CASP Module 10, Section 2: Referral Coordination and Data Transmission
MODULE 10: HUBS, DATA, & SPECIALTY PHARMACY OPERATIONS

Section 10.2: Referral Coordination and Data Transmission

Analyzing the flow of patient referrals and critical data (demographics, clinical info, insurance details) between prescribers, Hubs, and pharmacies.

SECTION 10.2

Referral Coordination and Data Transmission

Mastering the Flow: Data as the Lifeblood of Specialty Therapy.

10.2.1 The “Why”: Data as the Lifeblood of Time-to-Therapy

In community pharmacy, you are accustomed to data being a simple, transactional part of the fill. The e-prescription arrives, the data populates, and you fill it. The data is a *record* of the transaction. In specialty pharmacy, this concept is inverted: data is the *prerequisite* for the transaction. The flow of data is not an administrative task that happens alongside the patient’s journey; it is the patient’s journey. Every day of delay in a patient’s Time-to-Therapy (TTT) can almost always be traced back to a single point of “data friction”—a missing field, an incorrect code, or a failed transmission.

You must fundamentally reframe your perspective. In specialty, you are not just a pharmacist; you are a data integrity expert and a workflow process manager. The “product” you deliver is not just the medication in the box. It is a complex service where the medication is the final step. The service itself is built from data. The prescriber provides the initial data packet, the Hub enriches and validates that data, and you, the specialty pharmacist, perform the final validation and add new data (dispense records, clinical notes) back into the ecosystem.

Why is this so critical? Because a simple retail prescription for atorvastatin requires perhaps 5-7 key data fields. A specialty referral for an oral oncology agent requires 30-50 critical data fields. This “patient data package” includes not just who the patient is, but their complete insurance picture (medical and pharmacy), their financial status, their clinical history (prior failed therapies, current lab values, patient weight), and their prescriber’s detailed attestation. Without 100% of this data, the patient’s journey comes to a dead stop. This section is a deep dive into the anatomy of that data, the paths it takes, and the rules that govern its movement.

Pharmacist Analogy: The International Travel Dossier

In your retail practice, a prescription for amoxicillin is a domestic bus ticket. It’s simple, cheap, and has minimal data: “One passenger, [Name], from [Prescriber], to [Destination/Drug].” The passenger can get on the bus (get the drug) almost immediately.

A specialty prescription is a dossier for a complex international trip to a restricted country. The patient cannot even go to the airport (your pharmacy) until this entire dossier is complete and approved by multiple government agencies (the Hub and the Payer).

This “travel dossier” (the referral packet) must contain:

  • The Passport (Patient Demographics): Name, DOB, Address. Must be 100% accurate, or it’s invalid.
  • The Visa Application (The Enrollment Form): The form that officially requests entry into the “country” (the patient support program).
  • Proof of Funds (Insurance Cards): Not just one card, but *all* of them. The “visa office” (the Hub) needs to see the patient’s primary travel insurance (Medical Benefit) *and* their secondary spending card (Pharmacy Benefit).
  • Medical Clearance (Clinical Data): The “visa office” will not approve the trip without proof of health. “We need to see a lab test (e.g., LFTs) proving the patient is healthy enough to travel.”
  • Letter of Invitation (Prior Authorization): The prescriber must write a detailed letter (the PA form) explaining *why* this specific trip (drug) is medically necessary and why all domestic trips (failed prior therapies) did not work.

As the pharmacist, you are the final boarding agent at the gate. You cannot let the patient on the plane (dispense the drug) until you have the *complete, approved dossier* in your hand. Your job is to spot a missing or fraudulent document (bad data) instantly. This section is your training in becoming a master document inspector.

10.2.2 The Patient Data Package: Anatomy of a “Clean” Referral

A “clean” referral is the holy grail of specialty pharmacy intake. It is a referral that arrives from a Hub (or prescriber) with every single field required for you to proceed to clinical review and adjudication without making a single clarification call. A “dirty” referral is the opposite and is the single greatest source of operational waste and TTT delays. Your ability to instantly triage a referral and identify *what* is “dirty” is a core skill.

