Caremark
Caremark’s Provider Manual states “notices will be delivered in person by mail, via fax the Provider’s fax number or by email via the email address provided by Provider in Provider’s enrollment documentation or as otherwise indicated by Provider to Caremark and agreed to by Caremark or via Pharmacy Portal.” It goes on to say that it is the responsibility of the provider to notify Caremark when contact information needs to be updated. There can also be times when Caremark will communicate via phone to pharmacies, most commonly seen with desk audits.
OptumRx
OptumRx’s Provider Manual states “Provider understands Administrator relies on the information about its Provider, as well as each Pharmacy location provided by NCPDP and directly to Administrator, therefore, Provider: (1) Agrees to update in a timely manner all information in the NCPDP database whenever … and (2) Immediately notifies ORx and NCPDP of updated contact information at pharmacyprograms@optum.com,including changes in telephone numbers, fax numbers, email address.” In addition, it states OptumRx may communicate via telephone, mail, fax, and/or email when it comes to conducting their audits.
Express Scripts
Express Script’s Provider Manual states “All changes to Provider demographic information for independent Network Providers must be submitted by logging onto https://www.esiprovider.com and completing the online Change of Demographics form. Provider shall also submit updated demographic information directly to NCPDP and/or any other third party website as applicable”. It also states Express Scripts will communicate via fax, email, or USPS when initiating an audit.
Prime Therapeutics
Prime Therapeutics uses the information pharmacies input to their NCPDP profile as their sole means of communication. In the Provider Manual, it states to go directly to the NCPDP’s website https://online.ncpdp.org to submit changes. Prime Therapeutic’s system will incorporate all new NCPDP updates on a weekly basis.
Humana
Humana’s Provider Manual states “[Humana] will notify all pharmacies via traditional mail (UPS or certified mail). If you prefer to be notified via email, we can send letters via secure message. To notify HPSX of your notification preference, please send an email to pharmacyaudit@humana.com.”
Elixir
Elixir also utilizes NCPDP to elicit pharmacy contact information. The Provider Manual states “Independent pharmacies are required to maintain NCPDP Part I and II with accurate and current information at all times as Elixir utilizes this information during its review.” Furthermore, the provider manual states “email is the preferred method for Pharmacy communications by Elixir. Pharmacies will be notified of any audit communications via fax unless the Pharmacy FWA Department has been notified of email preference”. The email to communicate an update in audit communication preference is PharmacyAudits@elixirsolutions.com
PAAS Tips:
- Update your safe sender list and/or junk mail to ensure any audit notices sent via email are received
- Educate pharmacy staff to watch faxes and email carefully for any PBM communications – tossing an audit can be costly
- Consider using an electronic/paperless fax system that records/retains all incoming faxes
- Ensure your pharmacy’s NCPDP profile is kept up to date as this is a primary means for many PBMs to gather pharmacies’ contact information – this should be updated whenever a change occurs
- Designate an email address that is routinely monitored to avoid missing timely audit communications
2024 Self-Audit Series #5: Topical Prescriptions
Topical medications are easy audit targets, especially with the rising costs of some of these medications. The discrepancy that is commonly cited for topical medications is …
Pharmacies must do their due diligence to ensure the appropriateness of what is being billed. Prescriptions that include the number of grams per application and a frequency can easily be billed with an accurate days’ supply. Vague instructions for use should be clarified with the prescriber and documented with a clinical notation on both the prescription and added to the patient’s label (an OptumRx requirement!).
Pharmacies must not rely on the days’ supply field indicated on an electric prescription as this is not accepted by PBM auditors. Prescriptions written for a quantity of “1”, are generally flagged for “incomplete quantity”. Auditors require a specific quantity in grams, milliliters, or pumps to be indicated. Verifying and documenting can help avoid audit recoupments!
PAAS Tips:
How to Safeguard Your Pharmacy from Fraudulent Electronic Prescriptions
PAAS National® has recently assisted pharmacies who received fraudulent electronic prescriptions from prescribers that had their electronic prescribing credentials hacked or stolen. There was a recent widespread e-prescription fraud reported earlier this year where criminals issued over 18,000 prescriptions to pharmacies in 18 states in just a 5-hour span.
