Caremark
Caremark’s Provider Manual states “notices will be delivered in person by mail, via fax the Provider’s fax number or by email via the email address provided by Provider in Provider’s enrollment documentation or as otherwise indicated by Provider to Caremark and agreed to by Caremark or via Pharmacy Portal.” It goes on to say that it is the responsibility of the provider to notify Caremark when contact information needs to be updated. There can also be times when Caremark will communicate via phone to pharmacies, most commonly seen with desk audits.
OptumRx
OptumRx’s Provider Manual states “Provider understands Administrator relies on the information about its Provider, as well as each Pharmacy location provided by NCPDP and directly to Administrator, therefore, Provider: (1) Agrees to update in a timely manner all information in the NCPDP database whenever … and (2) Immediately notifies ORx and NCPDP of updated contact information at pharmacyprograms@optum.com,including changes in telephone numbers, fax numbers, email address.” In addition, it states OptumRx may communicate via telephone, mail, fax, and/or email when it comes to conducting their audits.
Express Scripts
Express Script’s Provider Manual states “All changes to Provider demographic information for independent Network Providers must be submitted by logging onto https://www.esiprovider.com and completing the online Change of Demographics form. Provider shall also submit updated demographic information directly to NCPDP and/or any other third party website as applicable”. It also states Express Scripts will communicate via fax, email, or USPS when initiating an audit.
Prime Therapeutics
Prime Therapeutics uses the information pharmacies input to their NCPDP profile as their sole means of communication. In the Provider Manual, it states to go directly to the NCPDP’s website https://online.ncpdp.org to submit changes. Prime Therapeutic’s system will incorporate all new NCPDP updates on a weekly basis.
Humana
Humana’s Provider Manual states “[Humana] will notify all pharmacies via traditional mail (UPS or certified mail). If you prefer to be notified via email, we can send letters via secure message. To notify HPSX of your notification preference, please send an email to pharmacyaudit@humana.com.”
Elixir
Elixir also utilizes NCPDP to elicit pharmacy contact information. The Provider Manual states “Independent pharmacies are required to maintain NCPDP Part I and II with accurate and current information at all times as Elixir utilizes this information during its review.” Furthermore, the provider manual states “email is the preferred method for Pharmacy communications by Elixir. Pharmacies will be notified of any audit communications via fax unless the Pharmacy FWA Department has been notified of email preference”. The email to communicate an update in audit communication preference is PharmacyAudits@elixirsolutions.com
PAAS Tips:
- Update your safe sender list and/or junk mail to ensure any audit notices sent via email are received
- Educate pharmacy staff to watch faxes and email carefully for any PBM communications – tossing an audit can be costly
- Consider using an electronic/paperless fax system that records/retains all incoming faxes
- Ensure your pharmacy’s NCPDP profile is kept up to date as this is a primary means for many PBMs to gather pharmacies’ contact information – this should be updated whenever a change occurs
- Designate an email address that is routinely monitored to avoid missing timely audit communications
Proper Billing of Nayzilam® and Valtoco® Nasal Sprays
A subset of patients who experience seizures due to epilepsy suffer from seizure clusters, despite being on maintenance epilepsy medications. Nayzilam® and Valtoco® are both FDA-approved for the “acute treatment of intermittent, stereotypic episodes of frequent seizure activity (i.e., seizure clusters, acute repetitive seizures) that are distinct from a patient’s usual seizure pattern” in patients 12 years and older and 6 years and older, respectively. Regardless, if your patient is prescribed Nayzilam® or Valtoco®, the perplexing billing opens the door for easy recoupments from PBMs.
The first step to take when receiving either a Nayzilam® or Valtoco® prescription is to ensure it has clear directions and quantity prescribed.
Per the manufacturer product label, the initial dose of Nayzilam® is one spray into one nostril. If needed, and the directions support, an additional spray may be administered into the opposite nostril 10 minutes after the initial dose if the patient has not responded to the initial dose. For Valtoco®, the number of sprays per dose is dependent on the strength prescribed. According to the manufacturer product label, the initial dose for the 5 mg and 10 mg strengths is one spray into one nostril while the initial dose for the 15 mg and 20 mg strengths is two sprays – one spray into each nostril. If needed, and the directions support, a second dose may be administered at least 4 hours after the initial dose if the patient has not responded to the initial dose.
