In March 2020, the California State Board of Pharmacy issued a “Remote Processing” waiver, which is still in effect today (with some modifications). For the purpose of the waiver – as the Board explained – “remote processing” means the entering of an order or prescription into a computer from outside of the pharmacy or hospital for a licensed pharmacy. Remote processing may also include order entry, other data entry, performing prospective drug utilization review, interpreting clinical data, insurance processing, performing therapeutic interventions, providing drug information services, and authorizing release of medication for administration. This means that these services could not have been performed remotely absent a waiver. But some pharmacies in California – especially LTC pharmacies – contract or outsource these functions and they did so prior to the waiver. In fact, as I hear from my clients, this is a common practice across the state.
And this is why many confused pharmacists (who outsource these functions) and technicians (who often enter data remotely) contacted me after the waiver, asking why the Board waived an allowed activity. This was not an easy question to answer as the regulations do not expressly prohibit remote data processing.
Moreover, California Code of Regulations § 1793.3 provides that non-licensed pharmacy personnel may “type a prescription label or otherwise enter prescription information into a computer record system… At the direction of the registered pharmacist, a non-licensed person may also request and receive refill authorization.” And data processing is not within the tasks limited only to pharmacists as per California Code of Regulations § 1793.1.
But when I started to dig deeper, I found two administrative actions that explained the Board’s position on the remote processing.
One was against PharMerica for outsourcing its data processing to Infinx (a company based in Mumbai) to process/type prescriptions from a remote location. The Accusation against PharMerica explained that PharmMerica and Infinx had entered into a business agreement, which detailed privacy, security, HIPAA standards, and business terms, such as a provision that Infinx was to arrange “data entry support performing routine pharmacy billing tasks, included but not limited to new order processing and refill order processing.” The Accusation further elaborated that employees of Infinx had the same login and access to the network as PharMerica’s employees. In other words, Infinx had access to protected patient and prescription information but was not licensed in California as a pharmacy. And none of its employees were licensed pharmacists or technicians. According to the Board’s records, the only supervision employees of Infinx received by licensed pharmacists was remotely through the computer system. The sole cause for discipline against PharMerica was for “unlicensed activity” by allowing an “unlicensed entity, to process prescription refill orders, including accessing the Pharmacy’s computer software by individuals not located in a pharmacy licensed by the board to process the refills.”
The second case was against Infinx in a form of a cease-and-desist demand. Infinx disagreed with the Board’s conclusion that it engaged in an unlicensed activity and requested a hearing. The final decision upheld the Board’s demand by explaining that the arrangement violated:
- Bus. & Prof. Code § 4037, which required that common electronic files be used by two licensed pharmacies for dispensing information. Infinix was not a licensed pharmacy but had access to PharMerica’s common electronic file to update information relevant to the dispensing of the dangerous drugs.
- Title 16, Cal. Code of Regulations § 1793.3, which provided that a pharmacy “may employ a non-licensed person to type a prescription label or otherwise enter prescription information into a computer records system.” The employees of Infinx were not employees of the pharmacy and were not supervised by California pharmacists.
- Bus. & Prof. Code § 4071.1, which prohibited prescriptions or orders to be electronically entered outside of the pharmacy unless the prescription or order was entered by a prescriber or a pharmacist.
As these two cases illustrate, outsourcing data processing must be reconsidered taking into consideration the above three legal points.
While we currently have a waiver on file, it is set to expire on May 31, 2021. I suspect that it will be renewed again. If the Board, however, does not renew the waiver, many pharmacies will have to modify their practice of employing outside companies to perform remote data entry.
To remind, the current waiver expands the provisions of Bus. & Prof. Code § 4071.1 to allow for remote processing by pharmacy technicians and pharmacy interns to include “prescription or order entry, other data entry, and insurance processing of prescriptions and medication orders for which supervision by a pharmacist is provided using remote supervision via technology that, at a minimum, ensures a pharmacist is (1) readily available to answer questions of a pharmacy intern or pharmacy technician; and (2) verify the work performed by the pharmacy intern or pharmacy technician.” The waiver also requires that:
- “A pharmacy utilizing remote processing shall ensure that all pharmacy interns and pharmacy technicians providing such services have been trained on the pharmacy’s policies and procedures relating to medication order or prescription processing and remote supervision via technology that, at a minimum, ensures a pharmacist is (1) readily available to answer questions of a pharmacy intern or pharmacy technician; and (2) verify the work performed by the pharmacy intern or pharmacy technician.
- A pharmacy shall ensure that any pharmacy intern or pharmacy technician performing remote processing shall have secure electronic access to the pharmacy’s patient information system and to other electronic systems to which an on-site pharmacy intern or pharmacy technician has access when the pharmacy is open.
- Each remote entry record must comply with all record keeping requirements for pharmacies.
- A pharmacy utilizing remote processing is responsible for maintaining records of all medication orders and prescriptions entered into the pharmacy’s information system.”
Our firm is currently considering a possibility of petitioning the Board to codify the waiver and allow remote data entry with certain technical and contractual safeguards. For example, Arizona and Washington allow remote data entry if proper contracts and technical safeguards are in place. If your pharmacy would like to join the efforts to change California law and allow remote data processing in the absence of waiver, please contact our firm.