Masterclass Table: Anatomy of a “Clean” Referral Data Packet
Data Category Key Data Fields Why It’s Critical (The “Gotcha”)
Patient Demographics
  • Patient Full Legal Name
  • Date of Birth (DOB)
  • Home Address (Ship-to Address)
  • Primary & Secondary Phone Number
  • Email Address
 The “Gotcha”: A simple typo (e.g., “John” vs. “Jon”) will cause the insurance claim to reject. An incorrect DOB will cause a hard reject. An old address will cause a $10,000 cold-chain drug to be delivered to the wrong house. This data must be perfect.
Prescriber Information
  • Full Prescriber Name
  • Office Address / Group Practice
  • Office Contact Person & Phone/Fax
  • NPI Number
  • DEA Number (if applicable)
  • State License Number
 The “Gotcha”: The NPI is the key to everything. It links the prescriber to the claim and the PA. However, if the prescriber is a Nurse Practitioner, many PAs must be co-signed by the supervising MD. The Hub *should* have already managed this, but you must verify that the attesting provider on the PA matches the prescriber on the Rx.
Insurance Information
  • Pharmacy Benefit (PBM): BIN, PCN, Group, Member ID
  • Medical Benefit: Payer Name, Member ID, Group #
  • Policy Holder Name & DOB
  • Secondary/Tertiary Coverage Info
 The “Gotcha”: This is the #1 point of failure. The Hub *must* investigate both medical and pharmacy benefits. Many biologics (e.g., for RA) may be covered under *either* benefit. You cannot just run a PBM claim. You must know which benefit to bill. A “clean” referral from a Hub will explicitly state: “Verified Medical Benefit, Bill Payer X, PA# 12345.”
Prescription Information
  • Drug Name (Brand)
  • Dose & Sig (e.g., “40mg SC every other week”)
  • Quantity & Refills
  • Date Written
 The “Gotcha”: Vague Sigs (e.g., “use as directed”) are unacceptable and illegal in specialty. A more common “dirty” sig is a titration: “Take 10mg daily for 7 days, then 20mg daily.” Your pharmacy system cannot bill this as one Rx. The Hub *should* have clarified this and sent it as two separate, sequential prescriptions.
Critical Clinical Data
  • ICD-10 Diagnosis Code(s)
  • PA Approval Number & Dates
  • Prior Failed Therapies (if required by PA)
  • Patient Weight & Height (for weight-based dosing)
  • Relevant Lab Values (e.g., LFTs, TB test, Genotype)
  • Clinical Notes / Chart Summary
 The “Gotcha”: This is the most critical category. Without the approved PA# and the ICD-10 code, you cannot bill. Without the labs, you cannot complete your *clinical* verification. A truly “clean” referral includes *all* of this. A “dirty” referral will have the Rx but will be missing the PA approval, forcing your team to call the Hub and wait.
Financial Assistance Data
  • Copay Card Billing Info (BIN/PCN/Group)
  • PAP Enrollment Confirmation
  • Foundation Grant ID Number
 The “Gotcha”: The referral is clean, the PA is approved, you run the claim, and the copay is $2,000. The patient will abandon it. A “clean” referral from the Hub is *proactive* and includes the copay card billing information *with* the initial referral, allowing you to run the secondary claim and present the patient with their final, affordable $0 or $10 copay.

10.2.3 The Data Flow: Tracing the Referral’s Chaotic Journey

The core value of a Hub is to take a chaotic, multi-step process and make it linear and manageable. As a pharmacist, you will unfortunately encounter both workflows. Understanding the “bad” workflow helps you appreciate and troubleshoot the “good” one.

Path 1: The “Traditional” or “Broken” Data Flow (Hubless)

This is what happens when a prescriber’s office doesn’t know about the Hub, or a patient tries to transfer a specialty drug from another pharmacy. It’s a “hubless” model where your pharmacy is forced to act as the Hub, and it’s a nightmare of inefficiency.

“Broken” Hubless Workflow: The Reactive Scramble

1. Prescriber

Sends eRx to SP. Faxes PA to Payer.

2. Specialty Pharmacy (You)

Receives eRx. Runs test claim. REJECTED (PA Required).

3. Payer

Receives faxed PA. DENIES (Missing Clinicals).

4. The Result: CHAOS

The Prescriber is now getting calls from the Payer (for more clinicals) *and* your pharmacy (asking for PA status). The Patient is calling your pharmacy asking “Where is my drug?” Your Pharmacy is stuck in the middle, unable to act. This is the definition of data friction, and therapy is indefinitely delayed.

Path 2: The “Hub-Centric” Data Flow (The Gold Standard)

Now, let’s look at the same scenario, but where the prescriber correctly uses the manufacturer’s Hub. Notice how the workflow becomes linear and your pharmacy becomes the *last* stop, not the first.

“Hub-Centric” Workflow: The Coordinated Handoff
1. Prescriber Submits ONE Packet

Prescriber (or their staff) sends one complete enrollment form (eRx, demographics, clinicals, insurance) to the Hub’s single point of contact (portal, e-fax, etc.).

