HIPAA Breach Notification Letter Sent to 82,466 Patients Due to Improperly Shared Data

According to the U.S. Department of Health and Human Services breach portal, the mail-order pharmacy Healthy Options dba Kroger Postal Prescription Services (PPS) reported a breach of information which affected 82,466 patients. Kroger’s March 10, 2023 press release described the incident as “an internal error” which caused patient names and email addresses affiliated with Kroger PPS to be “improperly shared with its affiliated grocery business”.

This breach comes two years after the Accellion incident which also affected Kroger. Accellion is a company which provides secure third-party data file transfer services to businesses, one of which was Kroger. Their services were used to send human resources data, pharmacy patient information, clinic patient information, and money services records through secure file transfers. Kroger’s internal review indicated the Kroger systems were not directly accessed, and that the information was obtained only through Accellion. Kroger cut their ties with Accellion and sent out HIPAA breach notification letters to the affected individuals.

As these two incidents illustrate, breaches can happen—sometimes they are malicious in nature and sometimes it is due to poor training or lack of appropriate safeguards. PAAS National® analysts suggest regularly evaluating your pharmacy’s HIPAA compliance program and implementation to identify deficiencies so improvements can be made in a timely manner. If you are not sure where to begin or what a “top of the line” HIPAA program looks like, just contact us (608) 873-1342 for a virtual overview of the PAAS National® Fraud, Waste and Abuse and HIPAA Compliance Program. We are here to guide you through compliance – get started today.

Caremark Memo: Novolog® and Novolin® ReliOn®

In March 2023, many pharmacies received a fax from Caremark labeled Claim Submission Education pertaining to claims billed for Novolog® and Novolin® ReliOn® NDCs. The Caremark memo includes a list of ReliOn® claims that the pharmacy billed and requests that pharmacies confirm if they have billed the correct NDC. If the NDC was submitted correctly, pharmacies must provide a copy of a wholesaler invoice and information to support DSCSA pedigree or track and trace (transaction statement, transaction history, transaction statement).

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

In theory, the ReliOn® branded insulins are made exclusively for Walmart and Sam’s club pharmacies and Caremark is questioning if pharmacies billed the incorrect NDC or obtained products from an inappropriate source.

Here are the ReliOn® products under review:

Novolog (Rx only)

ReliOn® NDC Retail NDC
10 mL vial 00169-2100-11 00169-7501-11
5×3 mL FlexPen® 00169-2101-25 00169-6339-10

Novolin 70/30 (OTC)

ReliOn® NDC Retail NDC
10 mL vial 00169-1837-02 00169-1837-11
5×3 mL FlexPen® 00169-3007-25 00169-3007-15

Novolin N (OTC)

ReliOn® NDC Retail NDC
10 mL vial 00169-1834-02 00169-1834-11
5×3 mL FlexPen® 00169-3004-25 00169-3004-15

Novolin R (OTC)

ReliOn® NDC Retail NDC
10 mL vial 00169-1833-02 00169-1833-11
5×3 mL FlexPen® 00169-3003-25 00169-3003-15

PAAS Tips:

  • PAAS is not aware of any results or recoupments from these reviews
  • We suggest that pharmacies exercise caution when sourcing these insulin products, since 3 of the 4 products are over the counter (OTC), they fall outside of DSCSA pedigree requirements and wholesalers/distributors may not have track and trace documents to prove that products are legitimate

Nuances of Insulin Pens and How They May Differ

Priming insulin pens prior to use helps ensure the appropriate dose is being administered. Calculating the priming units in your days’ supply is very important. These additional units added for “priming” or “safety checking” the insulin pen and pen needle for each injection, could greatly influence the quantity and days’ supply you are billing.

Most insulin pens require two units per injection to prime; however, there are three products that require more.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Insulin Priming Units
Toujeo® Solostar® 3 units
Toujeo® Max Solostar® 4 units
Humulin® R U-500 KwikPen 5 units

Another consideration between insulin pens is the number of units the pen can dial. While most pens deliver doses in 1-unit increments, there are four specific insulin products that do not. Be mindful that these products can only deliver doses in discrete intervals and be prepared to clarify instructions for use that cannot be administered.

