Alleged Inattentiveness to Details Costs Pharmacy $70,000

The DEA was established as a federal agency to regulate drug laws and to prevent misuse and/or diversion of both controlled substance and non-controlled medications. Their effort to prevent misuse and diversion of controlled substance medications starts with pharmacies filling prescriptions based on valid hardcopies. As was the case for CVS Pharmacies in New Hampshire, red flags that the federal government believes would have alerted a pharmacist of a fraudulent prescription were ignored, resulting in an alleged 41 fraudulent prescriptions being filled for Adderall®, Ritalin®, and Xanax ®. In order to resolve the allegations, CVS agreed to pay $70,000.

This civil case against CVS came as a result of two criminal investigations into individuals who utilized a variety of CVS Pharmacies around New Hampshire to fill fraudulent prescriptions. This speaks to the importance of ensuring the prescriptions that you are filling at your pharmacies are valid and written for a valid medical purpose by a provider within their usual scope of practice.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Ensure your staff completes the annual Fraud, Waste, and Abuse Training. If you don’t have a compliance program at your pharmacy, check out the PAAS FWA/HIPAA Compliance program, which includes training, risk analysis, daily exclusion checking and customized compliance policy and procedure manual (with written policies and procedures – required by Medicare Part D and PBMs).
  • Be familiar with your state’s prescription requirements. Examples include:
    • Supervising physician for mid-level practitioners
    • Alphanumeric quantities on controlled substances
    • Security elements on written prescriptions
    • How long prescriptions are valid
  • Look for elements such as the Surescripts Provider Identifier (SPI), message ID, and transaction ID on electronic hardcopy prescriptions, along with “electronically signed by” or “authorized by” for controlled substances
  • Utilize your states Prescription Drug Monitoring Program
  • When in doubt, err on the side of caution – contact the prescriber to confirm the prescription prior to dispensing and annotate conversation with a clinical note
  • Reference PAAS’ July 2022 Newsline article that helps identify red flags, Beware: DEA and Wholesalers are Cracking Down on Controlled Substance Dispensing

Considerations With Ozempic 0.25 Weekly

PAAS National® analysts receive many questions on Ozempic® relating to concerns about off label use; however, we also receive questions about what days’ supply to submit on claims – particularly for initiation dosing.

Section 2.1 of the manufacturer’s product label (available on DailyMed) lists the recommended dosage schedule based on clinical trials and includes the following titration schedule:

  • Start OZEMPIC with a 0.25 mg subcutaneous injection once weekly for 4 weeks. The 0.25 mg dosage is intended for treatment initiation and is not effective for glycemic control.
  • After 4 weeks on the 0.25 mg dosage, increase the dosage to 0.5 mg once weekly.
  • If additional glycemic control is needed after at least 4 weeks on the 0.5 mg dosage, the dosage may be increased to 1 mg once weekly.
  • If additional glycemic control is needed after at least 4 weeks on the 1 mg dosage, the dosage may be increased to 2 mg once weekly. The maximum recommended dosage is 2 mg once weekly.

What happens if the prescriber wants a patient to stay on the 0.25 mg dose for longer than 4 weeks? What if the prescription simply states “inject 0.25 mg weekly”? What days’ supply should the pharmacy transmit?

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
Most pharmacists have heard the phrase, “start low and go slow” in their training (particularly for dosing elderly patients or when using medications with risk of unpleasant or risky side effects). While patients and prescribers can certainly take it slow with respect to dose titration to reduce gastrointestinal (GI) side effects, please be aware of two important points. First, as emphasized above, the 0.25 mg dosage is subtherapeutic and patients should not stay on this dose indefinitely. Second, while in-use Ozempic® pens have a 56-day beyond use date (which would allow eight weekly doses of 0.25 mg from the 2 mg/3 mL pen NDC 00169-418-13), there are only 6 pen needles included in the box.

If you receive a new Ozempic® prescription with instructions of 0.25 mg weekly, we suggest that pharmacies follow-up with prescribers to discuss the manufacturer recommended dosage titration and confirm if patients will be titrating the dose to 0.5 mg or 1 mg weekly, and when. If the prescriber’s office confirms that the patient should stay on the 0.25 mg weekly dose for eight weeks, then the pharmacy should submit the claim as a 56-day supply (if possible) and provide the patient with additional pen needles to accommodate all needed doses. As a reminder, pharmacies may be required to bill a claim as a 30-day supply due to plan limits – in these situations, make sure to follow the Can You Bill It As 30 Days? process to ensure that you do not refill early.

PAAS Tips:

  • Advise patients to NOT re-use pen needles
  • Do NOT advise patients to discard their first Ozempic pen at 42 days if they only use 0.25 mg per week
    • This would create unnecessary waste and could subject the claim to a future audit discrepancy for “early refills”
  • See August 2020 Newsline article, Ozempic® – Bill It Right! for examples on various titration schedules and suggested day supply for initial and maintenance dosing
  • See May 2023 Newsline article, Ozempic® Package Size Change for discussion of currently available NDCs, doses provided, and billing quantity

Electronic Clinical Notes: Are They Required?

There has been some discussion in pharmacy circles about clinical notes and whether PBMs are requiring them to be electronically annotated (or if hand-written clinical notes will continue to suffice).

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
While PAAS National® has not seen PBMs explicitly require this in their provider manuals, there are some compelling reasons your pharmacy should consider using electronic annotations.

First, DEA rule 21 CFR 1311.200(f) states that pharmacists must make and retain annotations electronically when filling an electronic prescription.

Second, be aware that state laws may require electronic annotations. For example, New York controlled substance rules mirror the DEA language when it comes to electronic prescriptions and annotations.

Third, while PBMs may not explicitly require electronic annotations, not having date and time stamped notes in your pharmacy software may be detrimental for audit appeals. Many PBMs are giving preference, or requiring, electronic date and time stamped clinical notes to appeal certain discrepancies successfully. With a date/time stamp, the detail provides validation to the PBM that they existed at the time of dispensing.

Examples:

  • Elixir requires electronic date and time stamped notes in a patient’s profile in order to appeal missing DAW 2 documentation.
  • Humana requires a copy of pharmacy electronically stored notes for various discrepancies, including missing information on a prescription and unauthorized refills showing information was confirmed at the time of dispensing.

PAAS Tips:

  • Clinical notes should contain 4 elements:
    • Date/time
    • Name and title of who you spoke with
    • Summary of discussion
    • Pharmacy staff initials
  • Make annotations electronically if possible. This can help avoid later audit appeal and legibility issues
  • If making handwritten annotations, ensure you rescan the prescription into your software
  • See the July 2023 Newsline article, Remember to Maintain and Provide Complete Clinical Notes!

Desk Audits for Worker’s Compensation Claims

PAAS National® analysts have recently seen an increase in desk audits for worker’s compensation claims, mostly performed by Script Care. There has been a high rate of fraud with worker’s compensation in the past and these claims are subject to more scrutiny.

Many states have additional laws specific to worker’s compensation and auditors have often cited prescriptions as “invalid” if prescriptions did not conform to these specific laws.

A few common audit discrepancies include:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  1. Missing/Incomplete documentation to support DAW-1 claims.
  2. Missing documentation to substantiate that worker’s compensation is the responsible payer (e.g., includes diagnosis code and date of injury).

Upon first receiving an audit contact PAAS (608) 873-1342 so that an analyst can assist you from the start of the audit for the best results.

PAAS Tips:

  • Consider recent fraud against the Department of Labor’s Office of Workers’ Compensation
    • Nine Defendants Sentenced in $126M Compounding Fraud Scheme
    • “Compound King” and Wife Sentenced in $21 Million Health Care Fraud Scheme; Fugitive Sought
    • Former Pharmacy Employee Admits Role in Multi-Million Dollar Illegal Kickback Scheme

Auditors Crack Down on Pharmacies That Bypass Plan Limits

PAAS National® analysts want to warn pharmacies about an uptick in PBMs flagging prescriptions for bypassing plan limit rejects. These prescriptions are being marked as discrepant and face full recoupment. Share this information with your staff and ensure that claims are not unintentionally being put at risk for audit/recoupment.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

When pharmacies receive a reject of plan limit or exceeds maximum daily dose, pharmacy staff must follow the plan guidelines to submit the claim appropriately. The plan sending this rejection is telling the pharmacy that the dosage is not covered without additional requirements. This could mean prior authorization, switching to a different dose, or changing to another medication.

Pharmacies that manipulate the days’ supply to bypass the rejection are putting those claims at risk of recoupment. PBMs can easily track when pharmacies run a claim, receive a reject, and immediately rebill for the same quantity but different days’ supply. This raises a red flag that the plan reject was likely not adhered to appropriately – low hanging fruit for PBM auditors.

Reducing the quantity and/or split billing prescriptions can also be an audit risk. If a reduced quantity is submitted to bypass the plan limit (e.g., to get under a dollar threshold), the claim is still in jeopardy of being recouped. Beyond circumventing a plan limit, the payor may argue it increased costs through additional refills, dispensing fees, and patient copays. One patient complaint to their plan could lead to big trouble for network pharmacies.

PAAS Tips:

  • Always bill the accurate days’ supply based on the instructions for use indicated on the prescription
  • Make sure all staff are instructed to follow plan rejects appropriately and not change the days’ supply to get a paid claim
  • Check with the PBM help desk for guidance on rejects that are vague or unclear
  • Do not split bill rejected claims
    • Charging the patient cash often leads to complaints [from the patient to an employer or PBM] and can be considered non-compliance with the provider manual and lead to remediation, including potential network termination
    • If you have exhausted all plan options and the patient insists on paying cash for the full prescription, be sure that you document authorization from the patient that they desired to pay the full cost and did not want to wait for the proper channels
  • If having difficulties with prescribers following through on prior authorization, enlist the patient to help. The patient could contact the prescriber and/or file a complaint with their insurance which may speed up the process.

Nearly 90% of Cyber Breaches are Caused by…

Every day, pharmacies and their hardworking staff safeguard patients’ Protected Health Information (PHI), but breaches still occur. The June 2023 Health and Human Services Office for Civil Rights (OCR) Cybersecurity Newsletter focused on providing an insight into cybersecurity authentication and tips for building a more robust “wall” for malicious actors to encounter before a breach could occur. The OCR newsletter indicated that according to a 2023 Data Breach Investigations Report, “86% of [cyber] attacks to access an organization’s Internet-facing systems (e.g., web servers, email servers) used stolen or compromised credentials” and “robust authentication serves as the first line of defense against malicious intrusions and attacks”.

As mentioned in the OCR newsletter, the National Institute of Standards and Technology’s Digital Identity Guidelines believes that “historically, three factors form the cornerstones of authentication:

  • Something you know (e.g., password, personal identification number (PIN))
  • Something you have (e.g., smart ID card, security token)
  • Something you are (e.g., fingerprint, facial recognition, other biometric data)”

Multi-factor authentication is a common method for ensuring the person gaining access to a system is, in fact, who they say they are. It would require one element from two different bullets listed above, such as a password plus a security token. The Cybersecurity Newsletter states that “Cyber-attacks often begin with a compromised password that is used to gain initial access to an electronic information system.” If a password is compromised through a successful phishing attempt, the second element (e.g., security token) may be enough to block unauthorized entry long enough for the Security Officer to perform an Information Systems Activity Review and identify the unusual activity and intervene.

Safeguarding PHI and being compliant with the HIPAA Security Rule is required for any entity handling PHI. The Security Rule was designed to be flexible, allowing providers with varying scopes, sizes and resources to be compliant. Whether your pharmacy has been around for 30 years or 30 days, a thorough evaluation of your HIPAA program should be done at least annually. The beauty of the PAAS National® Fraud, Waste & Abuse (FWA) and HIPAA Compliance Program, is that it mirrors the flexibility of the HIPAA Security Rule and is anything BUT a cookie-cutter program. Pharmacies perform a risk analysis upon enrolling in the program and answer questions which allows us to customize a compliance policy and procedure manual specific to your pharmacy. PAAS Analysts are always happy to discuss how the PAAS FWA/HIPAA Compliance Program is built to help you address federal regulations. Call (608) 873-1342 or visit PAASNational.com to see how you can become an FWA/HIPAA Compliance member today.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
  • Current FWA/HIPAA Compliance members can
    • Review sections 11.3.4 Information System Activity Review, 11.4 Workforce Security and 11.14 Access Control of the Policy and Procedure manual for more information
      • See Appendix B for the Information System Activity Review Log
    • Utilize the Employee Request for Access form in Appendix B to record the level of access and any keys or identification badges each employee possesses in order to perform their job duties, AND to record when the access is terminated, and keys/badges are returned
  • Provide each employee with their own unique log-in credentials and ensure their HIPAA training discusses the importance of safeguarding their passwords and all keys/security badges

Invoice Audits Are on the Rise – Are You Prepared for Success?

Most pharmacies have grown accustomed to desk audits and providing copies of prescriptions, signature logs, and even copay collection records to PBMs upon request. Additionally, many pharmacies can recount their most recent experience with an onsite auditor visiting their pharmacy and the numerous questions related to operations, policies & procedures, and credentialing. However, not as many pharmacies have experienced an invoice audit – the stakes are higher and honest mistakes can lead to very expensive lessons in the process.

PAAS National® analysts have helped our members navigate countless invoice audits. Our analyst team is here to assist you through the audit process from start to finish and that includes getting things done correctly long before the audit ever comes your way. Follow the tips below to have the most success.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Carefully evaluate your wholesalers/suppliers to ensure they are legitimate
    • NABP Accredited Drug Distributors can be found here
    • Wholesalers licensed in your state can be found here
    • Remember that OTC diabetic test strip manufacturers only sell their products to “authorized distributors” – see June 2023 Newsline article, LifeScan Extortion – Diabetic Test Strip “Authorized Distributors” for links to manufacturer websites
  • Limit purchases from other pharmacies to the minimum necessary
    • Drug Supply Chain Security Act (DSCSA) pedigree information is required unless purchase is (1) intra-company or (2) to fulfill a specific patient need
    • Full transaction details are required for audit purposes – see December 2022 Newsline article, Pharmacy to Pharmacy Inventory Transfers – Buyer Beware! for necessary documentation including selling pharmacy information and method of payment
  • Ensure pharmacy staff are billing the correct quantity based on NCPDP billing standards – when in doubt, call PAAS for help
  • Every claim billed must have NDCs that match the physical product being dispensed
    • No exceptions, all 11 digits matter
    • Includes all compound ingredients
    • PAAS recommends using barcode scanner to confirm NDC accuracy in pharmacy workflow
  • Confirm the pharmacy is appropriately reversing claims that are not dispensed

Billing Test Claims? It Can Cost You!

We have all been there – a prescriber calls the pharmacy to find out which prescription from a therapeutic category will be the most cost-effective for the patient. Without access to a plan formulary, the only way you can easily do this for the prescriber is to bill claims to the insurance one by one. Not only is this a time-consuming practice, it can also be costly because “test claims” are prohibited by most third-party payers.

Why would something that seems beneficial to a patient be prohibited? Unfortunately, test claims have been used by bad actors to maximize reimbursement from PBMs, often to the detriment of the plan, and even the patient. In a real-world example, a Florida pharmacy owner was recently convicted on two counts of soliciting and receiving illegal health care kickbacks and three counts of offering and paying illegal health care kickbacks. He was caught when billing test claims to maximize his reimbursement, then paying millions in kickbacks based on a percentage of the reimbursement to those willing to prescribe the most expensive drugs. He is currently awaiting sentencing which could include a maximum of 10 years in prison for each kickback count.

Another reason test claims are prohibited is because a pharmacy may forget to reverse a claim after testing it and receive payment for a prescription that does not exist, was not prescribed, purchased, or dispensed. This can financially impact the plan and can lead to mistakes and confusion for the patient regarding deductibles and coinsurance.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
  • Avoid test claims – any claim billed to a third-party should have a corresponding prescription in your records.
  • If a prescriber insists on checking formulary coverage, require them to authorize verbal orders for every claim submitted (with full prescription information).
  • If a claim is rejected, or the patient elects to not fill a prescription (and requests the hardcopy back), you still need to maintain a copy of the prescription for audit purposes.
  • Never “delete” prescription claims from your pharmacy software entirely – void or put on hold as a placeholder (even if billed under wrong patient by mistake).
  • Any claim sent to a third-party can be audited, even if reversed, so you must have a copy of the prescription available to send to an auditor to prove it was not a test claim.
  • Resist the Urge: Don’t Reverse Claims After Receiving an Audit written in May 2023 Newsline

MATE Training for Buprenorphine Prescribers

Historically, buprenorphine prescriptions with an indication of opioid dependence were an easy recoupment when an X-DEA number wasn’t included on the hardcopy. However, as discussed in our February 2023 Newsline article, XDEA Numbers Have Been NiXed…but Not the Training, X-DEA numbers are no longer required due to the Mainstreaming Addiction Treatment (MAT) Act, found in Section 1262 of the “Consolidated Appropriations Act of 2023”. Instead, there are now training requirements for DEA registrants before being able to prescribe buprenorphine prescriptions. Beginning on June 27, 2023, Section 1263 of the “Consolidated Appropriations Act of 2023”, the Medication Access and Training Expansion (MATE) Act, requires all new or renewing DEA registrants to have met at least one of the following requirements when submitting their DEA registration application:

  • A cumulative eight hours of training from approved organizations on opioid or other substance use disorders for practitioners prescribing any Schedule II-V controlled substance medications
  • Board certification in Addiction Medicine or Addiction Psychiatry from specific medical specialty boards
  • Graduated within the previous five years and “in good standing from medical, advanced practice nursing, or physician assistant school in the US that included successful completion of an opioid or other substance use disorder curriculum of at least eight hours”

How does this relate to your pharmacy?

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
Currently, there are 10 states that allow pharmacist to prescribe controlled substances to some capacity depending on state law – California, Idaho, Massachusetts, Montana, New Mexico, North Carolina, Ohio, Tennessee, Utah, and Washington. Due to the implementation of the MAT Act, DEA-registered pharmacists in those states may now be eligible to prescribe buprenorphine for patients with opioid use disorders. Also, take note that, barring any state-level requirements, pharmacies are not required to verify that prescribers have met the training requirements.

PAAS Tips:

  • Check your state for any laws applicable to buprenorphine prescribing [for opioid use disorder] as the more stringent regulation will take precedent
    • States that require practitioners to have waivers can use Substance Abuse and Mental Health Services Administration (SAMHSA) Buprenorphine lookup form to ensure practitioners’ certification
  • Refer to SAMHSA website on Training Requirement Resources
  • Review the DEA’s letter, dated March 27, 2023, outlining how practitioners are able to meet the new training requirements with more specifics, such as which accredited groups are able to provide the necessary training

Seeing Too Many or Repeated Prescription Validation Requests – Take Action!

In our February 2023 Newsline article, PBM Prescription Validation Requests Rose Nearly 20% in 2022, we mentioned that while the validation requests are a nuisance, they can work to the pharmacy’s benefit. Because the PBM is looking at the claim before payment is received, pharmacies can avoid incorrectly refilling a medication if an error is detected and potentially correct a billing error on the date that it is being reviewed. This can prevent large financial recoupments upon a future audit. These requests can also be very frustrating when the claim reviews are repetitious, and no billing errors are found creating work for the pharmacy without any need to correct the claim. See the PAAS tips below for best practices on how to track and manage duplicate or high numbers of validation requests.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Have a designated individual manage the validation requests
  • Keep a binder or folder to track of all requests from month to month
  • PAAS often sees duplicate validation requests from members on claims that have already been validated
  • If there is a claim that has already been validated with no issues, pharmacy should push back and ask the PBM (or contracting entity) to stop sending requests every month
  • OptumRx/EXL makes up the vast majority of the pre-pay reviews that members report to PAAS. If you feel you are getting a large number of requests from OptumRx, politely push back on this as well
  • If your pharmacy receives “results” from EXL for an OptumRx validation request, typically no action is required by the pharmacy at that time. OptumRx will review the electronic claims data and send the pharmacy a letter if they found an error on the claim.