Also, it is necessary to know the maximum number of episodes the patient is allowed to treat per month to correctly calculate the days’ supply. FDA-approved directions recommend no more than two doses of Nayzilam® should be used to treat a single episode and it should not be used to treat more than one episode every three days with a maximum of five episodes per month. Similarly, FDA-approved directions recommend no more than two doses of Valtoco® should be used to treat a single episode and it should not be used to treat more than one episode every five days with a maximum of five episodes per month.
See the chart below and PAAS Tips for recommended billing guidance, in addition to other prescription components necessary to best protect your pharmacy from audit recoupments:
PAAS Tips:
On-Demand Webinar: Cybersecurity Considerations for Community Pharmacies
On May 8, 2024, PAAS National® hosted a webinar: Cybersecurity Considerations for Community Pharmacies. PAAS Audit Assistance members have access to the recorded webinar, in addition to many other tools and resources on the PAAS Member Portal.
In a world where threats lurk around every digital corner, safeguarding sensitive information has never been more crucial. Recent events, such as the Change Healthcare cyberattack, serve as stark reminders of the pressing need for robust cybersecurity measures. In pharmacies, where compliance with regulations like HIPAA are of great importance, the stakes are higher than ever.
President of PAAS, Trent Thiede, discussed:
Should you have any questions, or need assistance getting access, call 608-873-1342 or email info@paasnational.com.
PAAS Tips:
The Different Cyclosporine Eye Drops That Could Cause Audit Trouble
Cyclosporine eye drops are used to increase tear production in individuals with certain eye conditions and dry eye disease. You are likely familiar with Restasis® and Restasis MultiDose®, but the newest cyclosporine product Vevye®, hit the market in late 2023.
00023-9163-60
60 Each
Caution: Restasis® is also available in a 5.5 mL multi-dose preservative-free bottle NDC 00023-5301-05
⃰ Written correspondence from manufacturer confirms 200 drops in a 2 mL bottle. 2 mL/0.01 mL per drop = 200 drops
PAAS Tips:
Independent Pharmacies are NOT Safe from Cyberattacks
Have you ever had your credit card stolen, lost your wallet, or misplaced your social security card? Whether it has happened to you or not, you can imagine the pit of despair that settles in your stomach knowing that one malicious actor is all it takes to create dreadful issues in your life by misusing your information. The compulsion to protect your own credit cards and social security number has likely been engrained into your brain and safeguarding the information is second nature. What may surprise you, is that a valid set of payment card details is only worth a little over $5 on the black market and a social security number is only valued at around $0.50, according to a Trustwave Global Security Report. What is even more surprising is the value of a health care record – one record goes for around $250. Some comprehensive health care records may even be valued as high as $2,000!
The data clearly shows there is a large financial incentive for malicious actors to target the healthcare sector. The 2022 Annual Report to Congress on Breaches of Unsecured Protected Health Information showed 68% of breaches reported to the Office for Civil Rights that affected 500 or more individuals were from health care providers, which supports the fact that all health care providers should be taking action to ensure the safety and security of their protected health information (PHI).
The 2022 Annual Report to Congress also indicated 74% of those breaches were reportedly due to hacking/IT incidents of electronic equipment or a network server. The compulsion to protect the pharmacy’s electronic PHI (ePHI) needs to be as important to pharmacy personnel as protecting their own credit card information and social security number. The first step in that process is educating staff on cybersecurity. Whether you are the owner or an employee at a high-volume, multi-store pharmacy or a low volume, single-store independent pharmacy, your data is enticing to malicious actors and no pharmacy is safe from cyberattacks.
The IBM Cost of a Data Breach Report 2023 found that a malicious insider accounted for about 6% of the data breaches but was the most costly type of data breach, resulting in an annual cost of around $4.9 million dollars. Phishing and stolen or compromised credentials had an associated annual cost of $4.76 million and $4.62 million, respectively, but were more prevalent accounting for over 30% of the breach attack vectors. Additionally, only one in three organizations identified a breach using their organization’s own security team or tools—meaning, two out of three organizations had their breaches reported to them by law enforcement or the entity that unlawfully accessed their records (like when a ransom request was received to release their data). It also took an average of over 200 days from the date of the breach to identify that the breach occurred and another 73 days to contain the breach. Most pharmacies will take a full year to recover from a large data breach.
Rather than getting wrapped up in the financial and time-consuming repercussions of a large breach, be protective. Cybersecurity training is essential to protecting your business, your reputation, and your ePHI. Having a tailored policy and procedure for protecting ePHI is only as good as the staff that adhere to those policies and procedures. A single careless or negligent employee can be the weak link broken by bad actors and may be the end of the pharmacy’s good reputation…and hard-earned money.
PAAS Tips:
Commercial Claims Reimbursed through Embedded GoodRx® Discount Cards
Pharmacies have been reaching out to PAAS National® with concerns about claims being reimbursed through an embedded discount card (e.g., GoodRx®) rather than a patient’s commercial insurance plan benefit. Most concerning is that these claims have negative remittances or “clawback fees” that reduce pharmacy revenue and may pose problems when trying to perform a Coordination of Benefits (COB) claim to a secondary payer, such as Medicaid.
PAAS wrote about Discount/Cash Cards being disruptors in the industry last March, after speaking at NCPA’s Multiple Locations Conference. The crux of the issue is discount cards have been gaining popularity (no thanks to GoodRx®) and have been effective at undermining the perceived benefit that PBMs are supposed to provide (i.e., why is GoodRx® able to offer a better price on my prescriptions than my insurance?). Consequently, major PBMs have embedded these discount card networks into the plan benefit design, which allows patient pay amounts to count towards deductibles (see press releases as follows).
While a pharmacy may have chosen to decline processing claims for GoodRx®, these newly embedded plans are not as easily identifiable (particularly in advance), and when they are, pharmacies can find themselves in a precarious situation. Contractually, pharmacies should not …
In some instances, we have seen Caremark claims provide an adjudication message notifying [the pharmacy] that the claim processed via a discount card and that the patient may ‘opt out’ if their claim needs to be processed as a COB. If Medicaid is a secondary payor, patients would need to ‘opt out’ of the Cost Saver option and then the pharmacy would be able to reverse and reprocess claims through the commercial benefit (not the discount card) to allow appropriate COB processing.
While PAAS strongly opposes this novel PBM tactic to gouge network pharmacies, it’s important to be aware of downstream effects if drastic measures are taken. PBMs can easily identify pharmacies that are quickly reversing claims processed under discount networks.
Here is a video explaining the workflow of these discount card claims and how the money is suspected to flow.
PAAS Tips:
Missing PBM Audit Notifications: How Are They Supposedly Sent?
At times, pharmacies fail to receive audit notifications, even though PBMs record them as “successfully” delivered. Thus, understanding how PBMs communicate with pharmacies can be beneficial. Here, we will examine the communication methods outlined in each major PBM provider manual:
Caremark
Caremark’s Provider Manual states “notices will be delivered in person by mail, via fax the Provider’s fax number or by email via the email address provided by Provider in Provider’s enrollment documentation or as otherwise indicated by Provider to Caremark and agreed to by Caremark or via Pharmacy Portal.” It goes on to say that it is the responsibility of the provider to notify Caremark when contact information needs to be updated. There can also be times when Caremark will communicate via phone to pharmacies, most commonly seen with desk audits.
OptumRx
OptumRx’s Provider Manual states “Provider understands Administrator relies on the information about its Provider, as well as each Pharmacy location provided by NCPDP and directly to Administrator, therefore, Provider: (1) Agrees to update in a timely manner all information in the NCPDP database whenever … and (2) Immediately notifies ORx and NCPDP of updated contact information at pharmacyprograms@optum.com,including changes in telephone numbers, fax numbers, email address.” In addition, it states OptumRx may communicate via telephone, mail, fax, and/or email when it comes to conducting their audits.
Express Scripts
Express Script’s Provider Manual states “All changes to Provider demographic information for independent Network Providers must be submitted by logging onto https://www.esiprovider.com and completing the online Change of Demographics form. Provider shall also submit updated demographic information directly to NCPDP and/or any other third party website as applicable”. It also states Express Scripts will communicate via fax, email, or USPS when initiating an audit.
Prime Therapeutics
Prime Therapeutics uses the information pharmacies input to their NCPDP profile as their sole means of communication. In the Provider Manual, it states to go directly to the NCPDP’s website https://online.ncpdp.org to submit changes. Prime Therapeutic’s system will incorporate all new NCPDP updates on a weekly basis.
Humana
Humana’s Provider Manual states “[Humana] will notify all pharmacies via traditional mail (UPS or certified mail). If you prefer to be notified via email, we can send letters via secure message. To notify HPSX of your notification preference, please send an email to pharmacyaudit@humana.com.”
Elixir
Elixir also utilizes NCPDP to elicit pharmacy contact information. The Provider Manual states “Independent pharmacies are required to maintain NCPDP Part I and II with accurate and current information at all times as Elixir utilizes this information during its review.” Furthermore, the provider manual states “email is the preferred method for Pharmacy communications by Elixir. Pharmacies will be notified of any audit communications via fax unless the Pharmacy FWA Department has been notified of email preference”. The email to communicate an update in audit communication preference is PharmacyAudits@elixirsolutions.com
PAAS Tips:
2024 Self-Audit Series #4: Transferred Prescriptions
Making sure your transferred prescriptions are complete can be one of the easiest audit recoupments to prevent.
Transferred prescriptions can easily be targeted for audit based on the origin code billed on the claim. High dollar claims with an Origin Code of 5 have an increased likelihood for audit. Consider utilizing this information to self-audit your transferred prescriptions on a regular basis.
PAAS Tips:
OptumRx Continues to Cause Headaches!
PBMs monitor, and flag, migraine medications due to excessive cost, quantities submitted, days’ supply (and/or frequency of refills) and vague instructions. OptumRx often flags …
PAAS Tips:
Pharmacy Owner’s Involvement in Fraud Scheme Leads to 4-Year Prison Sentence
The Department of Justice recently announced the sentencing for a New York pharmacy owner. A four-year prison term, three years extended supervision, and paying back restitution of more than $6 million dollars, is the outcome for this owner based on his involvement in a Medicare and Medicaid fraud scheme.
Investigators from the Federal Bureau of Investigation, the Office of Inspector General, and the U.S. Department of Health and Human Services discovered Medicare, Medicaid, and private insurance companies paid approximately $5.2 million dollars in fraudulent HIV claims to this pharmacy from 2021 to 2022.
The pharmacy owner was paying illegal kickbacks to low-income HIV patients if they would fill their expensive medications at his pharmacy. Part of this scheme was to repurchase (back from the patients), the unopened bottles of the expensive medications at a fraction of their actual value. These medications would then be “re-used” over and over, while never actually being dispensed to the patients.
The investigation also discovered the pharmacy owner was unlawfully selling pharmaceuticals to other pharmacies that had been obtained from illegal sources.
Ensure your pharmacy has a robust Fraud, Waste and Abuse Compliance Program in place for employees to understand the repercussions of violating laws and regulations such as the False Claims Act and the Anti-Kickback laws. Contact PAAS National®® (608) 873-1342 for more information on PAAS’ FWA/HIPAA Compliance Program that is easy to set-up, web based and customized for your pharmacy.
Audit Risk: Billing DAW 1 Unnecessarily
In a time where every aspect of prescriptions is scrutinized, PAAS National® wants to ensure you don’t forget simple filling and billing practices; in this case, using DAW 1 appropriately. PBMs can flag pharmacies who use a high volume of DAWs (other than zero), increasing your pharmacy’s audit risk. A simple way to decrease the amount of non-DAW 0 claims that are being adjudicated is to …
This includes situations where the prescription comes to your pharmacy indicating “Dispense as Written” per prescriber. The best practice in those scenarios would be to contact the prescriber and inform them a DAW 1 is not appropriate since there is no product on the market deemed to be substitutable. Subsequently, make a full clinical note on the hardcopy with the date, name and title of the person you spoke with, a recap of the conversation, and your initials.
If there are questions regarding proper DAW use, refer to the DAW Codes Explained tool, which can be found under the “Proactive Tips” section on the PAAS Portal.
PAAS Tips: