposes and other things.
I know once an individual is no longer in our plan, we do not contact that individual or use their patient identifiable information for any purpose.
MR. SMITH: Thank you.
DR. HARDING: Any other comments? Seeing no other questions, I want to thank you for coming today and being on this panel, very lively and very informative. We appreciate you coming and taking the time and the preparation of being here this morning.
MS. LOWE: Thank you. I would venture to say on behalf of all of us, if there is any other information that we can provide, questions we can answer, I know that we are all available to do so.
DR. HARDING: Thank you. With that, we will stand adjourned.
(Whereupon, the meeting was adjourned.)