Insulin Dosing Increments
Humalog® Junior KwikPen® 0.5 units
Humulin® R U-500 KwikPen 5 units
Tresiba® Flextouch® 200 units/mL 2 units
Toujeo® Max Solostar® 2 units

PAAS Tips:

  • Document the number of priming units on the prescription if used in your days’ supply calculation
  • Remember priming units are not applicable with insulin vials
  • Non-insulin pen products that have pre-set dosages (i.e., Ozempic®), do not use priming units

Resist the Urge: Don’t Reverse Claims After Receiving an Audit

Consider the following situation: after pulling hard copy prescriptions for an audit, a billing error is identified; such as an incorrect days’ supply or billed quantity. The initial thought may be to reverse and rebill the claim – a seemingly reasonable action to take; however, one must resist the urge to reverse the claim.

Depending on the PBM, type of audit and auditor preference, the process given to resolve the incorrect claim may differ. Additionally, reversing a claim outside the billing window, without proper authorization, may result in a claim that is unable to be reprocessed. There are also unique exceptions to the guidance of not reversing the claim prior to obtaining direction. For example, some audits of recent claims may include explicit instructions to correct claims if any errors are found. To save time and avoid costly mistakes, Engage PAAS National®® upon receiving an audit notice.

PAAS Tips: 

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
  • Review the September 2019 Newsline article, Claim Reversal Best Practices
  • If given permission by the auditor to reverse and rebill the claim, include a print screen of the adjudication reflecting the claim was reversed and subsequently rebilled correctly
  • Respond to the audit unless explicitly told otherwise
  • Sometimes “final results” are given for small desk audits with claims submitted shortly before the date the audit was issued. This is merely a means of closing out the audit. The recoupment amount reflects the old claim being reversed and it is likely the new claim has a paid status. No action is required by the pharmacy.
    • If you want to ensure the plan sponsor has received the corrected claim, call the PBM help desk to inquire

Avoiding Humana Audits for Deceased Patients

Humana has recently sent out another round of audits to pharmacies with the subject line: Review of claim(s) billed after member’s deceased date. The review is taking place, sometimes more than a year after the date of service, because Humana identified some Medicare Part D claims paid after the member passed away. Why would Humana wait so long to review these claims, and why did they not stop them at point of sale? Unfortunately, there is usually significant lag time from when a patient passes away to when this information is reported to the Social Security Administration, and then to CMS and plan sponsors.

Pharmacies have 30 days from the date on the audit letter to provide evidence demonstrating the appropriate billing of these claims. Please see the Humana guidelines set below to combat these recoupments.

Claim date would need to be within 14 days from deceased date for claims billed to patients not in a long-term care facility (retail) and 32 days from deceased date for patients who reside in a long-term care facility.

Accepted documentation for a deceased member (not all-inclusive):

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Signature log (of personal representative)
  • Delivery log/mail order shipping receipt
  • Manifest
  • Obituary with different deceased date
  • E-kit Rx

Accepted documentation for a member who is NOT deceased:

  • Signed signature log
  • Signed delivery log
  • Obituary with different deceased date
  • Prescriber statement
  • Member statement

PAAS Tips:

  • Always obtain member consent prior to delivery of any auto-refilled medications
    • This is a Medicare requirement to prevent waste
  • If dispensing a medication to a physician’s office for administration (e.g., Invega®), the pharmacy should have a log or reconciliation process to ensure the patient receives the medication in a timely fashion
  • Leaving a medication at a patient’s door without obtaining a signature can result in the claim being flagged for recoupment (if audited). To mitigate this risk, include a PAAS National® Trifold Mailer form with the delivery which the patient can return to the pharmacy to ensure adequate proof of dispensing is on file
  • Use extra caution with controlled substances, especially if being requested by a different family member or if only controlled substances are being refilled
  • Please see the following Newsline articles for more information on compliant delivery/signature logs:

