Skip to Main Content

March 08, 2024
Health Law Weekly

Integrating Mifepristone into Big Pharmacy: Considerations for Continued Expansion to Access and Data Privacy Concerns

  • March 08, 2024
  • Natalie Birnbaum , Legal & Policy Consultant at Repro Solutions, P.C. and Of Counsel at Nelson Hardiman LLP
pill bottle
Share this:

Last week, following Food and Drug Administration (FDA) guidelines, Walgreens and CVS announced they will begin stocking and dispensing Mifepristone. The move further integrates Mifepristone into mainstream health care access points and follows FDA guidance and scientific research. Still, obstacles to access the pill in the pharmacy setting remain, even in states without restrictions on providing abortion care. In this heavily surveilled legal landscape, it is critical that physicians, clinicians, pharmacists, and employees are thoroughly and accurately trained to protect patient data. 

CVS and Walgreens Begin Mifepristone Rollouts Slowly and Below Full Access Potential 

The FDA approved Mifepristone over 23 years ago and scientific evidence and data consistently reinforce the drug’s safety and effectiveness. After a comprehensive review of updated data and research, in January 2023, the FDA determined a number of the Risk & Evaluation Mitigation Strategies (REMS) on Mifepristone were outdated and unnecessary. This included removing an in-person requirement and a regulation mandating that only providers could dispense Mifepristone. The REMS added additional requirements for pharmacies requiring them to become a “Certified Pharmacy.”

CVS and Walgreens both completed the certification process and will begin stocking and dispensing Mifepristone. CVS will begin dispensing in a small number of pharmacies in Massachusetts and Rhode Island. Walgreens will dispense in New York, Pennsylvania, Massachusetts, California, and Illinois.

Four of the six states (New York, California, Massachusetts, and Illinois) have legislation expanding protections for the providers of medication abortion, including pharmacies. Expanded protections (sometimes referred to as “Shield Laws”) provide additional protections for providers and/or other persons or entities involved in facilitating an individual’s access to telehealth for medication abortion services. State protections vary in scope and may include protections against professional licensure consequences, sharing information or data with out-of-state investigators or law enforcement agencies, and malpractice insurance coverage loss.

While expanded protections offer increased assurances, they are not a prerequisite to permitting abortion care. Medication abortion remains legal in 29 states–all with CVS and Walgreens locations. Both pharmacies announced they will continue to scale operations accordingly.

Notably, Walgreens and CVS chose not to offer online services for Mifepristone, despite FDA guidelines approving mail-order dispensing. Clinicians and physicians overwhelmingly rely on online pharmacies as the largest dispenser of Mifepristone nationwide, particularly California-based Honeybee Health, which was the first FDA-certified online pharmacy for Mifepristone in 2020. CVS and Walgreens will still permit third-party courier services to deliver Mifepristone to a patient’s preferred location.

The failure to include online pharmacy services likely relates to the upcoming FDA v. Alliance for Hippocratic Medicine case at the Supreme Court. The case calls into question the FDA’s relied upon regulatory oversight scheme by invalidating Mifepristone’s approval process and threatens access to Mifepristone nationwide. The Supreme Court case will hear oral arguments on March 26. 

This missed opportunity stalls health care innovation and fails to center on the patient experience. CVS  released a report this week finding that the overwhelming majority of Americans – up to 90% – believe that a connected, digital pharmacy experience enhances the patient experience and that 91% of pharmacists say that better use of technology to connect with patients and customers would improve overall health. Excluding Mifepristone in the digital pharmacy experience fails to center reproductive health care patients.

Pharmacy Dispensing Increases Patient Access Points to Essential Health Care and Reduces the Burden on Clinicians and Physicians

As of 2020, medication abortion accounted for more than half of all abortions in the U.S.  The opportunity to pick up Mifepristone in person from a pharmacy, like any other prescription, is groundbreaking for women and individuals trying to access basic health care without stigma. While some smaller pharmacies already began dispensing and storing Mifepristone following last year’s FDA determination, many more are expected to follow the lead of the national brands.

Before the change, certified providers had to stock and distribute the pills themselves or rely on mail-order pharmacies that distribute the medication. Pharmacist dispensing will likely increase the number of clinicians comfortable providing Mifepristone by enabling them to avoid the associated costs, burdens, and logistical challenges of stocking and dispensing the medication in their facilities. Many providers may continue to stock and distribute themselves, particularly those who are servicing patients who live in states where laws prohibit health care providers from offering abortion-related care.

Considering Patient and Provider Privacy Concerns and Mitigating Risks Ahead

Since the Dobbs decision, law enforcement has increasingly utilized state wrongful death and felony abuse statutes to criminalize pregnancy outcomes (see e.g.: Brittney Watts). While most states with abortion bans target the providers, not the patient, the concept of “fetal personhood” in anti-abortion laws, which enshrines the rights of fertilized eggs, embryos, and fetuses into legal systems, directly criminalizes the person for her pregnancy outcomes. Ultimately, the possibility of suspected abortions and miscarriages being reported to law enforcement could prevent patients from seeking care, even where services are offered.

To ensure patient access, pharmacies must remain vigilant in their data protection policies and procedures. Counsel for pharmacies, and for clinicians and physicians working with pharmacies dispensing Mifepristone, must review the pharmacy’s protocol regarding Mifepristone to ensure the following: 

  • Pharmacy staff will not hand over sensitive health care data to Law Enforcement regarding Mifepristone.

    • Under the HIPAA Privacy Rule, covered entities, such as pharmacies, and their employees are not required to share protected health information with law enforcement, although they are permitted to do so without patient authorization under limited circumstances.

    • It is critical to inform pharmacy staff on the distinction between “permitted” to share and “required” to share. Late last year a congressional investigation found that the largest pharmacy chains in the U.S. give patients' medical records to law enforcement without warrants, allowing pharmacy staff members to hand over customers’ medical records in the store. The report showed that three of the country’s biggest chains, including CVS, instruct pharmacy staff to immediately respond to law enforcement demands.

    • Note: Following this breach, to prevent these disclosures going forward, Congress requested that the Department of Health and Human Services (HHS) revisit HIPAA to determine the standard of legal process that will govern the disclosure of medical records and strengthen the minimum bar set in the current regulations to require a warrant.

  • Ensure the pharmacy is compliant with state privacy laws related to reproductive health care services.

    • States are increasingly adopting legislation to enshrine individuals' fundamental right to privacy in their reproductive decisions, and prevent the unauthorized disclosure of related medical information. Maryland and California have already imposed legislation requiring enhanced security measures for businesses handling reproductive health care data, including pharmacists, and the segregation of this data from broader electronic health systems. Similarly, New York just introduced the New York Health Information Privacy Act which seeks to prevent health care data from being used to criminalize people who received abortion care. 

 

  • Review the pharmacy’s data security compliance programs to protect patient health care information. 

    • The health care sector is increasingly facing cyber threats with ransomware and hacking at the forefront. In the last five years, there has been a staggering 256% rise in significant hacking-related breaches and a 264% surge in ransomware incidents reported to the HHS Office for Civil Rights. Pharmacies must prioritize preparedness, resilience, and a culture of cybersecurity awareness, and health care organizations must safeguard the well-being and privacy of the patients they serve.

 

Natalie Birnbaum Esq. is the Founder of Repro Solutions P.C., Of Counsel at Nelson Hardiman, and Policy Counsel at RHITES. You can reach her at [email protected]

ARTICLE TAGS