According to a September 11, 2023 news release from the U.S. Department of Health and Human Services (HHS), “L.A. Care, the largest publicly operated health plan in the country paid $1,300,000 to settle” potential HIPAA Security Rule violations. The settlement comes at the end of two Office for Civil Rights (OCR) investigations into L.A. Care Health Plan (“LACHP”). One of the investigations was due to a large data breach resulting from a mailing error which caused member identification cards to be mailed to the wrong members. The other investigation stemmed from a processing error which allowed L.A. Care covered members to log into the LACHP payment portal where they could potentially view the name, address, and member identification number of another LACHP member.
In addition to the $1.3 million dollar settlement, LACHP has agreed to a comprehensive corrective action plan and three years of monitoring from OCR. They must develop and distribute HIPAA compliance policies and procedures for performing a risk analysis and risk management plan. Additionally, they must implement and adhere to their new policies and procedures.
As quoted in the HHS release, OCR Director Melanie Fontes Rainer aptly stated, “Breaches of protected health information by a HIPAA-regulated entity often reveal systemic, noncompliance with the HIPAA Rules.” She goes on to advise, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.”
Follow the advice of our PAAS analyst team (and the advice of the OCR Director!), and proactively review your HIPAA program to ensure you are compliant with all the Rules before you potentially find yourself at the very expensive end of an OCR investigation.
Those of you with the PAAS National® Fraud, Waste and Abuse (FWA) & HIPAA Compliance Membership have a wealth of knowledge available at your fingertips in your Policy & Procedure (P&P) Manual. This manual is automatically generated after the Risk Analysis and P&P Questionnaire have been completed. Account administrators or officers can download a full copy of the P&P Manual for further review. Highly trained PAAS analysts are also here to answer HIPAA questions, discuss HIPAA concerns, guide you through the intricacies of breach notifications (if a breach occurs), and so much more.
If your pharmacy does not currently have the PAAS FWA & HIPAA Compliance Membership, we suggest scheduling a services overview to obtain additional information about this one-of-a-kind, customizable FWA & HIPAA program! PAAS National® – helping community pharmacies gain confidence and peace of mind. Be Proactive. Be Prepared. Be Protected.®
Documentation Deep Dive: Meeting Auditors’ Standards in DUR and SCC
PAAS National® frequently sees claims audited that contain a clinical drug utilization review (DUR) or submission clarification code (SCC), particularly from Express Scripts and Prime Therapeutics. Auditors are looking for proper documentation when these codes are used, but pharmacies are often unaware of what this should include.
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
All Pharmacies Face Medicare Part A vs Part D Billing Risks, Especially Combo Shops
Pharmacies that service long-term care (LTC) and assisted living facilities (ALF) as well as retail patients, known as “Combo Shops”, may not be aware of the potential recoupment risks from Medicare. PAAS National® wants to inform our members of these risks and how to best avoid them.
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
Best Practices for Financial Hardship Waivers
PAAS National® analysts have noticed an increase in PBM audits focusing on copay collection. These audits requested a copy of the pharmacies’ policies and procedures addressing copay collection and financial hardship.
In general, PBMs require that pharmacies collect copays at the point of sale and retain a “financial paper trail” to prove such collection took place. Pharmacies will be asked to provide check copies (front and back), credit card receipts with authorization numbers and bank deposit slips as evidence of receiving cash from patients. Pharmacies may also be required to provide Accounts Receivable balances and Coordination of Benefits billing information, where applicable.
If patients are unable to pay their copay and the pharmacy waives or discounts the copay due to financial hardship, then you must have a robust written policy explaining the details on how such a policy is operated.
In general, financial hardship policies should include the following:
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
PBM Audits: Letters to Patients for Prescription Verification
Pharmacies often see PBM audit letters requesting documentation to validate paid claims, but not very many see letters sent to their patients.
PBMs have increasingly conducted patient (and prescriber) verifications, in the form of letters sent, to validate claims billed by your pharmacy. These letters are often initiated as part of a PBM investigation where they are searching for fraud, waste, or abuse– if there are inconsistencies between the information provided by the pharmacy, patient, and prescriber this can be a sticky situation.
Letters to patients typically consistent of basic questions like:
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
Avoid the Creon® Chargeback Catastrophe by Following THIS Billing Rule
Creon® is indicated for the treatment of exocrine pancreatic insufficiency due to cystic fibrosis, chronic pancreatitis, pancreatectomy, or other conditions. Claims for these pancreatic enzymes find themselves on audits year after year, and the audit risk has just increased as …
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
The Power of Clearly Communicated Sanction Policies in HIPAA Compliance
Sanctions were the focus of the October 2023 Office for Civil Rights Cybersecurity Newsletter. The article states, “An organization’s sanction policies can be an important tool for supporting accountability and improving cybersecurity and data protection. Sanction policies can be used to address the intentional actions of malicious insiders, such as the stealing of data by identity-theft rings, as well as workforce member failure to comply with policies and procedures, such as failing to secure data on a network server or investigate a potential security incident.”
Adequate and thorough training is an essential component to all employee on-boarding and continued employment. One critical topic to discuss is sanctions, because the HIPAA Privacy and Security Rules both require sanction policies. Talking to employees about sanctions, or penalties for not following state, federal, or local laws or pharmacy-specific rules, helps to reinforce an employee’s understanding of the importance of taking their training seriously and understanding the consequences of non-adherence.
PAAS Tips:
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
Potential HIPAA Violations Lead to $1.3 Million Settlement
According to a September 11, 2023 news release from the U.S. Department of Health and Human Services (HHS), “L.A. Care, the largest publicly operated health plan in the country paid $1,300,000 to settle” potential HIPAA Security Rule violations. The settlement comes at the end of two Office for Civil Rights (OCR) investigations into L.A. Care Health Plan (“LACHP”). One of the investigations was due to a large data breach resulting from a mailing error which caused member identification cards to be mailed to the wrong members. The other investigation stemmed from a processing error which allowed L.A. Care covered members to log into the LACHP payment portal where they could potentially view the name, address, and member identification number of another LACHP member.
In addition to the $1.3 million dollar settlement, LACHP has agreed to a comprehensive corrective action plan and three years of monitoring from OCR. They must develop and distribute HIPAA compliance policies and procedures for performing a risk analysis and risk management plan. Additionally, they must implement and adhere to their new policies and procedures.
As quoted in the HHS release, OCR Director Melanie Fontes Rainer aptly stated, “Breaches of protected health information by a HIPAA-regulated entity often reveal systemic, noncompliance with the HIPAA Rules.” She goes on to advise, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.”
Follow the advice of our PAAS analyst team (and the advice of the OCR Director!), and proactively review your HIPAA program to ensure you are compliant with all the Rules before you potentially find yourself at the very expensive end of an OCR investigation.
Those of you with the PAAS National® Fraud, Waste and Abuse (FWA) & HIPAA Compliance Membership have a wealth of knowledge available at your fingertips in your Policy & Procedure (P&P) Manual. This manual is automatically generated after the Risk Analysis and P&P Questionnaire have been completed. Account administrators or officers can download a full copy of the P&P Manual for further review. Highly trained PAAS analysts are also here to answer HIPAA questions, discuss HIPAA concerns, guide you through the intricacies of breach notifications (if a breach occurs), and so much more.
If your pharmacy does not currently have the PAAS FWA & HIPAA Compliance Membership, we suggest scheduling a services overview to obtain additional information about this one-of-a-kind, customizable FWA & HIPAA program! PAAS National® – helping community pharmacies gain confidence and peace of mind. Be Proactive. Be Prepared. Be Protected.®
Calculating Days’ Supply – Pancreatic Enzymes
Auditors target pancreatic enzyme prescriptions like Creon® and Zenpep® due to high cost and ambiguous directions.
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
Albuterol HFA Inhaler Substitution Refresh
There have been many new albuterol HFA NDCs released since the June 2020 article, First AB-Rated Generic for Proventil® HFA Approved, and since albuterol inhaler substitutions require an extra level of consideration due to not all NDCs being equivalent, a refreshed chart was in order.
The chart below shows albuterol products grouped into their respective Therapeutic Equivalence (TE) Code category – AB1, AB2, or BX. As a reminder, substitution can occur at the pharmacy level if the substitution involves two therapeutically equivalent products and is allowed per state law.
Example: AB1 inhaler 6.7 gm Proventil® would be able to be substituted for AB1 inhaler 6.7 gm Sandoz albuterol HFA.
If a substitution to a non-equivalent is required, it would be necessary to contact the prescriber and make a corresponding clinical note documenting the conversation.
Example: Prescription written for AB1 inhaler 6.7 gm Proventil® but PBM rejects claim stating an AB2 inhaler such as 8.5 gm Lupin Pharmaceuticals albuterol HFA is required.
Refer to the article linked above for examples of how to handle substitutions based on how a prescription is written.
Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.
PAAS Tips:
USP 800 – The Struggle is Real…
Are you compliant with USP 800? While USP 800 became official on December 1, 2019, it was informational only and not compendially applicable. With the recent updates to USP 795, Nonsterile Compounding and USP 797, Sterile Compounding in November 2022, USP 800 was effective as of November 1, 2023.
USP 800 is not just for compounding pharmacies as it defines the quality standards for the safe handling of hazardous drugs in all healthcare settings, with the goal to minimize exposure to healthcare personnel, the patients in your pharmacy, and to the environment.
You might still be asking, does my pharmacy need a USP 800 program?
The answer is yes! All healthcare settings, including community pharmacies, should now have a “handling of hazardous drugs” program in place and while, USP itself is not an auditing entity, there are other agencies that may audit including OSHA, EPA and most likely State Boards of Pharmacy, many of which have already committed to doing so. The safe handling of hazardous drugs is now considered a “standard of practice” so implementation is essential to protect the health and safety of your employees.
Are you struggling with the multitude of requirements?
This isn’t one of those “throw it together in an afternoon” type of programs. PAAS can help! PAAS’ customized USP 800 Compliance Program provides:
Call (608) 873-1342 to sign up for PAAS’ USP 800 Compliance Program and you can immediately get started on setting up your program in hours, not days!