Biologic Drug Substitution Best Practices (Update)

**Article update from initial publication in January 2021 due to entry of unbranded biologics in the marketplace and change to BLA approval type for SemgleeTM and RezvoglarTM**

PAAS National® frequently gets questions about whether pharmacies may substitute various medications and if such substitutions require the approval of the prescriber. Pharmacies must refer to the FDA Purple Book to identify if biologic products may be substituted. Additionally, “pharmacy level substitution” is regulated at the state level and you must refer to your individual state pharmacy practice laws. Cardinal Health has a great website to find biosimilar interchangeability laws for each state.

In a June 2020 Newsline article, PAAS discussed the new definition of a biologic product, which now includes commonly dispensed products like insulin, human growth hormone, and pancreatic enzymes. Now licensed as “biologic drugs,” these medications are approved by the FDA under a Biologic Licensing Application (BLA), and listed in FDA’s Purple Book instead of the Orange Book that many pharmacy staff are familiar with.

When reviewing the Purple Book, you will find that pharmacy level substitution of a reference product is only allowed if biologic drugs are either (i) identified as interchangeable OR (ii) an unbranded biologic with the same BLA number of a reference product. For biologic drugs that don’t fall into these two categories, you must obtain prescriber approval prior to substituting.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • If a prescription is written for the “proper name” (e.g., insulin lispro), the FDA does not provide interpretative guidance on whether the biologic product can be openly substituted. Some Boards of Pharmacy may require further clarification from the prescriber under these circumstances. PAAS recommends proceeding with caution until further industry guidance is established.

Let’s look at a few types of insulins as examples.

Insulin lispro U-100

Product Name Proper Name BLA Number Labeler BLA Type Substitute without prescriber approval?
Admelog® Insulin lispro 209196 Sanofi 351(a) reference product No
Humalog® Insulin lispro 020563 Eli Lilly 351(a) reference product Yes
Insulin lispro Insulin lispro 020563 Eli Lilly Unbranded biologic Yes
LyumjevTM Insulin lispro-aabc 761109 Eli Lilly 351(a) reference product No

Insulin glargine U-100

Product Name Proper Name BLA Number Labeler BLA Type Substitute without prescriber approval?
Lantus® Insulin glargine 021081 Sanofi 351(a) reference product Yes
Insulin glargine Insulin glargine 021081 Winthrop Unbranded biologic Yes
SemgleeTM Insulin glargine-yfgn 761201 Mylan 351(k) interchangeable Yes
Insulin glargine-yfgn Insulin glargine-yfgn 761201 Mylan Unbranded biologic Yes
Basaglar® Insulin glargine 205692 Eli Lilly 351(a) reference product No
RezvoglarTM Insulin glargine-aglr 761215 Eli Lilly 351(k) interchangeable Yes

FDA approved interchangeable status to Semglee in July 2021 and Rezvoglar in November 2022

Biologic products are not described in familiar terms like “brand”, “generic” or “AB-rated” and the Purple Book uses new terms that are not found in the Orange Book. Here is a short summary of the different terms:

  1. “Reference product” is a single biological product approved under a 351(a) BLA.
  2. “Biosimilar” products are approved through an abbreviated BLA pathway under a 351(k) biosimilar BLA.
  3. “Interchangeable” biological products are biosimilar products that have been deemed interchangeable with a reference product after going through additional switching studies and are approved under a 351(k) interchangeable BLA.
  4.  “Unbranded biologic” products are NOT listed in the Purple Book but are approved under the reference product’s 351(a) BLA.

FDA has more detailed definitions on the Purple Book website here. Additionally, there is a frequently asked question section that discusses unbranded biologics (FAQ #11).

PAAS Tips:

  • Pharmacy level substitution of biologic products is only allowed if products are either (i) identified as interchangeable AND your state pharmacy practice law allows OR (ii) an unbranded biologic with the same BLA number.
  • See FDA Purple Book to determine interchangeability status of a particular biologic drug
  • State pharmacy laws may limit biosimilar interchangeability, but this does not apply to unbranded biologics. For information about your state laws:
  • If you are ever in doubt about whether products may be substituted it is best to call the prescriber to obtain approval – don’t forget to document with a clinical note.
  • PAAS has created the following resources
  • FDA has a website with educational materials for both patients and healthcare professionals including frequently asked questions, handouts and videos here.

Caremark Resumes Signature Log Requirements Effective May 12, 2023

Caremark issued a Pharmacy Update memo on March 8, 2023, stating that they would resume signature log requirements for audits effective May 12, 2023. This coincides with Health and Human Services (HHS) announcement that the formal COVID-19 public health emergency (PHE) will expire on May 11, 2023.

PAAS National® expects other PBMs to follow suit in short order and we recommend that pharmacies begin to transition staff and patients back to pre-pandemic workflow, if you have not done so already. Remember that upon audit, PBMs want to see at least three elements on signature logs – the prescription number, the date dispensed and the signature of patient or representative (some PBMs, like Humana, may also want to see the fill date or fill “number”). For prescriptions that are mailed, make sure that you maintain tracking/delivery confirmation as well.

PAAS Tips:

Biosimilar Adoption for Humira in 2023

NCPA Multiple Locations Conference Panel Discussion Part 2 of 2

On February 25, 2023, President of PAAS National®, Trent Thiede, had the privilege of participating in a Panel Discussion entitled Marketplace Prescription Dynamics Sure to Shape Your Business Strategies. While traversing several different topic areas, there are two core issues that are important for PAAS members: discount/cash cards and biosimilar adoption in 2023. PAAS Audit Assistance members can see Discount/Cash Cards Are Disruptors in the Industry from our March Newsline.

While Semglee® was the first interchangeable biosimilar to market back in 2021, Humira has been grabbing attention because of its status as the pharma-GOAT: Greatest Of All Time (in terms of sales) as coined by Doug Hoey from NCPA. If you’re not familiar with the onslaught of biosimilars, reference this chart below from Cardinal Health’s biosimilar landscape overview. To summarize, there are 8 FDA approved biosimilars, and 5 more pending FDA approval. Cyltezo, which should be coming to market this summer, has been approved as an interchangeable biosimilar. Four additional products referenced are seeking interchangeability status.

FDA Approved

Product Company Estimated launch Concentration Seeking interchangeability Citrate free Latex free Needle size
Amjevita™ Amgen January 31, 2023 Low (50MG) No Yes Yes 29G Syr. / 27G Pen
Hadlima™ Organon July 1, 2023 Low (50MG) No No Yes 29G Syr. / 29G Pen
Cyltezo™ Boehringer
Ingelheim		 July 1, 2023 Low (50MG) Yes, Approved
October 18, 2021		 Yes No 27G Syr. / 27G Pen
Yusimry™ Coherus July 1, 2023 Low (50MG) No Yes Yes Unknown
Hulio™ Viatris July 31, 2023 Low (50MG) No Yes Yes 29G Syr. / 29G Pen
Hyrimoz™ Sandoz July 1, 2023 Low (50MG) No No No 27G Syr. / 27G Pen
Abrilada™ Pfizer November 20, 2023 Low (50MG) Yes Yes Yes 29G Syr. / 29G Pen
Idacio™ Fresenius Kabi September 30, 2023 Low (50MG) No Yes Yes 29G Syr. / 29G Pen

Pending Approval

Product Company Estimated launch Concentration Seeking interchangeability Citrate free Latex free Needle size
SB5-HC Organon July 1, 2023 High (100MG) Yes Yes Yes 29G Syr. / 29G Pen
AVT-02 Teva July 1, 2023 High (100MG) Yes Yes Yes Unknown
Yuflyma Celltrion July 1, 2023 High (100MG) No Yes Yes 29G Syr. / 29G Pen
ABP – 501 HC Amgen TBD High (100MG) Yes Yes No 29G Syr. / 27G Pen
Hyrimoz HCF Sandoz July 1, 2023 High (100MG) No Yes No 27G Syr. / 27G Pen

While Amjevita™ came to market in January, pharmacies need to be cognizant that it is a biosimilar but does not have interchangeability status. PAAS Audit Assistance members can see Biologic Drug Substitution in this month’s Newsline for additional information on biologic substitutions.

Biosimilar adoption relies, at least in part, on pharmacists. There was a report issued by Cardinal Health that identified > 60% of dermatologists, rheumatologists, and gastroenterologists would NOT feel comfortable prescribing a biosimilar if it did not have the interchangeability designation. Pharmacists can think of these biosimilars as alternative brands. There’s not likely to be great uptake in market share unless providers are aware and more willing to prescribe.

Additionally, OptumRx, Express Scripts and Prime Therapeutics are keeping Humira on formulary at parity with biosimilars, meaning patients won’t have a financial reason to switch. Why change to a biosimilar if you can continue to take Humira for no additional cost? Perhaps patients new to therapy could try a biosimilar first, but it seems to reason that adoption will be slow in 2023.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Cyltezo is currently the only FDA approved interchangeable biosimilar for Humira (coming to market July of 2023)
  • Some large payers are keeping Humira on formulary for 2023, but other may not
    • Watch for soft-rejects alerting pharmacies to preferred biosimilars
    • PBMs may allow Humira to process, but severely underpay the claim
  • See PAAS’ Biologic Injectable Medication and Insulin Medication chart for interchangeable biosimilars
  • Use the FDA Purple Book as a resource for biosimilars and interchangeability

PerformRxSM Investigational Audits Are on the Rise

PAAS National® has recently seen a new trend with investigational audits completed by PerformRxSM. These audits are a combination of an invoice, desk, and a compliance audit. Pharmacies must obtain invoices for the requested date range, 25-60 prescriptions, signature logs and proof of copay collection for all refills.

This investigational audit also includes an extensive questionnaire. The questionnaire may have unique questions based on idiosyncrasies the PBM has identified for your pharmacy. Mailing and delivery procedures and automatic refill policies are just some of the questions pharmacies must address.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

We urge pharmacies to review their written Standard Operating Procedures (SOP) and Fraud, Waste, & Abuse Compliance Programs. Updates may be necessary to ensure your policies and procedures are compliant with current practice. The Onsite Credentialing Guidelines we have created is an excellent tool to prepare you for common questions PBMs may ask.

Remember to engage PAAS analysts early to ensure you have the most successful outcome.

PAAS Tips:

Looking for an FWA/HIPAA Compliance program? Schedule a service overview with PAAS National® today and learn how to get started on customizing your Policy and Procedure Manual. 

LifeScan Continues to Pursue Pharmacies Purchasing from Unauthorized Distributors

Test strip manufacturers sit in a unique position when it comes to monitoring nonprescription diabetic supply purchasing and dispensing. Manufacturers acquire purchase histories from authorized distributors regarding the volume of test strip products ordered by a pharmacy. Additionally, manufacturers can obtain information regarding the amount of test strip-associated rebates paid to PBMs by NCPDP number. With simple math, the manufacturer can identify when a pharmacy has not ordered diabetic test strips from a source they authorize.

This has occurred repeatedly with Lifescan, with recoupment demands last seen in 2021. Like previous communications, these letters are borderline extortionary – demanding payment in a short time and threatening to notify PBMs for non-compliance.

PAAS National® has assisted on numerous cases pertaining to test strip manufacturers (and PBMs) trying to recoup funds on the premise of pharmacies utilizing unauthorized distributors. PAAS can help your pharmacy further navigate the demand. If you’ve been contacted by LifeScan, be protected and contact PAAS (608) 873-1342 to get guidance and one-on-one support from a PAAS analyst.