Table of Contents
Interest in and use of telemedicine services appears to be dramatically increasing. According to researchers, telehealth visits by members of one private US health plan rose by 52% annually from 2005 to 2014, and soared by 261% from 2015 to 2017. As more people seek to use telemedicine services, there has been an increased focus on what constitutes the appropriate use of these services. In addition, increased utilization has also increased the potential risk for fraud and abuse. In 2017, the Department of Health and Human Services Office of Inspector General (OIG) added Medicaid telehealth payment audits to its Work Plan.
Many discussions of the risks related to telemedicine focus on state-regulated practice of medicine issues and healthcare fraud and abuse concerns that typically fall under the purview of the Centers for Medicare & Medicaid Services (CMS); however, recent regulatory and enforcement actions have also been undertaken by the U.S. Food and Drug Administration (FDA or the Agency). This article will provide an overview of the FDA’s enforcement authority and discuss two examples of how the Agency has recently exercised that authority over telemedicine-related activities. This article will not discuss the FDA’s authority to regulate products used to provide digital health services (e.g., clinical decision support software, mobile medical apps).
FDA’s regulatory and enforcement authority
The FDA regulates virtually every company and individual involved in the manufacture, sale, and distribution of drugs, medical devices, foods, and cosmetics. The FDA is responsible for the regulation of the following product categories: foods, drugs, biologics, medical devices, radiation emitting products, cosmetics, veterinary products, and tobacco products. Throughout this article, we refer to all of the products regulated by the FDA as “regulated products.”
The Federal Food, Drug, and Cosmetic Act (FDC Act) and its implementing regulations grant the FDA administrative, civil, and criminal enforcement authority over the activities that affect products regulated by the Agency. The FDA’s enforcement authority is largely based on the FDC Act’s identification of numerous “prohibited acts” related to developing, manufacturing, distributing, selling, marketing, holding for sale, and labeling regulated products. Such “prohibited acts” include the introduction of an adulterated or misbranded regulated product into interstate commerce, the adulteration or misbranding of any regulated product in interstate commerce, the receipt in interstate commerce of any regulated product that is adulterated or misbranded, and the introduction of an unapproved new drug into interstate commerce. The FDC Act also identifies the circumstances that can cause a regulated product to be considered adulterated or misbranded, including the act of dispensing a prescription drug product without a valid prescription.
When a prohibited act occurs, the FDA may take regulatory and enforcement actions to address such a violation. For certain regulated products, the FDA’s enforcement authority is limited to administrative actions the Agency can take without judicial action, such as issuing Warning Letters and public notices. Warning Letters are the FDA’s most common administrative action; the Agency issued 15,318 Warning Letters in 2017. These actions are designed to publicize noncompliance, to notify companies and individuals of violations of “regulatory significance,” and to allow the Agency to elicit corrective actions from the companies and individuals so that the violative regulated products are brought into compliance with the FDC Act requirements.
For more complex or potentially dangerous regulated products, in addition to administrative actions, the FDA’s enforcement authority may also allow for civil and criminal action to be pursued. The U.S. Department of Justice (DOJ) Civil Division Consumer Protection Branch represents the FDA in connection with criminal and civil litigation and related matters arising under the FDC Act.
Recent Warning Letter
On March 8, 2019, the FDA issued a Warning Letter to AidAccess.org (Aid Access) regarding the sale of certain prescription drugs on its website. The FDA alleged that Aid Access violated the FDC Act by introducing misbranded and unapproved new drugs into interstate commerce. More specifically, the Warning Letter alleged that Aid Access facilitates the sales of unapproved and misbranded mifepristone and misoprostol to customers in the United States.
The Warning Letter asserts that Aid Access’ website states that it provides online consultations before the abortion pills, mifepristone and misoprostol, are delivered to the customer by mail. The letter describes Aid Access’s “Combipack of Mifepristone Tablets IP & Misoprostol Tablets IP” as a regimen and combination pack of unapproved mifepristone and misoprostol. The letter states that there is no approved drug application for this combination pack, so the introduction of this product into interstate commerce violates the FDC Act.
The Warning Letter also alleged that the combination pack sold by Aid Access fails to include adequate directions for use, so the product is also misbranded. “Adequate directions for use” refer to instructions that a layperson can follow to safely use a drug as intended by its FDA approval. The FDA specifically raised a concern that the Aid Access product “contains prescription drugs intended for a condition that is not amenable to self-diagnosis and treatment by a layperson, [so] adequate directions cannot be written such that a layperson can use the product safely for its intended use.”
In determining that the Aid Access product was both unapproved and misbranded, the FDA discussed that the FDA-approved prescription drug product is subject to a Risk Evaluation and Mitigation Strategy (REMS) program that restricts dispensing to certain healthcare settings, by or under the supervision of a certified prescriber. Healthcare providers who prescribe the FDA-approved product must be certified in the REMS program for the drug. In order to be certified, the prescriber must have the ability to assess the duration of the pregnancy accurately, diagnose ectopic pregnancies, and provide surgical intervention in cases of incomplete abortion or severe bleeding, or to have planned for others to provide such care, among other requirements.
The Warning Letter did not address whether the online consultations provided by Aid Access comply with the various requirements for establishing a practitioner-patient relationship. However, the Warning Letter indicated that the online consultations could not satisfy the REMS program prescriber requirements. In addition, the FDA specifically noted that the REMS program does not allow for sale of the FDA-approved drug product over the internet. The FDA ordered the company to immediately cease the sale of the unapproved and misbranded products or face further action, including seizure or injunction.
Recent criminal enforcement action
In October 2018, the District Court for the Eastern District of Tennessee unsealed a 32-count indictment involving a fraudulent telemedicine scheme. According to the indictment, the defendants, which included four individuals and seven companies (four pharmacies, a pharmacy management company, a holding company, and a wholesale distributor), orchestrated an elaborate telemedicine scheme to fraudulently solicit insurance coverage for prescriptions for patients across the country. Specifically, the indictment alleges that the defendants:
[K]nowingly and willfully combined, conspired, and agreed to deceive tens of thousands of patients and more than 100 doctors … for the purpose of executing a scheme and artifice to defraud health care benefit programs, and to obtain by means of false and fraudulent pretenses, representations, and promises, approximately $174,202,105 … in connection with the delivery of and payment for health care benefits, items or services, and, in furtherance thereof, caused to be submitted not less than approximately $931,356,936 in fraudulent claims for payment.
The alleged scheme
According to the indictment, the defendants purchased dozens of medications at prices substantially below the manufacturer-reported average wholesale prices (AWP) of those medications. The defendants then orchestrated a system whereby a patient would contact a call center and speak to an employee of HealthRight, a telemedicine company. Unbeknownst to the patient, this employee was not a healthcare professional. The HealthRight employee would use the patient’s answers to several questions, as well as the patient’s insurance information, to select one of the medications purchased below AWP.
HealthRight maintained a network of doctors to provide telemedicine services. Once a HealthRight employee spoke with a patient and selected a medication, HealthRight would email or text a doctor licensed in the patient’s state that an “e-consult” was ready for online review. The doctors were led to believe that a healthcare professional had reviewed the patient’s medical history and that the patient had specifically requested the selected medication by name. The doctor would then prescribe the medication that had been selected by the HealthRight employee. The defendants would fill the prescription with the medication that had been purchased below AWP and then seek reimbursement from the patient’s insurance company at the AWP—thus making a substantial profit on each transaction.
In addition to describing the fraudulent scheme, the indictment asserted that the near exclusive use of the “e-consult format” interfered with the creation of a valid practitioner-patient relationship. According to the indictment, the lack of a valid practitioner-patient relationship invalidated the prescriptions provided by the doctors.
In addition to the more typical healthcare fraud charges (i.e., conspiracy to commit healthcare fraud, healthcare fraud conspiracy forfeiture allegations, and mail fraud), the indictment included two counts for the introduction of misbranded drugs into interstate commerce with intent to defraud and mislead. These counts are based on the dispensing of prescription drug products without valid prescriptions. Such dispensing renders the products misbranded in violation of the FDC Act.
FDA’s role in recent enforcement actions
The Warning Letter and criminal indictment discussed above provide insight into the emerging trend of FDA activity related to telemedicine services. Such insight is particularly relevant to providers that may wish to use the internet and telemedicine services to provide prescription drug products to patients.
Although the criminal indictment largely describes an orchestrated scheme to defraud patients and exploit private insurance companies, it also highlights the government’s skepticism of the “e-consults” conducted or reviewed by the physicians, leading to the government’s conclusion that a valid prescription had not been issued for the drug products. Such skepticism likely resulted in the inclusion of the two charges for FDC Act violations in the indictment. Although not explicitly discussed, the Warning Letter issued to Aid Access reflects similar skepticism about the online consultations provided to customers seeking to purchase Aid Access’s product.
To avoid FDA’s scrutiny and liability under the FDC Act, providers who offer telemedicine services to enable patients to obtain prescription medications should ensure that the products they prescribe and dispense will not be considered misbranded or unapproved. Prescribers (e.g., physicians) and dispensers (i.e., pharmacies) should seek to ensure that the platform used to provide any telemedicine services is conducive to the establishment of a valid practitioner-patient relationship. Without such a relationship, any prescriptions issued may be considered invalid. Dispensing pursuant to an invalid prescription would cause that product to be misbranded under the FDC Act. Providers should consider this layer of scrutiny and potential liability in addition to evaluating the areas of healthcare fraud and state regulation of medicine and pharmacy.
Scrutiny and enforcement actions regarding telemedicine-related activities are increasing.
CMS and state boards are not the only regulators in this space.
The FDA has broad regulatory and enforcement authority over regulated products including drugs and medical devices.
Dispensing prescription drugs without a valid prescription may render the drug products misbranded in violation of the FDC Act.
Providers should consider the implications of the FDA’s enforcement authority on telemedicine-related activities.