Fraudulent prescriptions that are billed to the patient’s insurance are subject to full recoupment when audited by the PBM. Unfortunately, pharmacies will need to cooperate with the PBM audit process and prove that they were not willing participants by explaining their process of “due diligence” to authenticate the prescriptions. To offset the financial losses from PBM recoupment, pharmacies will need to lean on their business insurance or separately pursue legal action against the perpetrators.
Of course, it would be much better to avoid dispensing (and billing) these fraudulent prescriptions from the start. Although electronic prescriptions are generally safer than written or telephone prescriptions, they are still vulnerable to exploitation by criminals targeting unsuspecting pharmacies.
Here are some techniques to spot fraudulent electronic prescriptions at your pharmacy:
PAAS Tips:
What’s New with Prescription Validation Requests in 2024?
In the PAAS National® January 2024 Newsline article PBM Validation Requests Rose 123% in 2023 – What You Need to Know, we discussed the PBM trends we saw in 2023. Below is a list of drugs reviewed and analyst comments that have been compiled through the first six months of 2024 for comparison.
Top 5 drugs reviewed in 2023 compared to first half of 2024:
While Creon® is still one of the top PBM targets, you can see that during the first half of 2024, the PBMs have shifted their focus from monitoring insulin claims to GLP-1s and migraine medications, demonstrating how PBM audit trends change over time. Be assured that the PBMs will continue to send claim reviews for insulin as well. While they may not show in the top 5 drugs of 2024 so far, Tresiba®, Humalog®, Levemir®, insulin lispro and Toujeo® were all right behind Ubrelvy® in the number of claim reviews the PBMs have issued to date in 2024.
The top 5 comments noted by an analyst after claim review mimic the same 5 from 2023:
PAAS Tips:
Proper Billing of Nayzilam® and Valtoco® Nasal Sprays
A subset of patients who experience seizures due to epilepsy suffer from seizure clusters, despite being on maintenance epilepsy medications. Nayzilam® and Valtoco® are both FDA-approved for the “acute treatment of intermittent, stereotypic episodes of frequent seizure activity (i.e., seizure clusters, acute repetitive seizures) that are distinct from a patient’s usual seizure pattern” in patients 12 years and older and 6 years and older, respectively. Regardless, if your patient is prescribed Nayzilam® or Valtoco®, the perplexing billing opens the door for easy recoupments from PBMs.
The first step to take when receiving either a Nayzilam® or Valtoco® prescription is to ensure it has clear directions and quantity prescribed.
Per the manufacturer product label, the initial dose of Nayzilam® is one spray into one nostril. If needed, and the directions support, an additional spray may be administered into the opposite nostril 10 minutes after the initial dose if the patient has not responded to the initial dose. For Valtoco®, the number of sprays per dose is dependent on the strength prescribed. According to the manufacturer product label, the initial dose for the 5 mg and 10 mg strengths is one spray into one nostril while the initial dose for the 15 mg and 20 mg strengths is two sprays – one spray into each nostril. If needed, and the directions support, a second dose may be administered at least 4 hours after the initial dose if the patient has not responded to the initial dose.
Also, it is necessary to know the maximum number of episodes the patient is allowed to treat per month to correctly calculate the days’ supply. FDA-approved directions recommend no more than two doses of Nayzilam® should be used to treat a single episode and it should not be used to treat more than one episode every three days with a maximum of five episodes per month. Similarly, FDA-approved directions recommend no more than two doses of Valtoco® should be used to treat a single episode and it should not be used to treat more than one episode every five days with a maximum of five episodes per month.
See the chart below and PAAS Tips for recommended billing guidance, in addition to other prescription components necessary to best protect your pharmacy from audit recoupments:
PAAS Tips:
On-Demand Webinar: Cybersecurity Considerations for Community Pharmacies
On May 8, 2024, PAAS National® hosted a webinar: Cybersecurity Considerations for Community Pharmacies. PAAS Audit Assistance members have access to the recorded webinar, in addition to many other tools and resources on the PAAS Member Portal.
In a world where threats lurk around every digital corner, safeguarding sensitive information has never been more crucial. Recent events, such as the Change Healthcare cyberattack, serve as stark reminders of the pressing need for robust cybersecurity measures. In pharmacies, where compliance with regulations like HIPAA are of great importance, the stakes are higher than ever.
President of PAAS, Trent Thiede, discussed:
Should you have any questions, or need assistance getting access, call 608-873-1342 or email info@paasnational.com.
PAAS Tips:
The Different Cyclosporine Eye Drops That Could Cause Audit Trouble
Cyclosporine eye drops are used to increase tear production in individuals with certain eye conditions and dry eye disease. You are likely familiar with Restasis® and Restasis MultiDose®, but the newest cyclosporine product Vevye®, hit the market in late 2023.
00023-9163-60
60 Each
Caution: Restasis® is also available in a 5.5 mL multi-dose preservative-free bottle NDC 00023-5301-05
⃰ Written correspondence from manufacturer confirms 200 drops in a 2 mL bottle. 2 mL/0.01 mL per drop = 200 drops
PAAS Tips:
Independent Pharmacies are NOT Safe from Cyberattacks
Have you ever had your credit card stolen, lost your wallet, or misplaced your social security card? Whether it has happened to you or not, you can imagine the pit of despair that settles in your stomach knowing that one malicious actor is all it takes to create dreadful issues in your life by misusing your information. The compulsion to protect your own credit cards and social security number has likely been engrained into your brain and safeguarding the information is second nature. What may surprise you, is that a valid set of payment card details is only worth a little over $5 on the black market and a social security number is only valued at around $0.50, according to a Trustwave Global Security Report. What is even more surprising is the value of a health care record – one record goes for around $250. Some comprehensive health care records may even be valued as high as $2,000!
The data clearly shows there is a large financial incentive for malicious actors to target the healthcare sector. The 2022 Annual Report to Congress on Breaches of Unsecured Protected Health Information showed 68% of breaches reported to the Office for Civil Rights that affected 500 or more individuals were from health care providers, which supports the fact that all health care providers should be taking action to ensure the safety and security of their protected health information (PHI).
The 2022 Annual Report to Congress also indicated 74% of those breaches were reportedly due to hacking/IT incidents of electronic equipment or a network server. The compulsion to protect the pharmacy’s electronic PHI (ePHI) needs to be as important to pharmacy personnel as protecting their own credit card information and social security number. The first step in that process is educating staff on cybersecurity. Whether you are the owner or an employee at a high-volume, multi-store pharmacy or a low volume, single-store independent pharmacy, your data is enticing to malicious actors and no pharmacy is safe from cyberattacks.
The IBM Cost of a Data Breach Report 2023 found that a malicious insider accounted for about 6% of the data breaches but was the most costly type of data breach, resulting in an annual cost of around $4.9 million dollars. Phishing and stolen or compromised credentials had an associated annual cost of $4.76 million and $4.62 million, respectively, but were more prevalent accounting for over 30% of the breach attack vectors. Additionally, only one in three organizations identified a breach using their organization’s own security team or tools—meaning, two out of three organizations had their breaches reported to them by law enforcement or the entity that unlawfully accessed their records (like when a ransom request was received to release their data). It also took an average of over 200 days from the date of the breach to identify that the breach occurred and another 73 days to contain the breach. Most pharmacies will take a full year to recover from a large data breach.
Rather than getting wrapped up in the financial and time-consuming repercussions of a large breach, be protective. Cybersecurity training is essential to protecting your business, your reputation, and your ePHI. Having a tailored policy and procedure for protecting ePHI is only as good as the staff that adhere to those policies and procedures. A single careless or negligent employee can be the weak link broken by bad actors and may be the end of the pharmacy’s good reputation…and hard-earned money.
PAAS Tips:
Commercial Claims Reimbursed through Embedded GoodRx® Discount Cards
Pharmacies have been reaching out to PAAS National® with concerns about claims being reimbursed through an embedded discount card (e.g., GoodRx®) rather than a patient’s commercial insurance plan benefit. Most concerning is that these claims have negative remittances or “clawback fees” that reduce pharmacy revenue and may pose problems when trying to perform a Coordination of Benefits (COB) claim to a secondary payer, such as Medicaid.
PAAS wrote about Discount/Cash Cards being disruptors in the industry last March, after speaking at NCPA’s Multiple Locations Conference. The crux of the issue is discount cards have been gaining popularity (no thanks to GoodRx®) and have been effective at undermining the perceived benefit that PBMs are supposed to provide (i.e., why is GoodRx® able to offer a better price on my prescriptions than my insurance?). Consequently, major PBMs have embedded these discount card networks into the plan benefit design, which allows patient pay amounts to count towards deductibles (see press releases as follows).
While a pharmacy may have chosen to decline processing claims for GoodRx®, these newly embedded plans are not as easily identifiable (particularly in advance), and when they are, pharmacies can find themselves in a precarious situation. Contractually, pharmacies should not …
In some instances, we have seen Caremark claims provide an adjudication message notifying [the pharmacy] that the claim processed via a discount card and that the patient may ‘opt out’ if their claim needs to be processed as a COB. If Medicaid is a secondary payor, patients would need to ‘opt out’ of the Cost Saver option and then the pharmacy would be able to reverse and reprocess claims through the commercial benefit (not the discount card) to allow appropriate COB processing.
While PAAS strongly opposes this novel PBM tactic to gouge network pharmacies, it’s important to be aware of downstream effects if drastic measures are taken. PBMs can easily identify pharmacies that are quickly reversing claims processed under discount networks.
Here is a video explaining the workflow of these discount card claims and how the money is suspected to flow.
PAAS Tips:
Missing PBM Audit Notifications: How Are They Supposedly Sent?
At times, pharmacies fail to receive audit notifications, even though PBMs record them as “successfully” delivered. Thus, understanding how PBMs communicate with pharmacies can be beneficial. Here, we will examine the communication methods outlined in each major PBM provider manual:
Caremark
Caremark’s Provider Manual states “notices will be delivered in person by mail, via fax the Provider’s fax number or by email via the email address provided by Provider in Provider’s enrollment documentation or as otherwise indicated by Provider to Caremark and agreed to by Caremark or via Pharmacy Portal.” It goes on to say that it is the responsibility of the provider to notify Caremark when contact information needs to be updated. There can also be times when Caremark will communicate via phone to pharmacies, most commonly seen with desk audits.
OptumRx
OptumRx’s Provider Manual states “Provider understands Administrator relies on the information about its Provider, as well as each Pharmacy location provided by NCPDP and directly to Administrator, therefore, Provider: (1) Agrees to update in a timely manner all information in the NCPDP database whenever … and (2) Immediately notifies ORx and NCPDP of updated contact information at pharmacyprograms@optum.com,including changes in telephone numbers, fax numbers, email address.” In addition, it states OptumRx may communicate via telephone, mail, fax, and/or email when it comes to conducting their audits.
Express Scripts
Express Script’s Provider Manual states “All changes to Provider demographic information for independent Network Providers must be submitted by logging onto https://www.esiprovider.com and completing the online Change of Demographics form. Provider shall also submit updated demographic information directly to NCPDP and/or any other third party website as applicable”. It also states Express Scripts will communicate via fax, email, or USPS when initiating an audit.
Prime Therapeutics
Prime Therapeutics uses the information pharmacies input to their NCPDP profile as their sole means of communication. In the Provider Manual, it states to go directly to the NCPDP’s website https://online.ncpdp.org to submit changes. Prime Therapeutic’s system will incorporate all new NCPDP updates on a weekly basis.
Humana
Humana’s Provider Manual states “[Humana] will notify all pharmacies via traditional mail (UPS or certified mail). If you prefer to be notified via email, we can send letters via secure message. To notify HPSX of your notification preference, please send an email to pharmacyaudit@humana.com.”
Elixir
Elixir also utilizes NCPDP to elicit pharmacy contact information. The Provider Manual states “Independent pharmacies are required to maintain NCPDP Part I and II with accurate and current information at all times as Elixir utilizes this information during its review.” Furthermore, the provider manual states “email is the preferred method for Pharmacy communications by Elixir. Pharmacies will be notified of any audit communications via fax unless the Pharmacy FWA Department has been notified of email preference”. The email to communicate an update in audit communication preference is PharmacyAudits@elixirsolutions.com
PAAS Tips:
2024 Self-Audit Series #4: Transferred Prescriptions
Making sure your transferred prescriptions are complete can be one of the easiest audit recoupments to prevent.
Transferred prescriptions can easily be targeted for audit based on the origin code billed on the claim. High dollar claims with an Origin Code of 5 have an increased likelihood for audit. Consider utilizing this information to self-audit your transferred prescriptions on a regular basis.
PAAS Tips: