In a world where threats lurk around every digital corner, safeguarding sensitive information has never been more crucial. Recent events, such as the Change Healthcare cyberattack, serve as stark reminders of the pressing need for robust cybersecurity measures. In pharmacies, where compliance with regulations like HIPAA are of great importance, the stakes are higher than ever.
PAAS National® is excited to announce the launching of a new training series to FWA/HIPAA Compliance Program members: PAAS Cybersecurity Training. This comprehensive training series, provided at no extra cost, represents a proactive step towards mitigating risks and fostering a culture of security awareness among pharmacy staff.
Comprising of five modules, each tailored to address specific cybersecurity challenges, PAAS’ training empowers employees with knowledge and best practices to hinder potential threats related to:
- Network Connected Medical Device Security
- Insider Data Loss
- Loss or Theft of Equipment and Data
- Ransomware
- Social Engineering
PAAS’ unique approach to training ensures its content resonates with all pharmacy staff. PAAS’ Cybersecurity Training will have the same look and feel that FWA/HIPAA compliance members are familiar with.
It’s important to recognize that cybersecurity is not a one-size-fits-all endeavor. The dynamic nature of threats necessitates continual adaptation and vigilance, tailored to the unique circumstances of each organization. While our training equips participants with essential knowledge, it does not provide foolproof safeguards.
We encourage FWA/HIPAA Compliance members to complement this training by reviewing their HIPAA Security Risk Analysis regularly, ensuring it remains current and aligned with evolving natural, human and environmental threats.
OptumRx Targeting Medications Requiring Dispensing in Original Containers
Recent audit results coming into PAAS National® are showing OptumRx auditors have their sights set on several medications that are required to be dispensed in the original container.
PAAS has notified members of common medications (e.g., Creon® and Linzess®) being targeted for recoupment on audits when dispensed outside manufacturer guidelines. However, several new medications have been added to their target list …
Please visit the Member Portal for the most current Dispense in Original Container Chart, that is updated as information is available.
Without PBM hard stops in place at claim adjudication (which is complete malarky), the burden falls on the pharmacy to ensure FDA dispensing requirements are met. Don’t fall into the trap and face recoupment because you billed a claim that was not divisible by the package size (e.g., dispensing 28 tablets with a 30-count bottle size – only billed in multiples of 30).
Pharmacies that service long-term care and assisted living facilities, or provide special packaging for patients on a sync program, tend to be at the highest risk for billing these claims incorrectly. Often, the manufacturer has not provided any stability information that supports breaking the stock bottle, therefore this medication should not be dispensed using special packaging.
PAAS Tips:
2024 Self-Audit Series #3: Invoice Audits
The number of invoice audits continues to rise from Medicaid, and PBMs, across the board. This investigational audit is a way to potentially identify false or phantom claims. Auditors will reconcile the claims billed by a pharmacy during a certain timeframe, with the purchases made. This process ensures the pharmacy had inventory on hand to dispense for the claims they billed. Many PBMs, including OptumRx®, Elixir®, and Express Scripts® request pharmacies provide a full dispensing history for further reconciliation.
Some inventory audits are frequently combined with a desk audit. PBMs like Caremark request a high number of prescriptions, signature logs, and proof of copay collection. The amount of data a pharmacy is required to provide can be very overwhelming and time consuming. Performing internal, “mock audits” may help you be better prepared when receiving an invoice audit request.
Pharmacies must be diligent in following PBM requirements for purchasing. Audit recoupments can easily reach hundreds of thousands of dollars when invalid purchases are not accepted.
PAAS Tips:
2024 DMEPOS Series #3: Ostomy Supplies
Many pharmacies struggle with DMEPOS audits due to the complexity in medical billing and the onerous documentation requirements. Medicare Part B suppliers need to be able to produce all the required documentation if audited, and make sure all documentation meets Medicare Part B standards. This DMEPOS series is intended to help you understand these complexities and gather the needed documents.
In particular, you should be able to show the following if audited on ostomy supplies:
Other considerations include:
PAAS Tips:
Audit Preparedness in Long-Term Care Claims: Implementing Proactive Measures
The practice of LTC pharmacy is different – look no farther than the dichotomy between prescriptions and orders. While state laws may be vague or unclear, resulting in pharmacists using professional judgement, PBMs have their own requirements. Do PBM Provider Manuals (and auditors) view LTC differently? The answer may surprise you—not as much as one may think and following the “LTC is different” mindset may lead to a lot of extra work (or recoupments) if you find yourself with an audit. Insufficient documentation for Long-Term Care (LTC) prescription claims is a topic PAAS National® analysts cover frequently during audit preparation consultations with members operating combo shop pharmacies and/or closed door LTC pharmacies. Our analysts are experts in understanding the documentation requirements for both retail and LTC claims and want you to be comfortable and confident in your documentation as well. One reference tool the PAAS analyst will utilize when educating pharmacies …
Apart from the facility name and the small nuances with duration of therapy, the elements above should look very familiar as they are the same elements prescriptions for retail claims should have. Other similarities between retail and LTC requirements include:
While daily operations and workflow in a closed-door LTC pharmacy may be vastly different from that of a retail pharmacy, the pharmacy still has the same requirement to provide proof of a valid prescription, proof of dispensing, proof of copay collection, and proof of sufficient inventory. Failing to have sufficient documentation could mean claim recoupment, accusations of fraud, waste, or abuse, and (potentially) contract termination.
PAAS Tips:
V-Go® All-In-One Insulin Delivery Patch
The V-Go® all-in-one insulin delivery patch is a disposable device approved for use in patients with Type 2 diabetes. Because it is “disposable” and not “durable”, it is covered under Medicare Part D (rather than Part B). The device comes in three different strengths that deliver a basal dose of 20 units, 30 units, or 40 units of rapid acting U-100 insulin (such as Humalog® or Novolog®) per 24 hours. Additionally, each device can deliver up to 36 units of on-demand bolus insulin for mealtimes (in 2-unit increments). Prescribers will need to issue two separate prescriptions for patients – the prescription for #30 V-Go® devices to last one month and a prescription for the rapid acting U-100 insulin to put into the devices (typically 20-30 mL).
According to the instructions for patient use, patients must fill each device completely each day and each device holds slightly more than it can actually deliver. The amount of insulin each device can hold is referred to by the manufacturer as the Minimum System Daily Insulin Requirement and the amount of insulin each device can deliver is referred to as the Minimum Reservoir Dosing Capacity.
The table below summarizes each device and provides an estimated day supply to bill based on the number of vials of insulin and the amount of insulin used to fill each device.
PAAS Tips:
The Alarming Toll of HIPAA Breaches: Over 41 Million Individuals Affected in 2022
Each year, the Health and Human Services Office for Civil Rights (OCR) composes detailed reports on HIPAA compliance and breaches of unsecured Protected Health Information (PHI) and delivers them to Congress. The latest report is that of events from the 2022 calendar year. These reports can teach us about weaknesses in the HIPAA policies and procedures of other entities, the most common types of threats from malicious actors, and help educate staff on identifying vulnerabilities in the pharmacy’s safeguards during their next Risk Analysis.
Here are a few of the key takeaways from the 2022 Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance:
The 2022 Annual Report to Congress on Breaches of Unsecured Protected Health Information had several key takeaways as well:
According to OCR, “There is a continued need for regulated entities to improve compliance with HIPAA Rules. In particular, the Security Rule standards and implementation of specifications of risk analysis, risk management, information system activity review, audit controls, response and reporting, and person or entity authentication were areas identified as needing improvement in 2022 OCR breach investigations.”
If you are not sure where to start, contact PAAS National® (608) 873-1342 for more information on PAAS’ FWA/HIPAA Compliance Program that is easy to set-up, web-based and customized for your pharmacy.
On-demand webinar: Cybersecurity Considerations for Pharmacies
On May 8, 2024 PAAS National® hosted “Cybersecurity Considerations for Pharmacies” webinar.
In a world where threats lurk around every digital corner, safeguarding sensitive information has never been more crucial. Recent events, such as the Change Healthcare cyberattack, serve as stark reminders of the pressing need for robust cybersecurity measures. In pharmacies, where compliance with regulations like HIPAA are of great importance, the stakes are higher than ever.
President of PAAS National®, Trent Thiede, discussed:
Access the recorded webinar
Distribution Required: Medicare Prescription Drug Coverage and Your Rights (CMS-10147)
When a pharmacy receives a rejection for a claim not being covered by Medicare Part D, the pharmacy must provide the patient with the CMS-10147 form, also known as the Medicare Prescription Drug Coverage and Your Rights. All pharmacies, including mail order, specialty, and LTC, must arrange for this form to be distributed to the patient. The notice instructs enrollees about their right to contact their Part D plan to request a coverage determination, including an exception.
While documentation is not required when distributing the CMS-10147, your pharmacy should have a policy and procedure in place addressing how and when the form is being distributed to patients. PBM field auditors may ask you questions about your process and will possibly want to see a copy of your form to ensure you have the most up-to-date version.
PAAS Tips:
Introducing PAAS Cybersecurity Training
In a world where threats lurk around every digital corner, safeguarding sensitive information has never been more crucial. Recent events, such as the Change Healthcare cyberattack, serve as stark reminders of the pressing need for robust cybersecurity measures. In pharmacies, where compliance with regulations like HIPAA are of great importance, the stakes are higher than ever.
PAAS National® is excited to announce the launching of a new training series to FWA/HIPAA Compliance Program members: PAAS Cybersecurity Training. This comprehensive training series, provided at no extra cost, represents a proactive step towards mitigating risks and fostering a culture of security awareness among pharmacy staff.
Comprising of five modules, each tailored to address specific cybersecurity challenges, PAAS’ training empowers employees with knowledge and best practices to hinder potential threats related to:
PAAS’ unique approach to training ensures its content resonates with all pharmacy staff. PAAS’ Cybersecurity Training will have the same look and feel that FWA/HIPAA compliance members are familiar with.
It’s important to recognize that cybersecurity is not a one-size-fits-all endeavor. The dynamic nature of threats necessitates continual adaptation and vigilance, tailored to the unique circumstances of each organization. While our training equips participants with essential knowledge, it does not provide foolproof safeguards.
We encourage FWA/HIPAA Compliance members to complement this training by reviewing their HIPAA Security Risk Analysis regularly, ensuring it remains current and aligned with evolving natural, human and environmental threats.
Are You Prepared for a Spravato® Audit?
Spravato® is a Schedule III controlled substance delivered via intranasal spray, used in conjunction with an oral antidepressant, to address treatment-resistant depression in adults. It is a part of the Risk Evaluation and Mitigation Strategies (REMS) Program, necessitating, dispensing and administration exclusively in a REMS-certified healthcare setting. The FDA mandates specific requirements to mitigate the risks of serious adverse effects stemming from sedation, dissociation, and the potential for abuse and misuse.
Prescribed for weekly or bi-weekly use, a single Spravato® claim can cost you thousands of dollars. PAAS National® has seen audits with full claim recoupments being requested as a result of missing dosage and frequency instructions, as well as incomplete dispensing records. To minimize the risk of a Spravato® claim being recouped during an audit, consider the following PAAS tips: