Have you ever had your credit card stolen, lost your wallet, or misplaced your social security card? Whether it has happened to you or not, you can imagine the pit of despair that settles in your stomach knowing that one malicious actor is all it takes to create dreadful issues in your life by misusing your information. The compulsion to protect your own credit cards and social security number has likely been engrained into your brain and safeguarding the information is second nature. What may surprise you, is that a valid set of payment card details is only worth a little over $5 on the black market and a social security number is only valued at around $0.50, according to a Trustwave Global Security Report. What is even more surprising is the value of a health care record – one record goes for around $250. Some comprehensive health care records may even be valued as high as $2,000!
The data clearly shows there is a large financial incentive for malicious actors to target the healthcare sector. The 2022 Annual Report to Congress on Breaches of Unsecured Protected Health Information showed 68% of breaches reported to the Office for Civil Rights that affected 500 or more individuals were from health care providers, which supports the fact that all health care providers should be taking action to ensure the safety and security of their protected health information (PHI).
The 2022 Annual Report to Congress also indicated 74% of those breaches were reportedly due to hacking/IT incidents of electronic equipment or a network server. The compulsion to protect the pharmacy’s electronic PHI (ePHI) needs to be as important to pharmacy personnel as protecting their own credit card information and social security number. The first step in that process is educating staff on cybersecurity. Whether you are the owner or an employee at a high-volume, multi-store pharmacy or a low volume, single-store independent pharmacy, your data is enticing to malicious actors and no pharmacy is safe from cyberattacks.
The IBM Cost of a Data Breach Report 2023 found that a malicious insider accounted for about 6% of the data breaches but was the most costly type of data breach, resulting in an annual cost of around $4.9 million dollars. Phishing and stolen or compromised credentials had an associated annual cost of $4.76 million and $4.62 million, respectively, but were more prevalent accounting for over 30% of the breach attack vectors. Additionally, only one in three organizations identified a breach using their organization’s own security team or tools—meaning, two out of three organizations had their breaches reported to them by law enforcement or the entity that unlawfully accessed their records (like when a ransom request was received to release their data). It also took an average of over 200 days from the date of the breach to identify that the breach occurred and another 73 days to contain the breach. Most pharmacies will take a full year to recover from a large data breach.
Rather than getting wrapped up in the financial and time-consuming repercussions of a large breach, be protective. Cybersecurity training is essential to protecting your business, your reputation, and your ePHI. Having a tailored policy and procedure for protecting ePHI is only as good as the staff that adhere to those policies and procedures. A single careless or negligent employee can be the weak link broken by bad actors and may be the end of the pharmacy’s good reputation…and hard-earned money.
PAAS Tips:
- Watch the PAAS National® webinar, Cybersecurity Considerations for Community Pharmacies located on the Member Portal
- Know the top threats facing healthcare cybersecurity:
- Network connected medical device security
- Insider accidental, or malicious data loss
- Loss or theft of equipment and data
- Ransomware
- Social engineering
- Understand the components, and importance of a HIPAA Security Risk Analysis
- Perform and accurate and thorough assessment of the potential risk and vulnerabilities to the confidentiality, integrity, and availability of the pharmacy’s ePHI
- Identify and implement reasonable and appropriate physical, technical, and administrative safeguards as required by the HIPAA Security Rule
- Know the terms
- Vulnerability – a flaw or weakness in system security procedures, design, implementation or internal controls
- Threat – the potential for a person or thing to exercise a specific vulnerability (natural, human, and environmental)
- Risk – a function of the probability that a threat will attack a vulnerability and the resulting impact to the organization
- PAAS’ FWA/HIPAA Compliance Program members can update their HIPAA Risk Analysis and complete Cybersecurity training on the PAAS Portal
Proper Billing of Nayzilam® and Valtoco® Nasal Sprays
A subset of patients who experience seizures due to epilepsy suffer from seizure clusters, despite being on maintenance epilepsy medications. Nayzilam® and Valtoco® are both FDA-approved for the “acute treatment of intermittent, stereotypic episodes of frequent seizure activity (i.e., seizure clusters, acute repetitive seizures) that are distinct from a patient’s usual seizure pattern” in patients 12 years and older and 6 years and older, respectively. Regardless, if your patient is prescribed Nayzilam® or Valtoco®, the perplexing billing opens the door for easy recoupments from PBMs.
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
On-Demand Webinar: Cybersecurity Considerations for Community Pharmacies
On May 8, 2024, PAAS National® hosted a webinar: Cybersecurity Considerations for Community Pharmacies. PAAS Audit Assistance members have access to the recorded webinar, in addition to many other tools and resources on the PAAS Member Portal.
In a world where threats lurk around every digital corner, safeguarding sensitive information has never been more crucial. Recent events, such as the Change Healthcare cyberattack, serve as stark reminders of the pressing need for robust cybersecurity measures. In pharmacies, where compliance with regulations like HIPAA are of great importance, the stakes are higher than ever.
President of PAAS, Trent Thiede, discussed:
Should you have any questions, or need assistance getting access, call 608-873-1342 or email info@paasnational.com.
PAAS Tips:
The Different Cyclosporine Eye Drops That Could Cause Audit Trouble
Cyclosporine eye drops are used to increase tear production in individuals with certain eye conditions and dry eye disease. You are likely familiar with Restasis® and Restasis MultiDose®, but the newest cyclosporine product Vevye®, hit the market in late 2023.
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
Independent Pharmacies are NOT Safe from Cyberattacks
Have you ever had your credit card stolen, lost your wallet, or misplaced your social security card? Whether it has happened to you or not, you can imagine the pit of despair that settles in your stomach knowing that one malicious actor is all it takes to create dreadful issues in your life by misusing your information. The compulsion to protect your own credit cards and social security number has likely been engrained into your brain and safeguarding the information is second nature. What may surprise you, is that a valid set of payment card details is only worth a little over $5 on the black market and a social security number is only valued at around $0.50, according to a Trustwave Global Security Report. What is even more surprising is the value of a health care record – one record goes for around $250. Some comprehensive health care records may even be valued as high as $2,000!
The data clearly shows there is a large financial incentive for malicious actors to target the healthcare sector. The 2022 Annual Report to Congress on Breaches of Unsecured Protected Health Information showed 68% of breaches reported to the Office for Civil Rights that affected 500 or more individuals were from health care providers, which supports the fact that all health care providers should be taking action to ensure the safety and security of their protected health information (PHI).
The 2022 Annual Report to Congress also indicated 74% of those breaches were reportedly due to hacking/IT incidents of electronic equipment or a network server. The compulsion to protect the pharmacy’s electronic PHI (ePHI) needs to be as important to pharmacy personnel as protecting their own credit card information and social security number. The first step in that process is educating staff on cybersecurity. Whether you are the owner or an employee at a high-volume, multi-store pharmacy or a low volume, single-store independent pharmacy, your data is enticing to malicious actors and no pharmacy is safe from cyberattacks.
The IBM Cost of a Data Breach Report 2023 found that a malicious insider accounted for about 6% of the data breaches but was the most costly type of data breach, resulting in an annual cost of around $4.9 million dollars. Phishing and stolen or compromised credentials had an associated annual cost of $4.76 million and $4.62 million, respectively, but were more prevalent accounting for over 30% of the breach attack vectors. Additionally, only one in three organizations identified a breach using their organization’s own security team or tools—meaning, two out of three organizations had their breaches reported to them by law enforcement or the entity that unlawfully accessed their records (like when a ransom request was received to release their data). It also took an average of over 200 days from the date of the breach to identify that the breach occurred and another 73 days to contain the breach. Most pharmacies will take a full year to recover from a large data breach.
Rather than getting wrapped up in the financial and time-consuming repercussions of a large breach, be protective. Cybersecurity training is essential to protecting your business, your reputation, and your ePHI. Having a tailored policy and procedure for protecting ePHI is only as good as the staff that adhere to those policies and procedures. A single careless or negligent employee can be the weak link broken by bad actors and may be the end of the pharmacy’s good reputation…and hard-earned money.
PAAS Tips:
Commercial Claims Reimbursed through Embedded GoodRx® Discount Cards
Pharmacies have been reaching out to PAAS National® with concerns about claims being reimbursed through an embedded discount card (e.g., GoodRx®) rather than a patient’s commercial insurance plan benefit. Most concerning is that these claims have negative remittances or “clawback fees” that reduce pharmacy revenue and may pose problems when trying to perform a Coordination of Benefits (COB) claim to a secondary payer, such as Medicaid.
PAAS wrote about Discount/Cash Cards being disruptors in the industry last March, after speaking at NCPA’s Multiple Locations Conference. The crux of the issue is discount cards have been gaining popularity (no thanks to GoodRx®) and have been effective at undermining the perceived benefit that PBMs are supposed to provide (i.e., why is GoodRx® able to offer a better price on my prescriptions than my insurance?). Consequently, major PBMs have embedded these discount card networks into the plan benefit design, which allows patient pay amounts to count towards deductibles (see press releases as follows).
While a pharmacy may have chosen to decline processing claims for GoodRx®, these newly embedded plans are not as easily identifiable (particularly in advance), and when they are, pharmacies can find themselves in a precarious situation. Contractually, pharmacies should not …
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
Missing PBM Audit Notifications: How Are They Supposedly Sent?
At times, pharmacies fail to receive audit notifications, even though PBMs record them as “successfully” delivered. Thus, understanding how PBMs communicate with pharmacies can be beneficial. Here, we will examine the communication methods outlined in each major PBM provider manual:
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
2024 Self-Audit Series #4: Transferred Prescriptions
Making sure your transferred prescriptions are complete can be one of the easiest audit recoupments to prevent.
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
OptumRx Continues to Cause Headaches!
PBMs monitor, and flag, migraine medications due to excessive cost, quantities submitted, days’ supply (and/or frequency of refills) and vague instructions. OptumRx often flags …
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
Pharmacy Owner’s Involvement in Fraud Scheme Leads to 4-Year Prison Sentence
The Department of Justice recently announced the sentencing for a New York pharmacy owner. A four-year prison term, three years extended supervision, and paying back restitution of more than $6 million dollars, is the outcome for this owner based on his involvement in a Medicare and Medicaid fraud scheme.
Investigators from the Federal Bureau of Investigation, the Office of Inspector General, and the U.S. Department of Health and Human Services discovered Medicare, Medicaid, and private insurance companies paid approximately $5.2 million dollars in fraudulent HIV claims to this pharmacy from 2021 to 2022.
The pharmacy owner was paying illegal kickbacks to low-income HIV patients if they would fill their expensive medications at his pharmacy. Part of this scheme was to repurchase (back from the patients), the unopened bottles of the expensive medications at a fraction of their actual value. These medications would then be “re-used” over and over, while never actually being dispensed to the patients.
The investigation also discovered the pharmacy owner was unlawfully selling pharmaceuticals to other pharmacies that had been obtained from illegal sources.
Ensure your pharmacy has a robust Fraud, Waste and Abuse Compliance Program in place for employees to understand the repercussions of violating laws and regulations such as the False Claims Act and the Anti-Kickback laws. Contact PAAS National®® (608) 873-1342 for more information on PAAS’ FWA/HIPAA Compliance Program that is easy to set-up, web based and customized for your pharmacy.
Audit Risk: Billing DAW 1 Unnecessarily
In a time where every aspect of prescriptions is scrutinized, PAAS National® wants to ensure you don’t forget simple filling and billing practices; in this case, using DAW 1 appropriately. PBMs can flag pharmacies who use a high volume of DAWs (other than zero), increasing your pharmacy’s audit risk. A simple way to decrease the amount of non-DAW 0 claims that are being adjudicated is to …
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips: