When the Margins Are Thin, Self-Audit for the Win

It is no secret that margins on prescription medications have declined dramatically over the last few decades. Independent pharmacy owners are well aware of their less-than-favorable Pharmacy Benefit Manager (PBM) contracts, and their propensity to routinely audit. After working day in and day out to take care of the patients in your communities, auditors swoop in and use the smallest ambiguous detail on a prescription to recoup against a claim. It is easy to understand why many independent pharmacy owners, operators, and employees get a sour taste in their mouth at the sheer thought of PBMs and auditors.

To decrease the likelihood of an unfavorable audit, PAAS National® analysts recommend routinely performing self-audits. In fact, the 2024-2025 Self-Audit Newsline Series just wrapped up and all 12 articles can be used to help reduce your pharmacy’s risk.

What is a self-audit?

A self-audit is a process used to validate prescriptions, ensure claims are billed appropriately and confirm all applicable documentation is accounted for to substantiate the validity of a claim. Self-auditing and monitoring serve as effective tools for assessing adherence to pharmacy policies and procedures, along with ensuring compliance with external regulations. The primary objective of a pharmacy’s self-auditing program should be to prevent, detect and eliminate risks related to fraud, waste and abuse, while also mitigating PBM audit liability.  

When should a self-audit be performed?

Self-audits should be performed on a routine basis, and the beauty of a self-audit is that it can be done at any time! It is a great activity for the less busy hours of a work week. The frequency can also be determined by the number of components you wish to audit. Some pharmacies will audit a small number of rotating items on a very regular basis while others may perform a larger self-audit of all elements they monitor on a less frequent schedule. Assigning an individual (or several) to perform these audits and creating a moderately flexible timeframe to complete this task is one way to ensure this important proactive measure does not fall by the wayside.   

What items or components are worth the time to self-audit?

There are a wide range of components to consider auditing, which come down to the audit risks your pharmacy would face. Below is a table of high audit risk claims that are likely applicable to your pharmacy and may warrant a self-audit.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Item/Component2024-2025 Self-Audit Series NewslineOther PAAS Resources
InsulinMarch 2024Understanding Biologic Substitutions (Insulin Substitution Chart included)Considerations for Billing Insulin Vials: Medicare Part B vs Part DInsulin Medication Days’ Supply ChartUnderstanding Interchangeability with Prescription Biologics on-demand webinar from August 2022
DAW CodesApril 2024DAW Codes Explained tool
InvoicesMay 2024Diabetic Test Strip Authorized Distributors article from July 2024 NewslineCaremark Invoice Audits – Purchases from Other Pharmacies article from April 2024 NewslineCaremark Bulk Purchase Notification article from January 2025 NewslineCaremark’s Bulk Purchasing Requirements on-demand webinar from June 2022Inventory Transfer Log (Also in Appendix B of Policy & Procedure Manual for PAAS members with HIPAA/FWA Compliance program)
Transferred-In PrescriptionsJune 2024Transfer Tragedy: A Timeworn PBM Target article from January 2024 NewslineBest Practice for Entering Transfers with Partial Refills Remaining article from June 2022 Newsline
TopicalsJuly 2024Topical Creams and Ointments Days’ Supply ChartVaginal Creams: Why 30 Days’ Supply Is Probably Not Appropriate article from January 2025 Newsline
Return to StockAugust 2024Return to Stock tool
Migraine MedicationsSeptember 2024OptumRx Continues to Cause Headaches! article from June 2024 NewslineMigraine Medications Continue to Cause Headaches article from August 2023 Newsline
CompoundsOctober 2024Caremark Complex Compounds article from April 2022 Newsline
Eye DropsNovember 2024Unique Eyedrop Calculation Challenges article from February 2025 NewslineMiebo® Eye Drops – What is the Days’ Supply? article from March 2024 NewslineEye Drop Guidance chart
Nasal and Oral InhalersDecember 2024Nasal Inhaler chartOral Inhaler chart
Controlled SubstancesJanuary 2025Can Pharmacists Continue to Fill Controlled Substance Prescriptions that are NOT Sent Electronically for Medicare Patients? article from January 2025 NewslinePartial Fills for C-II Controlled Substances
Electronic PrescriptionsFebruary 2025Electronic Prescription Fraud article from February 2025 Newsline

PAAS Tips:

  • Members with the PAAS Fraud, Waste & Abuse and HIPAA Compliance program can:
    • Find information about internal audits in Section 5.1 of your Policy & Procedure Manual
    • Use the Internal Auditing and Monitoring Plan found in Appendix B of your Policy & Procedure Manual
  • Consider reviewing the additional PAAS resources which may be applicable to multiple categories of medications:
  • Need a second opinion regarding your self-audit findings? Contact us and the first available analyst will reach out to further discuss your concerns.

Diabetic Test Strip Authorized Distributors – LifeScan Audits Continue!

Independent pharmacies continue to receive letters regarding the purchase of OneTouch® test strips, manufactured by LifeScan. We have seen two variations of these letters – one “warning” letter from LifeScan directly and a second letter demanding repayment for invoice shortages from a law firm acting on LifeScan’s behalf. Both letters contend that pharmacies submitted more claims for LifeScan’s OneTouch® diabetic test strip products to PBMs than are supported by purchase history from authorized distributors.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

The warning letter is softer in tone and educates recipients about the existence of an authorized distributor network and requests that the pharmacy reviews their suppliers to confirm that they are purchasing from a secure supply chain. Letters point out that purchases made outside of the secure supply chain could mean dispensing products that are counterfeit, have been tampered with (gray market), or are not authorized for sale in the United States.

The law firm letters boldly accuse pharmacies of having an “invoice shortage” and provides spreadsheets with claims and rebate data to support their allegations. These letters threaten to harm pharmacies by withholding rebate dollars owed to PBMs and notify PBMs of the pharmacy’s “non-compliance” unless the pharmacy pays a large amount of money to make the issue “go away”.

While PAAS National® has only seen letters from LifeScan, the concept of an authorized distributor network applies to many manufacturers of OTC diabetic test strips (see list below).

Manufacturer authorized distributor lists for major diabetic test strips:

  1. Abbott https://www.diabetescare.abbott/support/distributors.html
  2. Ascensia https://www.ascensiadiabetes.com/ (click on “distributors” at the bottom of the page)
  3. LifeScan www.genuineonetouch.com
  4. Roche https://rxvp.accu-chek.com/welcome/adr_list
  5. Trividia HealthTM https://www.trividiahealth.com/where-to-buy/

Because diabetic test strips are classified by the FDA as OTC medical devices, they fall outside of the Drug Supply Chain Security Act (DSCSA) and there is no requirement for a “pedigree” to ensure sourced product is legitimate and not stolen, counterfeit or previously dispensed (gray market). Pharmacies should take extra care when sourcing product that is advertised at a lower cost compared to primary wholesalers. Manufacturers have developed and maintained “lists” to aid supply chain partners like pharmacies.

It is also important to understand what each of the major PBMs have to say about sourcing diabetic test strips.

  • Caremark requires network pharmacies to purchase diabetic test strips from authorized distributors only
  • Express Scripts requires network pharmacies to purchase diabetic test strips from authorized distributors only
  • OptumRx does NOT explicitly require pharmacies to purchase test strips from authorized distributors; however, they do require that pharmacies source all products (including OTC test strips) from vendors that are both (i) licensed as a drug wholesaler in your state and (ii) an NABP accredited drug distributor.

Finally, there are two states (California and New Jersey) that have regulations pertaining to the purchase and distribution of OTC diabetic test strips.

PAAS Tips:

  • Be mindful of the interplay between state pharmacy regulations, PBM contract requirements, and manufacturer distribution channels when making inventory purchase decisions – the lowest possible price may cause you to run afoul of requirements
  • Contact PAAS at (608) 873-1342 or info@paasnational.com if you receive a letter from LifeScan or an affiliate law firm regarding purchases of diabetic test strips so that we can assist you in navigating a response

Can Claims Under Audit Be Reversed?

You’re preparing for an upcoming desk audit, and while pulling the hard copies for a PAAS National® analyst to review, you notice a billing error. It’s a simple fix, like an incorrect days’ supply, so you try to reprocess the claim. However, now you’re hit with an unexpected rejection …

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

– the claim was too old to reprocess and is now stuck in your system as a reversed/unpaid claim! Without authorization or assistance from the insurance helpdesk, it can’t be re-billed. To avoid unnecessary stress, PAAS recommends leaving the identified billing errors as is, and discussing with your assigned PAAS analyst. Since each PBM has its own auditing processes and procedures, the steps to resolve a billing error vary.

You may be wondering, “Well, when is it okay to reverse a prescription if we’ve identified an error?” A prescription under audit should never be reversed, unless the PBM auditor has given explicit approval to do so. For claims not under audit, PAAS recommends sticking to a 30-day timeframe, as each PBM and/or Plan may have a unique billing window. If that claim is outside of 30 days, you’ll want to contact the insurance helpdesk and have them help you through the reversal and correction process.

Keep in mind that Prescription Validation Requests are an exception, as they often specifically indicate the allowance to reverse and correct a claim. You will want to be sure you are appropriately filling out the documentation provided by the PBM to indicate that the claim was reversed and rebilled.

PAAS Tips:

  • If you find yourself with a reversed claim that is now stuck and unable to be rebilled, call the PBM helpdesk and ask if they can:
    • Open a billing window that would allow you to rebill, or
    • Help submit a paper claim via a Universal Claim Form (UCF)
  • PBMs may have their own UCF, or alternatively these can be purchased from NCPDP’s vendor, CommuniForm LLC.

Proof of Patient Counseling Required!

Pharmacies are familiar with submitting copies of prescriptions, signature logs and proof of copay collection upon an audit request, but do you have documented proof of the offer to counsel? While the patient can accept or refuse counseling, it must be documented for Medicaid patients. PAAS National®® analysts often see pharmacies with these requests during Medicaid (Payment Error Rate Measurement) audits, and pharmacies must include this documentation along with their other audit materials. Additionally, proof of patient counseling, or the offer to counsel, may be required during the credentialing process for Medicaid Managed Care programs. This requirement stems from the Omnibus Budget Reconciliation Act of 1990 (OBRA ’90), as outlined in 42 CFR §456.705. OBRA ’90, along with CMS regulations, mandates that states establish patient counseling standards for Medicaid programs in order to receive federal funding. While OBRA ’90’s primary objective was to save the federal government money through improved therapeutic outcomes, it achieved this by requiring pharmacists to offer counseling, conduct prospective drug utilization reviews (ProDUR), and maintain thorough records.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Establish a process to document the acceptance or refusal of counseling
    • Check with your State Board of Pharmacy and Medicaid Agency for compliance regulations as these can vary by state
    • Have a process in place to ensure compliance when the patient is not present in the pharmacy
      • Ex: Mailed or delivered prescriptions should, at a minimum, include a toll-free number for patients to call the pharmacist for consultation
    • Pharmacies should also address how to safely provide counseling to limited English proficient (LEP) patients that speak other languages
  • For pharmacies using electronic signature capture, reach out to your software vendor and request that documentation of the offer to counsel be added for all prescriptions during the check-out process
  • For pharmacies using paper signature logs, be sure the offer to counsel is being captured
    • PAAS offers a printable signature logbook on our portal which contains an “offer to counsel” column for refusal or acceptance
  • Confirm acceptance, or refusal, of counseling is readily available to print in case of an audit or inspection
  • To keep it simple, PAAS recommends documenting the offer to counsel for all patients as one standard of pharmaceutical care

Template Forms Can Lead to Audit Problems

At a time when the workday seems to be growing ever more hectic, prescribers and pharmacies may find pre-printed prescription forms convenient; especially for medications which are frequently utilized by a prescriber for treatment. Unfortunately, many PBMs prohibit pre-printed prescription form use for various reasons.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Forms created by the pharmacy for the prescriber can be more problematic, as they may give the impression that the pharmacy is soliciting prescriptions or influencing the prescriber to choose one specific NDC over others. Cookie-cutter forms that contain only a small list of high AWP items, with each option featuring identical quantities, sig, and refills, are likely to attract PBM scrutiny.

Additionally, PAAS National® has seen pre-printed prescription forms recouped during audits when they have cascading or overly broad substitutions. For example, if a topical medication is not covered, and the form provides a blanket allowance for the pharmacy to substitute the next topical medication on the list until one is covered, it could raise concerns about the pharmacy’s [conflicted] influence in the prescribing process. These medications are often more costly than preferred alternatives and can raise red flags for audits if the pharmacy is observed submitting claims, reversing them, and quickly billing for a different product. Many PBM provider manuals have now added language explicitly requiring pharmacies to have a verbal conversation with the prescriber before making any substitutions, which would need to be proven with a clinical note documented on the prescription.

Here is a summary of the three big PBM positions:

  • Caremark: Pre-printed forms resulting in the dispensing of products that are not the most cost-effective items are prohibited (even if they are different salts, bases, or have different release characteristics)
  • Express Scripts: Pharmacies using forms with multiple medications and substitution language must consult (and document) consultation with prescriber prior to dispensing the appropriate medication
  • OptumRx: Dispensing or distributing Prescription Drugs/Drug Products which are not based on valid prescriptions for individually identified Members or are otherwise on pre-populated or templated prescriptions is prohibited. Such pre-populated prescriptions may also not include options for substitute products without individualized prescriber authorization or annotation.

PAAS Tips:

  • Not all template prescriptions will draw the ire of PBMs
  • PAAS has seen enforcement mostly focused on:
    • High AWP products where a cheaper alternative is available
    • Compounded pain/scar creams with broad substitution language
    • High AWP dietary supplements

The Next Big Wave: Anticipating a Surge in HIPAA Compliance Audits

Desk audits, onsite audits, invoice audits…and HIPAA compliance audits?! Unfortunately every community pharmacy has some familiarity with third party payor audits, and PAAS National® audit analysts bring their expertise to guide members through the entire audit process, ensuring everything goes as smoothly as possible.

But what about HIPAA compliance audits? With a potential surge in these audits on the horizon, it is important for covered entities (i.e., pharmacies) to evaluate their HIPAA compliance policies and procedures to fortify their program.

You may ask, “Why are these audits being performed?”. The Health Information Technology for Economic and Clinical Health (HITECH) Act requires that the Department of Health and Human Services (HHS) conduct periodic HIPAA audits, submit an annual report to Congress on HIPAA compliance, and provide annual guidance on the most effective technical safeguards for meeting Security Rule requirements. The Office for Civil Rights (OCR), within HHS, is tasked with overseeing these responsibilities. To verify OCR was performing their respective duties, the Office of Inspector General (OIG) performed a review of OCR’s HIPAA compliance audit process.

According to the OIG November 2024 brief“OCR fulfilled its requirement under the HITECH Act to perform periodic HIPAA audits. However:

  • OCR’s HIPAA audit implementation was too narrowly scoped to effectively assess ePHI protections and demonstrate a reduction of risks within the health care sector. Specifically:
    • OCR’s audits consisted of assessing only 8 of 180 HIPAA Rules requirements; and
    • Only 2 of those 8 requirements were related to Security Rule administrative safeguards and none were related to physical and technical security safeguards.
  • OCR oversight of its HIPAA audit program was not effective at improving cybersecurity protections at covered entities and business associates.”

OIG recommended OCR increase the volume and breadth of their audits to raise their assurance that covered entities (like pharmacies) and business associates have complied with the Security Rule. OIG stated these audits will also help OCR provide covered entities with more opportunities to strengthen their security over ePHI.

Additionally, on December 27, 2024, OCR issued a Notice of Proposed Rule Making (NPRM) to modify the HIPAA Security Rule to strengthen cybersecurity protections for ePHI. This is the first time since 2013 that OCR seeks to update the Security Rule. With the dramatic increase in cybersecurity threats, both malicious and unintentional, it seems that updates are more important now than ever. A fact sheet on the NPRM is available online.

Since HIPAA compliance audits may be in your future (along with Security Rule updates), now is a great time to evaluate your HIPAA compliance program to get a good handle on where your vulnerabilities are, what threats you have and the risk of those threats. If you’re not sure where to start, check out the PAAS FWA/HIPAA Compliance Program!

PAAS Tips:

  • Understand the components and importance of a HIPAA Security Risk Analysis
    • Perform an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the pharmacy’s ePHI
    • Identify and implement reasonable and appropriate physical, technical, and administrative safeguards as required by the HIPAA Security Rule
  • Know the terms
    • Vulnerability – a flaw or weakness in system security procedures, design, implementation or internal controls
    • Threat – the potential for a person or thing to exercise a specific vulnerability (natural, human, and environmental)
    • Risk – a function of the probability that a threat will attack a vulnerability and the resulting impact to the organization
  • PAAS’ FWA/HIPAA Compliance Program members have access to:
    • Update their HIPAA Risk Analysis
    • Complete annual Cybersecurity training on the Member Portal
    • Policies and procedures to comply with HIPAA Privacy, Security and Breach Notification rules which include customized administrative, physical and technical safeguards
    • Contingency Planning and Preparedness
    • Pharmacist experts to support you in FWA/HIPAA Compliance
  • Watch the PAAS National® webinar, Cybersecurity Considerations for Community Pharmacies located on the Member Porta

Will Your Signature Logs Pass an Audit?

Since the beginning of the new year, PAAS National® has seen a 14% increase in audits from third-party payors (18% for onsite audits)! When collecting the requested documents for an audit, signature logs are commonplace. Invariably, the one patient who refuses to sign their name (or uses a smiley face instead) to confirm receipt of their prescriptions is selected for audit. To make matters worse, in February of 2024, OptumRx updated their Provider Manual, now stating that a missing signature is subject to full recoupment and no post audit documentation will be accepted. Consequently, questionable or missing signature logs can result in significant audit findings! 

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Many pharmacies have implemented a Point-of-Sale system (POS) in their pharmacies to ease the burden of storing paper signature logs and having easy access when asked to reproduce them. However, with the cost to implement and the extra costs in having an electronic system for deliveries, some pharmacies are still using both a POS system and paper signature logs for home/facility delivery. It is important that all elements are present on both the POS signature log as well as the delivery log.

PAAS Tips:

  • Patients refusing to sign can be a challenge that pharmacies should consider addressing more aggressively
    • Try explaining that their insurance requires a legible signature for proof of receipt
      • This is an opportunity to explain that PBM’s are ruthless on audits and that a missing signature means you could be out hundreds or thousands of dollars each time they refuse to sign
    • If a patient still refuses to sign for expensive medications, offer to reverse the claim and bill it without their insurance
    • Do not sign/print the patient’s name for them, or use their initials to give the appearance of the patient signing
  • Point-of-Sale electronic logs should contain:
    • Prescription number
    • Date filled or fill number
    • Date of pick-up
    • Signature of the patient or representative who picked up the medication
  • Delivery logs should contain:
    • Patient name
    • Prescription number
    • Date filled or fill number
    • Date delivered (handwritten by the person receiving the delivery)
    • Delivery address
    • Signature of the patient or representative who received the delivery
  • See the July 2024 Newsline article, Ensuring Audit Readiness: What PBMs Look for in Signature Logs and Proof of Delivery for more information on delivery and mailing requirements.

Audit Alert: Topical Nail Treatments

What do Jublia® (efinaconazole), ciclopirox (formerly Penlac®), and tavaborole (formerly Kerydin®) all have in common? Besides each being a topical solution for the treatment of onychomycosis (Jublia® and Kerydin® for toenails and Penlac® for fingernails and toenails), they also all require knowing the number of applications per bottle for calculating an accurate days’ supply. Unfortunately, manufacturers do not provide this information in the package insert, making these days’ supply calculations more difficult to ascertain. 

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Manufacturer guidelines for Jublia® indicate a patient should use one drop per toenail with the big toe requiring a second drop. A representative from the manufacturer responded to an inquiry from PAAS National® stating there are approximately 200 applications per 4 mL bottle. Confirm with the prescriber’s office how many nails are being treated (including if any big toes are affected), document with a clinical note, and update the patient’s label to include the clarification. If there is no indication of a big toe being treated, it will be assumed that it is not. Penlac® is similar to Jublia®; however, the manufacturer does not indicate how many applications are in each bottle. PAAS recommends using the same calculations as you would for Jublia®.

Jublia® example:

  • “Apply to 4 affected toenails including both big toes once daily”
  • 2 small toes + 2 big toes = (1 application x 2 small toes) + (2 applications x 2 big toes) = 6 applications/day
  • 4 mL = 200 applications ÷ 6 applications/day = 33 days’ supply
  • 8 mL = 400 applications ÷ 6 applications/day = 66 days’ supply

Penlac® example:

  • “Apply to 4 affected toenails including both big toes once daily”
  • 6.6 mL = approximately 330 applications ÷ 6 applications/day = 55 days’ supply

Kerydin® comes packaged in a 4 mL or 10 mL bottle. A representative from the manufacturer responded to an inquiry from PAAS stating each mL of the product contains 60 drops, therefore the 4 mL bottle has 240 drops and the 10 mL bottle has 600 drops. The representative went on to state patients should use 1-2 drops per treatment of the toe, with big toes requiring 3-4 drops per treatment. Kerydin® has the same clinical note documentation requirements as Jublia® and Penlac® regarding which toes are affected, and the clarification being added to the patient’s label.

Kerydin® example:

  • “Apply to 4 affected toenails including both big toes once daily”
  • 2 small toes + 2 big toes = (2 drops x 2 small toes) + (4 drops x 2 big toes) = max 12 drops/day
  • 4 mL = 240 drops ÷ 12 drops/day = 20 days’ supply
  • 10 mL = 600 drops ÷ 12 drops/day = 50 days’ supply

PAAS Tips:

  • Clinical notes should contain four elements:
    • Date
    • Name and title of who you spoke with
    • What was discussed
    • Your initials
  • Do not use PBM “drops per mL” general estimates to determine days’ supply
  • Clarify number of toes being treated, including whether the big toe is being treated
  • Update the patient label to include the clarification
  • If patients are requesting early refills, confirm they are applying correctly
  • Refer Jublia® patients to the manufacturer website for an instructional video

Caremark Aberrant Practices and Trends – Enforcement Extends Beyond the Aberrant Product List

PAAS National® analysts have worked with numerous pharmacies who have received communications related to Caremark’s proprietary Aberrant Product List or other alleged Atypical Dispensing Patterns. These letters are driven by Caremark’s Provider Manual section 3.02.03 which was expanded in 2022 as discussed in the Newsline article, Caremark® Expands “Aberrant” Language & Restricts Bulk Purchases.

These letters fall into two different categories:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Atypical Dispensing Patterns

Communications labeled Atypical Dispensing Patterns point out pharmacy claims that are seemingly “abnormal” (relative to an unknown standard) and notify pharmacies that they are being watched. These letters are educational only with no direct call to action and should be interpreted as a warning letter to prevent future enforcement actions.

Notice of Breach

Communications labeled Notice of Breach include a list of specific claims in the previous month that have created a contract violation or “breach” that must be resolved. These letters have aggressive language and indicate that Caremark may terminate the pharmacy’s network participation unless the pharmacy cures the breach and develops/implements a written Corrective Action Plan (CAP).

Breach letters are issued almost exclusively due to the dispensing of NDCs included on Caremark’s Aberrant Product List and only when the pharmacy has crossed an arbitrary threshold of 25% (by claim count or dollar amount) within a one-month period. The NDCs on this list are generally products with a high AWP that have lower cost alternatives that could be dispensed in their place.

PAAS Tips:

  • See Caremark’s Pharmacy Portal (https://rxservices.cvscaremark.com/) under Document Library>Audit (login required) for the most current Aberrant Product List
  • Notify PAAS if you are in receipt of a letter so that we can support you in developing a response
  • See the January 2023 Newsline article, Essential Elements of Corrective Action Plans for suggestions on how to develop a CAP

The NEW Inventory Transfer Log and Why it Could Save You Big!

PAAS National® analysts have walked many pharmacies through the ins and outs of invoice audits. During our consultations with members who have their results back, the question of “Why would my invoice not be accepted?” comes up regularly. The answer to this question is multifaceted and can take some investigative work to identify the root cause. The following is a non-exhaustive list of potential issues leading to invoices not being accepted:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Invoices were not sent directly from the wholesaler to the auditor
  • Invoices were not from a wholesaler with National Association of Boards of Pharmacy (NABP) Drug Distributor Accreditation, formerly known as VAWD, for OptumRx
  • Invoices for diabetic supplies were not purchased from an “authorized distributor” for Caremark or Express Scripts
  • Invoices show product purchases were outside the audit timeframe

Another invoice audit pitfall that has become increasingly common (possibly due to the increasing number of online purchasing platforms such as RxeedTM or MatchRX) are shortages due to incomplete documentation for pharmacy-to-pharmacy purchases. While the Drug Supply Chain Security Act (DSCSA) allows such sales between pharmacies, DSCSA requires that these transactions include the pedigree (aka Transaction Statement, Transaction History, and Transaction Information or “3Ts”) if they are for general stock replenishment, but DSCSA exempts transactions that are for a specific patient need and does not require the pedigree to be communicated for those purchases.

However, be aware that Caremark’s Provider Manual section 8.05 states that if product is received from another pharmacy, the purchasing pharmacy must obtain and maintain the entire Transaction Statement, Transaction History, and Transaction Information.

Similarly, OptumRx’s 2025 Provider Manual, First Edition Version 1.1 Section B. Pharmacy audits (Audits) and Claim Reviews states “Any inter-pharmacy transfers or purchases made through intermediary third parties or marketplaces for the purpose of increasing or replenishing stock, and not made to fulfill a specific patient need for an identified patient, are subject to the requirement to obtain transaction history, transaction information, and a transaction statement for the product. If purchases were made to fulfill a specific patient need, supporting documentation must be available and provided, if requested.” It goes on to say, “A Network Pharmacy Provider may transfer inventory to alleviate a temporary shortage or for the sale, transfer, merger or consolidation of all or part of the business of a pharmacy from or with another pharmacy, whether accomplished as a purchase and sale of stock or business assets. The transfer or purchase of covered legend and non-legend products or medical supplies form another licensed pharmacy must be verified and documented as originating from a NABP Drug Distributor Accreditation and licensed drug wholesaler, to include DSCSA-compliant transaction history, information and statement.”

PAAS has seen Caremark and OptumRx auditors request copies of the transferring pharmacy’s license and original invoices (and/or pedigree information) from the transferring pharmacy’s wholesaler. While PAAS strongly opposes these policies and enforcement efforts, PBMs hold an upper hand in an audit situation and consider the Provider Manual an extension of the agreement.

For those pharmacies who choose to make pharmacy-to-pharmacy purchases (directly, or indirectly through an online platform), PAAS recommends reviewing Caremark’s documentation guidelines and using a tool to ensure all information regarding the acquisition is appropriately gathered. PAAS analysts have developed just the tool you may wish to use, the Inventory Transfer Log! This log was developed solely to help pharmacies meet the strict requirements of PBMs and PAAS analysts strongly encourage its use for those who still choose to make pharmacy-to-pharmacy purchases. Additionally, for PAAS National® FWA/HIPAA Compliance members, this new tool can be found in Appendix B of your Policy & Procedure Manual with an accompanying Policy and Procedure in Section 4.1.4

This resource guides pharmacies through elements to document regarding the seller, the product purchased, the reason for acquisition, payment information, and even product inspection. While utilization of this tool is optional, procurement without appropriate documentation will likely cause the invoice to be excluded from an auditor’s inventory count and may lead to product shortages, audit recoupment, and (potentially) contract termination.

PAAS Tips:

  • Keep copies of all invoices and proof of purchases for 10 years as required by Medicare Part D retention requirements
  • Refer to the July 2024 Newsline article, Diabetic Test Strip Authorized Distributors, for links to manufacturer authorized distributor lists for major diabetic test strips
  • Review Section 8.05 of Caremark’s Provider Manual for more information on pharmacy-to-pharmacy transfers (available online in the Caremark pharmacy portal, log in required)
  • Pharmacies should carefully weigh the pros and cons of purchasing inventory from other pharmacies (whether directly or indirectly)
    • The November 2024 Newsline article, U.S. Government Alleges Counterfeit HIV Drugs Hiding in Pharmacy-to-Pharmacy Purchases, provides insight into the potential risks a pharmacy takes by obtaining medication outside of DSCSA “authorized Trading Partners”