2. Hub Manages ALL Barriers

The Hub becomes the single point of contact.

  • Hub <-> Payer: Hub submits the PA, manages appeals.
  • Hub <-> Prescriber: Hub calls the office if any clinical data is missing.
  • Hub <-> Patient: Hub calls the patient, enrolls them in the copay card/PAP.

3. Pharmacy Receives “Clean” Referral

Your pharmacy receives a complete, actionable data packet via API or portal: “Patient Jane Doe, PA# 67890, Copay Card BIN# 123456. Please dispense.”

Result: Your team moves directly to clinical review and dispensing. TTT is minimized, and the patient journey is seamless.

10.2.4 Data Exchange Standards: The “Rules of the Road”

For data to move from one system (like the Hub’s CRM) to another (like your pharmacy system), it needs to follow standardized “rules of the road.” These standards define the *format* and *structure* of the data, ensuring that when one system sends “Patient DOB,” the other system knows where to find it and what it means. Your retail experience has already made you a high-volume user of the most important standard: NCPDP SCRIPT.

NCPDP SCRIPT Standard

This is the backbone of all retail and specialty e-prescribing. The National Council for Prescription Drug Programs (NCPDP) SCRIPT standard is the HIPAA-compliant, federally-mandated “language” that allows EMRs, PBMs, and pharmacy systems to talk to each other. You use it dozens of times a day.

Key SCRIPT Messages You Must Know:

  • NEWRX (New Prescription): This is the standard e-prescription. When a prescriber clicks “send” in their EMR, they are sending a NEWRX message. This is how a Hub can receive an eRx *directly* from a prescriber’s EMR.
  • REFREQ / REFRES (Refill Request/Response): This is your retail “refill request” function. It is also used in specialty.
  • PAREQ / PARSP (Prior Auth Request/Response): This is the electronic Prior Authorization (ePA) standard. It allows an EMR or Hub system to digitally *initiate*, *send clinicals for*, and *receive a response for* a PA, all within their workflow. This is *infinitely* superior to faxing.
  • RTPB (Real-Time Prescription Benefit): This is one of the most powerful tools. It allows the prescriber’s EMR—*at the moment of prescribing*—to ping the patient’s PBM and ask:
    1. Is this drug on formulary?
    2. Is a PA required?
    3. What is the patient’s estimated copay?
    4. Are there lower-cost, therapeutically similar alternatives?
    This allows the prescriber (or Hub) to see the barrier *before* they even send the script, saving weeks of “discover and fix” work.

HL7 (Health Level Seven)

If NCPDP SCRIPT is the language of *prescriptions*, HL7 is the language of *health systems*. It’s the dominant standard used by hospitals, EMRs (like Epic and Cerner), and labs to exchange clinical and demographic data. As specialty pharmacies become more integrated (e.g., as part of a health system), you will interact with HL7 data feeds.

Key HL7 Messages You Must Know:

  • ADT (Admit, Discharge, Transfer): An ADT feed from a hospital EMR is a powerful tool for your SP. An “A01” (Admit) message can automatically alert your clinical team that “Your patient, Jane Doe, was just admitted to the hospital.” This allows you to perform medication reconciliation and prevent duplicate therapies.
  • ORU (Observation Result): This message is used to transmit lab results. A “Lab Interface” using ORU messages can automatically push a patient’s latest LFTs, CBCs, or INR results directly into their profile in your pharmacy system, saving your team from having to fax the prescriber for them.

API Data Formats (JSON & XML)

As we discussed in 10.1, an API is the “pipe.” These standards define the *format* of the data flowing through that pipe. You don’t need to be a programmer, but you *must* be able to understand the concept and why it matters.

Format Example Pharmacist’s Takeaway
XML (eXtensible Markup Language) 
<patient>
  <name>John Doe</name>
  <dob>1970-01-30</dob>
</patient>
This is an older, rigid, but very structured format. You will see this in legacy systems or complex enterprise feeds. It’s human-readable, but verbose.
JSON (JavaScript Object Notation) 
{
  "patient_name": "John Doe",
  "dob": "1970-01-30"
}
This is the modern standard for all web-based APIs and portals. It is lightweight, flexible, and much easier for developers to work with. When your SP builds a “Level 4” API connection, it is almost certainly using JSON.

10.2.5 Data Security & HIPAA: The Pharmacist as Guardian

In your retail practice, HIPAA is often treated as an annual training module—a “click-through” compliance task. In specialty pharmacy, HIPAA is a high-stakes, daily reality. The “patient data package” you handle is one of the most toxic and valuable data sets in existence. It often contains a patient’s Name, DOB, SSN, Home Address, insurance information, financial status, and a highly sensitive diagnosis (e.g., HIV, Multiple Sclerosis, Cancer, Hepatitis C). A breach of this data is catastrophic for the patient and can result in multi-million dollar fines for your pharmacy.

As an advanced pharmacist, you are a data guardian. You must move from a “rules-based” understanding of HIPAA to a “risk-based” one.

Key HIPAA Concepts for Specialty Data Flow

  • The Minimum Necessary Rule: This is the guiding principle. You should only use, disclose, or request the minimum amount of Protected Health Information (PHI) necessary to accomplish a specific task.
    • Practical Example: When your pharmacy sends a “dispense file” back to a manufacturer’s data vendor, you are contractually obligated to send certain fields (e.g., Patient ID, Dispense Date, NDC, Cost). You must *not* include other PHI (like the patient’s phone number or your internal clinical notes) unless it is *explicitly* required by the contract. Adding extra data “just in case” is a HIPAA violation.
  • Data Encryption (In Transit & At Rest): This is a non-negotiable technical safeguard.
    • Data in Transit: Any PHI moving between systems (e.g., from the Hub to your pharmacy) *must* be encrypted. This is why we use HTTPS (for portals), SFTP (for files), and encrypted APIs. A regular, unencrypted email is NEVER acceptable.
    • Data at Rest: Any PHI sitting on a server or your laptop *must* be encrypted (e.g., encrypted hard drives, encrypted databases). If an unencrypted laptop is stolen, it is a reportable breach. If an *encrypted* laptop is stolen, it is a lost asset, but *not* a breach.
  • Business Associate Agreements (BAA): This is the master legal document. A BAA is a signed contract between a “Covered Entity” (your pharmacy) and a “Business Associate” (the Hub vendor, the manufacturer, the data analytics company) that legally permits the sharing of PHI for specific purposes (like managing the support program).
    • Pharmacist Takeaway: You cannot share PHI with *anyone* until your organization has a BAA in place. This BAA is your “permission slip” and your “rulebook.” It defines *exactly* what data you can share, with whom, and how.
The “Fireable Offense”: Unencrypted Email

The single most common and most dangerous HIPAA breach in pharmacy is sending PHI over unencrypted email. A Hub case manager you’ve worked with for months emails you, “Hey, can you just send me the patient list for Dr. Smith’s office? I’m trying to reconcile our records.”

If you export that list and attach it to a regular email, you have just committed a massive, reportable breach. You have broadcasted a list of patients (all with a sensitive disease) over the open internet. This is a fireable offense and can trigger a federal investigation.

The Correct Action:
1. STOP. Never do this.
2. RESPOND: “Hi [Name], I’d be happy to help. Per HIPAA, I cannot send this PHI over regular email. Can you please send me a secure email (e.g., via ZixMail) so I can reply securely? Alternatively, I can upload it to our shared, secure portal/SFTP site. Please let me know which you prefer.”
This response identifies you as a professional, enforces security, and protects the patient and your pharmacy.

A Tutorial: Practical, Daily Safeguards

HIPAA compliance is not a once-a-year training; it’s a set of daily habits. Your skills in community pharmacy (like protecting the register) are translated here (protecting your screen).

Safeguard Type Your Daily Habit (Tutorial)
Physical Safeguards
  • Privacy Screens: Your monitor *must* have a privacy screen. You are looking at a screen full of PHI all day.
  • Lock Your Screen: Use Windows Key + L every single time you stand up from your desk. An unlocked, unattended workstation is a breach waiting to happen.
  • Clean Desk Policy: No “sticky notes” with patient names or passwords. All paper referrals must be in a secure, covered bin, not just sitting on your desk.
  • Secure Fax/Printers: All faxes and printouts must be in a secure area, not on a shared printer in an open hallway.
Technical Safeguards
  • Strong Passwords & 2FA: Never share your password. Use Two-Factor Authentication (2FA) for all external portals. This is your digital signature.
  • Auto-Logoff: Ensure your pharmacy system and all portals are set to automatically log you off after 10-15 minutes of inactivity.
  • Identify Phishing: Be suspicious of all emails. An email that *looks* like it’s from a Hub portal asking you to “reset your password” may be a phishing attempt to steal your credentials and all the PHI you have access to.
Administrative Safeguards
  • Patient Verification: When a *patient* calls you, you must verify their identity (e.g., full name, DOB, address) before discussing *any* PHI.
  • Provider Verification: When a *caller* states they are “from Dr. Smith’s office,” you must verify their identity. “Thank you. Just to confirm, what is your name and call-back number? I’ll call you right back at the number we have on file for that office.” This prevents “social engineering” breaches.

10.2.6 The Platforms: Where Data Lives and Moves

The data we’ve been discussing doesn’t just float in the air; it lives inside sophisticated, expensive software platforms. As a pharmacist, you will be a power-user of these systems. Understanding what they are and who they serve is key to navigating the ecosystem.

Hub-Side: The CRM (Customer Relationship Management)

The Hub runs on a highly customized CRM. This is the “brain” that manages the entire patient journey, from intake to PA to handoff. The case managers live in this system.

  • Salesforce Health Cloud: This is the 800-pound gorilla. Salesforce, the world’s #1 CRM, has a specific “Health Cloud” product that is pre-built for HIPAA compliance and managing patient cases. Many large In-House Hubs (and many modern Third-Party Hubs) are built on a customized Salesforce platform.
  • Proprietary Vendor Platforms: The major third-party vendors have invested hundreds of millions to build their *own* CRMs. Examples include Lash Group’s “Fusion”, Eversana’s “ACTICS”, and AssistRx’s “iAssist”. These are the “walled garden” portals they will require your pharmacy to use.

Pharmacy-Side: The SPMS (Specialty Pharmacy Management System)

Your pharmacy cannot run on a retail system like QS/1 or Rx30. The clinical and data-reporting needs are too complex. You will use a specialized SPMS designed to manage complex clinical care and data reporting.

  • Commercial “Off-the-Shelf” Systems: These are systems any SP can license. The most common are CPR+ (which is now part of Cencora’s Lash Group) and TherigySTM. These systems have modules for intake, dispensing, billing, and (critically) clinical care plans and adherence management.
  • Proprietary Systems: The “big 3” PBM-owned SPs (CVS Specialty, OptumRx, Accredo) have all built their *own* massive, proprietary management systems.
The “Neutral Switchboard” Platforms

A third category of platforms has emerged to solve the “portal fatigue” problem. These companies are “neutral” and act as a digital switchboard, connecting all the other players.

  • Surescripts & CoverMyMeds (CMM): These are the “highways” for e-prescribing and ePA. They use the NCPDP SCRIPT standard to connect virtually *all* EMRs to *all* PBMs and Pharmacies. CMM, in particular, has become the dominant ePA platform.
  • AssistRx: This platform often lives *inside* the prescriber’s EMR. It presents the prescriber with a “smart” enrollment form for a specialty drug. The prescriber fills it out once, and AssistRx’s technology in the background automatically routes all the data to the correct Hub (e.g., Lash for Drug A, Eversana for Drug B) without the doctor ever knowing the difference. It’s a “Hub of Hubs.”

10.2.7 Your Role as an Advanced Pharmacist: Data Integrity Expert

Your role as a CASP-certified pharmacist transcends dispensing. You are the final clinical and data-integrity checkpoint in this entire, complex flow. A technician can identify a *missing* field, but only a pharmacist can identify *bad* data.

This is where your clinical skills and data skills merge. You are the human firewall that stops bad data from causing patient harm or financial loss.

Examples of Pharmacist-Level Data Validation:

  • The Clinical Conflict: The referral arrives. The eRx sig says “Take 40mg weekly.” The attached PA approval from the Hub says “Approved for 40mg *every other week*.” This is a major data conflict. A technician might not spot it, but you must. You must call the Hub and/or prescriber to resolve the discrepancy *before* dispensing.
  • The Diagnosis Mismatch: The enrollment form says “Rheumatoid Arthritis” (`M06.9`), but the eRx from the EMR has an ICD-10 for “Psoriasis” (`L40.0`). The drug is approved for both, but the PA is likely specific to one. You must investigate and correct the record.
  • The Lab Value-Dose Mismatch: The referral for an oral oncolytic includes a lab report showing a platelet count of 75,000. The PI for the drug states: “For platelet count < 100,000, reduce dose to 100mg daily." The prescription, however, is for the standard 150mg dose. You have just caught a critical safety issue that an automated system would miss.

Ultimately, mastering the flow of data is the *foundation* of being an advanced specialty pharmacist. You cannot perform high-level clinical care on a patient who you cannot get on therapy. And getting a patient on therapy, quickly and safely, is a data-driven, data-managed, and data-perfected process.