be granted access to their own medical records (unless otherwise indicated as per 45 CFR §164.524(a)(2) or (a)(3)) whether they are asking for a copy to be provided to them personally or directed to another entity. The Office for Civil Rights [OCR] takes a patient’s right to access their records very seriously and will investigate [and potentially assess a monetary penalty] when a covered entity is found to not be appropriately following HIPAA Privacy Rules. The covered entity is encouraged to respond as soon as possible but must respond no later than 30 calendar days from the date of the request. If the covered entity is unable to comply with the request within 30 calendar days, they can be granted a one-time 30-day extension to their deadline, but they must notify the individual (in writing) of the reason for the delay and provide the date by which they will provide the records (refer to 45 CFR §164.524(b)(2) for additional information). Note some state privacy laws may be more stringent (e.g., Texas).
The request for PHI can be harder to validate when it is not coming from the patient for their own records. Recently, Anthem has been requesting information from numerous pharmacies across the United States. Each request has been issued by Episource, Datavant, or Cotiviti, purportedly on behalf of Anthem, Healthy Blue, or Wellpoint, and the request has been for patient information from January 2023 through current and can range from one patient to several dozen.
The request likely stems from recent investigations with the Office of Inspector General (OIG) looking into numerous Medicare Advantage plans which have uncovered an overabundance of up-coded claims with unsupported diagnosis codes. In an OIG report posted September 25, 2024, they describe selecting one Medicare Advantage organization (Humana) and “focused on eight groups of high-risk diagnosis code (high-risk groups). Our objective was to determine whether Humana’s submission of selected diagnosis codes to CMS, for use in CMS’s risk adjustment program, complied with Federal requirements.”
The results were astonishing! “For the eight high-risk groups covered by our audit, most of Humana’s submission of the selected diagnosis codes to CMS for use in CMS’s risk adjustment program did not comply with Federal requirements. Specifically, for 202 of the 240 sampled enrollee-years, the diagnosis codes that Humana submitted to CMS were not supported by the medical records and resulted in $497,225 in overpayments.” They go on to say, “On the basis of our sample results, we estimated that Humana received at least $13.1 million in overpayments for 2017 and 2018.”
Moreover, in October, OIG issued a report: Medicare Advantage: Questionable Use of Health Risk Assessments Continues to Drive Up Payments to Plans by Billions. It is likely that Medicare Advantage plans are fearful that their claims are up for review next. With such a large potential for CMS overpayment, it is probable that OIG will continue to investigate and try to put a stop to this inappropriate spending.
If your pharmacy receives one of these requests, it should be given to your pharmacy’s Privacy Officer for further evaluation and action. For PAAS Fraud, Waste and Abuse and HIPAA Compliance members, send us a copy of the request and we will walk you through considerations to facilitate your validation of the PHI request and potential documentation requirements.
PAAS Tips:
- Pharmacies are allowed to disclose PHI for the purposes of payment, treatment or healthcare operations (PTO)
- For non-PTO authorized disclosures, document all HIPAA requests to access or release PHI; PAAS FWA and HIPAA Compliance members can use the Request to Access or Release Protected Health Information form from Appendix B in your Policy & Procedure Manual
- All HIPAA-related documents must be maintained for a minimum of six years after the last effective date
- For additional guidance on grounds to deny the release of PHI, refer to 45 CFR §164.524(a)(2) and (a)(3); PAAS FWA and HIPAA Compliance members can review Sections 10.4 through 10.5.3 of your Policy & Procedure Manual for additional information
New Tool on PAAS Portal – Exceeding Days’ Supply Plan Limits for Unbreakable Packages
PAAS National® is continuously updating and creating new tools to help our members address common audit recoupment issues. Pharmacies frequently face recoupments due to overbilling multiple unbreakable packages or refilling claims too soon when billing for a single unbreakable package that exceeded the plan’s days’ supply limit.
The new tool, Exceeding Days’ Supply Plan Limits for Unbreakable Packages, provides a flow chart to follow based upon whether you are billing single or multiple unbreakable packages and receive a days’ supply plan limit rejection. Here is an example of each scenario:
Access the new tool on the Member Portal under Proactive Tips. You can also see PAAS’ Can You Bill It as 30 Days? resource when transmitting a claim for a quantity that exceeds the plan limitations. If you have questions about Member Portal access or this new tool, please contact PAAS for assistance.
Ask a PAAS Expert
While PAAS National® prides itself on being audit experts, audit assistance is more than just reactive support when an audit notice arrives. PAAS works tirelessly to provide pharmacies with tools and resources to reduce their audit risk and lessen the chances of being audited. Moreover, PAAS serves as a guiding light for community pharmacies with day to day pharmacy audit questions. Get expert answers to your questions on:
As a trusted partner, we provide tailored guidance to help you prevent audits. Remember, the prescription claims you submit today are the audits of the future.
Work to audit-proof your pharmacy today, do it right, and avoid future recoupments. Contact us to submit a question or complete the form on the Member Portal.
Ensure Your Team Is Prepared for PBM Audits
In an interview with Pharmacy Times at the National Association of Community Pharmacists 2024 Convention & Expo, Trent Thiede, PharmD, president of Pharmacy Audit Assistance Service (PAAS) International, discussed how pharmacy teams can remain prepared for audits from pharmacy benefit managers (PBMs).
Q: What are the common types of PBM audits that pharmacies face, and what specific documentation or records are typically requested? How do you stay informed about evolving audit requirements and best practices?
d
r
f
Click here to read more at PharmacyTimes.com
Best Practices for Proactively Preventing PBM Audit Issues | NCPA 2024
Pharmacy Benefit Managers (PBMs) routinely conduct audits on independent pharmacies with the stated goal of preventing fraud, waste, and abuse in medication dispensing. However, PBM audits often lack clear metrics and can include certain requirements without an explicit reason why. As these audits increase—in 2023 they shot up by as much as 29%1—many pharmacists who have failed them cite it as the primary reason why they can’t stay in business.2
Click here to continue to read the complete article at DrugTopics.com
Billing Coupons for Medicare Part D Patients – When Is It Okay?
The Office of Inspector General (OIG) has made it clear that using manufacturer coupon cards with federally funded programs is prohibited by Anti-Kickback Statutes [42 U.S.C. 1320a-7b]. However, pharmacies should be aware of organizations, like …
The Patient Access Network Foundation (PAN Foundation), that work as non-profits to help patients receive otherwise unaffordable treatment. The PAN Foundation website offers a section called PAN’s OIG Advisory Opinions and Bulletins that helps address how independent charitable patient assistant programs (PAPs) can maintain compliance with federal laws, regulations, and guidelines while providing cost-sharing assistance to Medicare Part D patients.
In the article OIG Special Advisory Bulletin on Patient Assistance Programs for Medicare Part D Enrollees, the OIG concludes that, “pharmaceutical manufacturer PAPs that subsidize Part D cost-sharing amounts present heightened risks under the anti-kickback statute. However, in the circumstances described in this Bulletin, cost-sharing subsidies provided by bona fide, independent charities unaffiliated with pharmaceutical manufacturers should not raise anti-kickback concerns, even if the charities receive manufacturer contributions.”
Be careful treading these waters as there have been previous concerns about the legitimacy of some of these charities. While PAAS National® cannot determine whether a specific copay card meets the requirements, the OIG has an advisory opinion process for individuals or entities that want affirmation that they will not infringe on fraud and abuse laws. Visit Advisory Opinion FAQs for more information.
PAAS Tips:
Representative NDC on Electronic Prescriptions Do Not Infer Specificity
When electronic prescriptions were first introduced, they were supposed to be more convenient for patients and cause less errors at the pharmacy (due to the legible nature of the information being sent from the prescriber). In practice, we know this has not always been the case. The directions may be confusing, the quantity not specified, and even the product selection could be left to interpretation.
While an NDC on an electronic prescription might give you reassurance on the product prescribed, pharmacies need to exercise caution. According to the NCPDP Representative NDC Use in Electronic Prescribing Fact Sheet,
“The representative NDC used is not intended to infer specificity or preference to the embedded manufacturer/labeler. The receiving pharmacy should not assume physician intent and can utilize their own drug selection and substitution logic based on proprietary logic and compliance with any state/federal laws and regulations as needed.”
Additionally, an NDC is not required to be sent by a prescriber on an electronic prescription, only the description of the medication. PBM auditors are likely to ignore the NDC on an electronic prescription in most cases and require a pharmacy to clarify any ambiguous product descriptions. For example, a prescription for Metformin HCL ER 500 mg with no other indication of dosage form. Even if a representative NDC is present that would imply a particular dosage form, an auditor will likely expect the pharmacy to clarify if the generic for Glucophage® XR, Fortamet®, or Glumetza® was intended.
However, being hypocrites, auditors will also try to use the representative NDC against a pharmacy. For example, if a prescription indicated representative NDC 00186-0370-28 (which is for Symbicort® 160/4.5 as a 6.9 g institutional pack size), but the pharmacy dispensed Symbicort® 160/4.5 inhaler at the retail pack size of 10.2 g; PAAS has seen auditors mark these claims as discrepant for dispensing the ‘wrong product’ even though it goes against NCPDP guidance (also predicated on quantity/unit of measure being prescribed).
PAAS Tips:
The Clock is Ticking: Complete Your Annual Training!
It is that glorious time of year again! Time for staff to be occupied not only with the daily activities of billing and filling medications, but also occupied with cough/cold/flu season, vaccine administration, answering Medicare Part D open enrollment questions, and holiday closures. Now is the time to ensure staff complete their annual Fraud, Waste & Abuse and HIPAA Compliance, Cultural Competency, and USP 800 Compliance training since the December 31st deadline will be here before we know it!
FWA/HIPAA Compliance Training: Employees who are involved with filling, billing, dispensing or delivery of Medicare and/or Medicaid prescriptions are required to be trained within 30 days of hire (per PBM requirements) and at least annually thereafter. Per CMS Chapter 9.50.3, training and education for employees does include the CEO and senior administrators or managers. Relief pharmacists, students, interns, job shadows, and delivery drivers also need training. The training must cover FWA and General Compliance topics and must include details outlining your pharmacy’s specific policies and procedures of how you prevent, detect, and correct FWA.
Current PAAS National® FWA/HIPAA Compliance Program members can meet annual training requirements through the PAAS Member Portal. A few important things to note:
Cultural Competency Training: As of April 2021, NCPDP required pharmacies to indicate if they train their staff on cultural competency and maintain evidence of such training, when going through the pharmacy’s annual NCPDP profile credentialing. Since adding this question, PBMs have decreased the number of direct attestations required of community pharmacies. However, indicating ‘no’ in NCPDP is not without potential repercussions as PBMs may exclude you from provider listings of culturally competent care, as this was required for Medicaid managed care plan directories. Additionally, there are federal requirements that have been in place for many decades. Read more on Does My Pharmacy Really Need Cultural Competency Training?
USP 800 Compliance Training: USP 800 is not just for compounding pharmacies, this occupational exposure extends to everyone working in the pharmacy, from the pharmacists and pharmacy technicians who handle hazardous drug (HDs), to those who work at the pharmacy counter or in the receiving and delivery areas. The key is developing good practices to contain or greatly reduce risk. Per OSHA, the safe handling of hazardous drugs in accordance with USP 800 is now considered a “national professional standard” as a pharmacy process “to protect the safety and health of employees”. A USP 800 compliance program is a necessary step to protect the health and safety of your employees, patients in your pharmacy, and the environment. It can also help reduce employer liability from frivolous lawsuits through employee training, competency documentation and employee acknowledgements.
If you are unsure of all the necessary requirements, contact PAAS at (608) 873-1342 today for more information.
2024 Self-Audit Series #9: Eye Drop Days’ Supply
Billing the accurate days’ supply for eye drops can be challenging. Despite what is drilled into pharmacists during schooling, there is no industry standard for drops/mL, and PBMs often use their own specific conversion factors. This variability adds complexity to accurately determining the appropriate days’ supply.” The PAAS National® Eye Drop Guidance chart has been created for our members to have the most up to date information from the major PBM provider manuals to assist them with this process.
Pharmacies must also take into consideration several eye drops that do not fall under the typical drops/mL conversion due to beyond use dating, single use vials, or atypical drop size. Recognizing these extra billing considerations is imperative to avoid potential audit issues.
Please refer to the following Newsline articles for information on some of these specific eye drops:
PAAS Tips:
PAAS Audit Assistance members can search the Newsline archive for keyword “2024 self-audit” to read previous articles in this series. If you have any questions on accessing the Member Portal, or need help adding employees so they have access, please contact us.
Hundreds of Patient Information Requests for Medicare: What This Means for Your Pharmacy
Pharmacy personnel are all tasked with keeping patient protected health information (PHI) secure. When a request to access or release PHI is received by the pharmacy, panic may ensue if staff are not well versed in how to handle the requests to be compliant with 45 CFR §164.524.
First, a patient must …
be granted access to their own medical records (unless otherwise indicated as per 45 CFR §164.524(a)(2) or (a)(3)) whether they are asking for a copy to be provided to them personally or directed to another entity. The Office for Civil Rights [OCR] takes a patient’s right to access their records very seriously and will investigate [and potentially assess a monetary penalty] when a covered entity is found to not be appropriately following HIPAA Privacy Rules. The covered entity is encouraged to respond as soon as possible but must respond no later than 30 calendar days from the date of the request. If the covered entity is unable to comply with the request within 30 calendar days, they can be granted a one-time 30-day extension to their deadline, but they must notify the individual (in writing) of the reason for the delay and provide the date by which they will provide the records (refer to 45 CFR §164.524(b)(2) for additional information). Note some state privacy laws may be more stringent (e.g., Texas).
The request for PHI can be harder to validate when it is not coming from the patient for their own records. Recently, Anthem has been requesting information from numerous pharmacies across the United States. Each request has been issued by Episource, Datavant, or Cotiviti, purportedly on behalf of Anthem, Healthy Blue, or Wellpoint, and the request has been for patient information from January 2023 through current and can range from one patient to several dozen.
The request likely stems from recent investigations with the Office of Inspector General (OIG) looking into numerous Medicare Advantage plans which have uncovered an overabundance of up-coded claims with unsupported diagnosis codes. In an OIG report posted September 25, 2024, they describe selecting one Medicare Advantage organization (Humana) and “focused on eight groups of high-risk diagnosis code (high-risk groups). Our objective was to determine whether Humana’s submission of selected diagnosis codes to CMS, for use in CMS’s risk adjustment program, complied with Federal requirements.”
The results were astonishing! “For the eight high-risk groups covered by our audit, most of Humana’s submission of the selected diagnosis codes to CMS for use in CMS’s risk adjustment program did not comply with Federal requirements. Specifically, for 202 of the 240 sampled enrollee-years, the diagnosis codes that Humana submitted to CMS were not supported by the medical records and resulted in $497,225 in overpayments.” They go on to say, “On the basis of our sample results, we estimated that Humana received at least $13.1 million in overpayments for 2017 and 2018.”
Moreover, in October, OIG issued a report: Medicare Advantage: Questionable Use of Health Risk Assessments Continues to Drive Up Payments to Plans by Billions. It is likely that Medicare Advantage plans are fearful that their claims are up for review next. With such a large potential for CMS overpayment, it is probable that OIG will continue to investigate and try to put a stop to this inappropriate spending.
If your pharmacy receives one of these requests, it should be given to your pharmacy’s Privacy Officer for further evaluation and action. For PAAS Fraud, Waste and Abuse and HIPAA Compliance members, send us a copy of the request and we will walk you through considerations to facilitate your validation of the PHI request and potential documentation requirements.
PAAS Tips:
If you are not a PAAS FWA/HIPAA Compliance member and you are interested in adding this service or learning more, please contact us at (608) 873-1342 or email info@paasnational.com
Avoid This Billing Pitfall with Your Medicare Part B Nebulizer Solution Claims
Correctly billing Medicare Part B can be tough. The Local Coverage Determinations and associated Policy Articles for each DMEPOS category, along with the Standard Documentation Requirements for All Claims Submitted to DME MACs, are filled with billing and documentation guidelines which suppliers must fully comprehend and follow to avoid claim chargeback. The PAAS National® 2024 DMEPOS Newsline Series is a great starting point for pharmacies to building their comprehension of these unique requirements. Simply keyword search “DMEPOS series” to read these articles in the archives.
A general overview of billing DMEPOS nebulizer solutions can be found in the April Newsline article, 2024 DMEPOS Series #2: Nebulizer Solutions. During recent Targeted Probe and Educate (TPE) audits from DME MAC CGS, PAAS analysts have seen an uptick in discrepant claims due to billing a larger amount than allowed as medically necessary.
Why This is Happening
Claims are flagged because a beneficiary is on either albuterol, albuterol/ipratropium combination, levalbuterol, or metaproterenol as a rescue or supplemental medication in addition to either formoterol or arformoterol. The presence of formoterol or arformoterol as an active medication for the beneficiary triggers a lower monthly maximum milligrams/month policy limit on the rescue or supplemental medication (i.e., albuterol, albuterol/ipratropium combination, levalbuterol, or metaproterenol).
How to Avoid This Pitfall
Pharmacies supplying any one of these four inhalation drugs in the table above should be reviewing all evidence prior to billing the claim to Part B to verify which monthly limit is applicable for the claim; here are several considerations:
If the investigation to any of the above considerations shows active formoterol or arformoterol, be sure:
PAAS Tips: