According to a September 11, 2023 news release from the U.S. Department of Health and Human Services (HHS), “L.A. Care, the largest publicly operated health plan in the country paid $1,300,000 to settle” potential HIPAA Security Rule violations. The settlement comes at the end of two Office for Civil Rights (OCR) investigations into L.A. Care Health Plan (“LACHP”). One of the investigations was due to a large data breach resulting from a mailing error which caused member identification cards to be mailed to the wrong members. The other investigation stemmed from a processing error which allowed L.A. Care covered members to log into the LACHP payment portal where they could potentially view the name, address, and member identification number of another LACHP member.
In addition to the $1.3 million dollar settlement, LACHP has agreed to a comprehensive corrective action plan and three years of monitoring from OCR. They must develop and distribute HIPAA compliance policies and procedures for performing a risk analysis and risk management plan. Additionally, they must implement and adhere to their new policies and procedures.
As quoted in the HHS release, OCR Director Melanie Fontes Rainer aptly stated, “Breaches of protected health information by a HIPAA-regulated entity often reveal systemic, noncompliance with the HIPAA Rules.” She goes on to advise, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.”
Follow the advice of our PAAS analyst team (and the advice of the OCR Director!), and proactively review your HIPAA program to ensure you are compliant with all the Rules before you potentially find yourself at the very expensive end of an OCR investigation.
Those of you with the PAAS National® Fraud, Waste and Abuse (FWA) & HIPAA Compliance Membership have a wealth of knowledge available at your fingertips in your Policy & Procedure (P&P) Manual. This manual is automatically generated after the Risk Analysis and P&P Questionnaire have been completed. Account administrators or officers can download a full copy of the P&P Manual for further review. Highly trained PAAS analysts are also here to answer HIPAA questions, discuss HIPAA concerns, guide you through the intricacies of breach notifications (if a breach occurs), and so much more.
If your pharmacy does not currently have the PAAS FWA & HIPAA Compliance Membership, we suggest scheduling a services overview to obtain additional information about this one-of-a-kind, customizable FWA & HIPAA program! PAAS National® – helping community pharmacies gain confidence and peace of mind. Be Proactive. Be Prepared. Be Protected.®
The Power of Clearly Communicated Sanction Policies in HIPAA Compliance
Sanctions were the focus of the October 2023 Office for Civil Rights Cybersecurity Newsletter. The article states, “An organization’s sanction policies can be an important tool for supporting accountability and improving cybersecurity and data protection. Sanction policies can be used to address the intentional actions of malicious insiders, such as the stealing of data by identity-theft rings, as well as workforce member failure to comply with policies and procedures, such as failing to secure data on a network server or investigate a potential security incident.”
Adequate and thorough training is an essential component to all employee on-boarding and continued employment. One critical topic to discuss is sanctions, because the HIPAA Privacy and Security Rules both require sanction policies. Talking to employees about sanctions, or penalties for not following state, federal, or local laws or pharmacy-specific rules, helps to reinforce an employee’s understanding of the importance of taking their training seriously and understanding the consequences of non-adherence.
PAAS Tips:
Potential HIPAA Violations Lead to $1.3 Million Settlement
According to a September 11, 2023 news release from the U.S. Department of Health and Human Services (HHS), “L.A. Care, the largest publicly operated health plan in the country paid $1,300,000 to settle” potential HIPAA Security Rule violations. The settlement comes at the end of two Office for Civil Rights (OCR) investigations into L.A. Care Health Plan (“LACHP”). One of the investigations was due to a large data breach resulting from a mailing error which caused member identification cards to be mailed to the wrong members. The other investigation stemmed from a processing error which allowed L.A. Care covered members to log into the LACHP payment portal where they could potentially view the name, address, and member identification number of another LACHP member.
In addition to the $1.3 million dollar settlement, LACHP has agreed to a comprehensive corrective action plan and three years of monitoring from OCR. They must develop and distribute HIPAA compliance policies and procedures for performing a risk analysis and risk management plan. Additionally, they must implement and adhere to their new policies and procedures.
As quoted in the HHS release, OCR Director Melanie Fontes Rainer aptly stated, “Breaches of protected health information by a HIPAA-regulated entity often reveal systemic, noncompliance with the HIPAA Rules.” She goes on to advise, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.”
Follow the advice of our PAAS analyst team (and the advice of the OCR Director!), and proactively review your HIPAA program to ensure you are compliant with all the Rules before you potentially find yourself at the very expensive end of an OCR investigation.
Those of you with the PAAS National® Fraud, Waste and Abuse (FWA) & HIPAA Compliance Membership have a wealth of knowledge available at your fingertips in your Policy & Procedure (P&P) Manual. This manual is automatically generated after the Risk Analysis and P&P Questionnaire have been completed. Account administrators or officers can download a full copy of the P&P Manual for further review. Highly trained PAAS analysts are also here to answer HIPAA questions, discuss HIPAA concerns, guide you through the intricacies of breach notifications (if a breach occurs), and so much more.
If your pharmacy does not currently have the PAAS FWA & HIPAA Compliance Membership, we suggest scheduling a services overview to obtain additional information about this one-of-a-kind, customizable FWA & HIPAA program! PAAS National® – helping community pharmacies gain confidence and peace of mind. Be Proactive. Be Prepared. Be Protected.®
Calculating Days’ Supply – Pancreatic Enzymes
Auditors target pancreatic enzyme prescriptions like Creon® and Zenpep® due to high cost and ambiguous directions.
The solution to this problem is contacting the prescriber at the time of fill to clarify the number of snacks or the maximum daily dose and make a clinical note on the prescription. This information must also be added to the patient label to avoid possible recoupment for a “misfill” on audit.
PAAS Tips:
Albuterol HFA Inhaler Substitution Refresh
There have been many new albuterol HFA NDCs released since the June 2020 article, First AB-Rated Generic for Proventil® HFA Approved, and since albuterol inhaler substitutions require an extra level of consideration due to not all NDCs being equivalent, a refreshed chart was in order.
The chart below shows albuterol products grouped into their respective Therapeutic Equivalence (TE) Code category – AB1, AB2, or BX. As a reminder, substitution can occur at the pharmacy level if the substitution involves two therapeutically equivalent products and is allowed per state law.
Example: AB1 inhaler 6.7 gm Proventil® would be able to be substituted for AB1 inhaler 6.7 gm Sandoz albuterol HFA.
If a substitution to a non-equivalent is required, it would be necessary to contact the prescriber and make a corresponding clinical note documenting the conversation.
Example: Prescription written for AB1 inhaler 6.7 gm Proventil® but PBM rejects claim stating an AB2 inhaler such as 8.5 gm Lupin Pharmaceuticals albuterol HFA is required.
Refer to the article linked above for examples of how to handle substitutions based on how a prescription is written.
USP 800 – The Struggle is Real…
Are you compliant with USP 800? While USP 800 became official on December 1, 2019, it was informational only and not compendially applicable. With the recent updates to USP 795, Nonsterile Compounding and USP 797, Sterile Compounding in November 2022, USP 800 was effective as of November 1, 2023.
USP 800 is not just for compounding pharmacies as it defines the quality standards for the safe handling of hazardous drugs in all healthcare settings, with the goal to minimize exposure to healthcare personnel, the patients in your pharmacy, and to the environment.
You might still be asking, does my pharmacy need a USP 800 program?
The answer is yes! All healthcare settings, including community pharmacies, should now have a “handling of hazardous drugs” program in place and while, USP itself is not an auditing entity, there are other agencies that may audit including OSHA, EPA and most likely State Boards of Pharmacy, many of which have already committed to doing so. The safe handling of hazardous drugs is now considered a “standard of practice” so implementation is essential to protect the health and safety of your employees.
Are you struggling with the multitude of requirements?
This isn’t one of those “throw it together in an afternoon” type of programs. PAAS can help! PAAS’ customized USP 800 Compliance Program provides:
Call (608) 873-1342 to sign up for PAAS’ USP 800 Compliance Program and you can immediately get started on setting up your program in hours, not days!
Specialty Pharmacy Paying the Price: $20 Million Settlement for Kickbacks and Copay Waivers
A September 30, 2023, Department of Justice press release outlined a recent settlement between the U.S. government and a specialty pharmacy based in Delaware. The pharmacy agreed to pay a settlement of $20 million to resolve allegations that they violated the False Claims Act and the Anti-Kickback Statute by paying kickbacks to patients in the form of routinely waived copayments and to physicians in exchange for providing patient referrals.
The government alleged that from August 2015 through May 2020, the pharmacy routinely waived copays for Medicare and TRICARE patients, regardless of any financial hardship need, to induce them to fill prescriptions at the pharmacy. Additional allegations include kickbacks to prescribers such as gifts, dinners, and free administrative and clinical support services to induce patient referrals to the pharmacy. The prescribers involved knowingly solicited and accepted the remuneration and have settled separately.
Two former employees, who acted as whistleblowers under a qui tam lawsuit to report these abuses to the government, will receive over $4 million as part of the settlement.
Make sure your pharmacy staff has implemented a robust set of FWA policies and procedures, including discussion of Anti-Kickback Statute, and are completing annual training on healthcare fraud, waste, and abuse. Protect your pharmacy by enrolling in the PAAS National® FWA/HIPAA Compliance Program today. Call us at (608) 873-1342 to get started.
You’ve Got Mail! Post-COVID-19 Mailing & Delivery Considerations
After three years of a Public Health Emergency (PHE) due to COVID-19, the Department of Health and Human Services (HHS) allowed the PHE to expire May 11, 2023. With the end of the PHE came the end of most PBM concessions, including those made in relation to mailing and delivery of medications. Therefore, re-training staff on the importance of adhering to PBMs’ signature, mailing, and delivery requirements will help curtail audit risk.
The remainder of this article will focus on adherent mailing and delivery practices.
PBMs are more restrictive with allowing prescriptions to be mailed. Caremark will allow mailing for up to 20% of the monthly claims submitted under their “Retail Pharmacy” definition. Anecdotally, Express Scripts has some degree of tolerance for mailing; however, it varies by situation (e.g., distance, drugs being dispensed and frequency). Humana, who usually completely restricts mailing prescriptions, is allowing their PHE concession on mailing prescriptions to continue until January 1, 2024. Consider this during open enrollment or put a plan in place to set patient expectations come 2024, if necessary.
PAAS Tips:
3…2…1…The Countdown is On to Complete Annual Fraud, Waste & Abuse Training
It is that glorious time of year again! Time for staff to be occupied not only with the daily activities of billing and filling medications, but also occupied with cough/cold/flu season, vaccine administration, answering Medicare Part D open enrollment questions, and holiday closures. Now is the time to ensure staff complete their annual Fraud, Waste & Abuse and HIPAA Compliance training since the December 31st deadline will be here before we know it!
Employees who are involved with filling, billing, dispensing or delivery of Medicare and/or Medicaid prescriptions are required to be trained within 30 days of hire (per PBM requirements) and at least annually thereafter. Per CMS Chapter 9.50.3, training and education for employees does include the CEO and senior administrators or managers. Relief pharmacists, students, interns, job shadows, and delivery drivers also need training. The training must cover FWA and General Compliance topics and must include details outlining your pharmacy’s specific policies and procedures of how you prevent, detect, and correct FWA.
Current PAAS National® FWA/HIPAA Compliance Program members can meet annual training requirements through the PAAS Member Portal. A few important things to note:
If you are unsure of all the necessary requirements, contact PAAS at (608) 873-1342 today for more information on our comprehensive, and customized, FWA/HIPAA Compliance Program.
Fair Access for All: The Proposed Rule’s Potential to Strengthen Anti-Discrimination in Pharmacies
The Biden-Harris Administration is continuing to bolster the importance of equal access to health care and human services for individuals with disabilities through a new proposed rule. The Discrimination on the Basis of Disability in Programs or Activities rule will update and clarify the obligations stated in the original Section 504 of the Rehabilitation Act of 1973, enacted almost fifty years ago. Under Section 504, individuals with disabilities are afforded equal access to any federally funded program or activity and cannot be discriminated against due to their disability. Within the article released by the HHS Press Office on September 7, 2023, it states that the COVID-19 pandemic “shone a spotlight” on areas of discrimination, such as individuals being refused medical treatment due to their disability, inability to access medical equipment and websites, and being forced to receive treatments only in institutional settings. As a result, the Administration for Community Living along with the Office for Civil Rights suggested the following changes be made to the current implementation of Section 504:
It is becoming increasingly apparent that cultural competency and the ability to provide equivalent services across all patient populations is imperative. The first step to adhering to this new standard of care is ensuring staff has undergone Cultural Competency Training. Login to the PAAS Member Portal to view the on-demand webinar “Does My Pharmacy Really Need Cultural Competency Training?” for additional information.
Call PAAS National® (608) 873-1342 to add PAAS’ Cultural Competency Training to your membership.
Advances in Respiratory Syncytial Virus (RSV) Prevention
There are two RSV vaccines FDA-approved for people ages 60 years and older – AbrysvoTM and Arexvy®.
CDC recommends that adults ages 60 years and older may receive RSV vaccination, using shared clinical decision-making (SCDM). This means that health care providers (including pharmacists) should talk to these individuals about whether RSV vaccination is appropriate for them.
Because of the SCDM workflow, the immunization action coalition (immunize.org) has not created a standing order template or screening checklist.
PAAS Tips: