Humana Audit Program Updates

On July 1, 2021 Humana updated three audit program documents and published them on their public pharmacy resources page under the “Manuals and forms: Audit guide, claim form and other materials” tab section. Below is a list of the three documents and important updates for each.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Humana Pharmacy Solutions Audit Uniform Prescriber Statement Form

  • One page document necessary to appeal various discrepancy codes
  • New as of July 1, 2021
  • Replaces the Prescriber Statement that was required to be handwritten on prescriber pre-printed prescription pads
  • Prescriber statements will not be accepted during appeal unless submitted on this form

Humana Pharmacy Solutions Audit Discrepancy Code List

  • Eight page document that describes each discrepancy code, identifies the financial outcomes, and acceptable appeal materials (coined “mitigating documentation”)
  • There are no longer references to the Corrected Values Form
  • Pharmacies may submit documentation to appeal discrepancies that otherwise would result in a $5.00 Administrative Penalty (e.g. Incorrect Origin Code IOCP)
  • Some discrepancies may now be appealed with electronic date/time stamped notes from your pharmacy system
  • There are now 4 codes describing different Invalid Signature Logs (instead of 1) that provides more appeal flexibility
  • Missing Signature Logs (MSL) may now be appealed with original signature logs rather than having to get a Member Statement (in some states)
  • Wrong Hard Copy (WHC) may now be appealed with a Prescriber Statement
  • Member Statements (PAAS National® often calls these “Patient Affidavits”) that are signed by someone other than the patient must include signature, print name and relationship to the patient

Humana Pharmacy Solutions Audit and Claim Review Guide

  • Twenty-one page document explains Humana audit program, processes and documentation requirements
  • Section 2.1.4 explains that pharmacies will be assessed a 25% penalty (capped at $10,000) for late submissions for desk audits – if no response is submitted by the post-audit (appeal) due date, then Humana may assess 100% claim recoupment
  • Section 2.2 explains that onsite audits may review up to 150 claims and that pharmacies wishing to reschedule must request within 7 days of the audit letter
  • Section 5.9 states that Humana does not require pharmacies to break boxes of insulin pens and that pharmacies may submit max day supply on claims and monitor for future refill appropriateness (e.g. the PAAS “ILQ process”)
  • FAQ #15 explains that audit results are typically sent within 30-60 days (PAAS often finds that Humana results take longer to receive than many other PBMs that often send results < 30 days)

Self-Audit Series #6: Transfer Prescriptions

Transferred prescriptions are at high risk for audit recoupment. The PBMs are hitting pharmacies on incomplete transferred prescriptions based on missing required elements. In many cases, these discrepancies are flagged as “law violations” and are difficult to appeal. Your state has specific elements that must be documented on the transferred prescription. Don’t let a simple mistake cost you big money!

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Always double check your transferred prescriptions against your state’s transfer requirements to avoid these recoupments. Contact PAAS (608) 873-1342 or info@paasnational.com if you need assistance obtaining a copy of your state transfer elements.
  • Consider utilizing a dedicated transfer prescription pad with blanks for required elements specific to your state.
  • If your pharmacy has a “transfer screen” where information is recorded, be sure to provide this information during a desk or on-site audit.
  • Section 3.14 of NCPDP Version D Questions and Answers states , all transfers should be billed with origin code 5 regardless of how you receive the prescription from the other pharmacy.
  • Be sure the original written date, not the transfer date, is entered into your pharmacy system to avoid refilling beyond the legal expiration date.
  • Ensure staff involved in receiving and typing  transferred prescriptions are familiar with the required elements of a valid transfer in your state.
  • Please see our May 2021 Newsline article Forwarding Unfilled Electronic Prescriptions for best practice when pharmacies are under common ownership or combo shop pharmacies.
  • Routinely perform a self-audit for prescriptions with an origin code of 5 and check the hard copies for accuracy.
  • Catch up on this year’s self-audit series:

LifeScan Hires Law Firm to Pursue Pharmacies Purchasing from Unauthorized Distributors

Test strip manufacturers sit in a unique position when it comes to monitoring nonprescription diabetic supply purchasing and dispensing. Manufacturers acquire purchase histories from authorized distributors regarding the volume of test strip products ordered by a pharmacy. Additionally, manufacturers can obtain information regarding the amount of test strip-associated rebates paid to PBMs by NCPDP number. With simple math, the manufacturer can identify when a pharmacy has not ordered diabetic test strips from a source they authorize.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
This was the premise for a law firm who went after pharmacies on behalf of Lifescan, the manufacturer of One Touch test strips. The law firm wrote correspondence to pharmacies, notifying them of alleged discrepancies between claims they submitted, and were subsequently paid for, and the purchase history obtained from a LifeScan Authorized Distributor.

In fact, legal action pertaining to test strip manufacturers alleging pharmacies and/or distributors malpractices have a long-standing history. In 2015, Abbott filed a complaint that U.S. pharmacies, wholesalers, and other distributors were selling Freestyle® test strips intended for sale internationally. This prompted both Caremark and Express Scripts to change their policies regarding authorized distributor use due to manufacturers withholding millions in rebates owed to PBMs. In 2019, Roche Diagnostics filed multiple lawsuits claiming, “nationwide fraud for improper sourcing or billing of diabetic test strips that caused the manufacturer to pay millions of dollars in unwarranted rebates.” This was previously written about in May 2019’s Newsline article, Fraud Risk with Diabetic Test Strip “Authorized Distributors” and Manufacturer Lawsuits.

It is of the utmost importance that the test strip distributor(s) pharmacies choose are properly vetted. PAAS National® has assisted on numerous cases pertaining to test strip manufacturers and PBMs trying to recoup funds on the premise of pharmacies utilizing unauthorized distributors. Pharmacies may think they are saving money, but the repercussions can be exorbitant, including recoupments, contract termination, and legal actions.

Manufacturers have compiled a list of authorized distributors which is posted on their websites. Refer to each manufacturer’s online authorized distributor list prior to purchasing test strips. Note that Drug Distributor Accreditation (DDA), formerly Verified-Accredited Wholesale Distributors (VAWD) is not the same as being an authorized distributor.

Abbott® (Freestyle): https://www.diabetescare.abbott/ click on “Distributors” at the bottom of the page

Ascensia® (Contour® Next): https://www.contournext.com/ click on “Distributors” at the bottom of the page

LifeScan® (OneTouch®): https://www.lifescan.com/transparency

Roche® (Accu-Chek®): https://rxvp.accu-chek.com/welcome/adr_list

Safeguarding ePHI – Office for Civil Rights (OCR) Summer Update

Safeguarding patient’s electronic PHI (ePHI) is a top priority for all who work in healthcare. Unfortunately, tactics hackers use to access ePHI have become more sophisticated and occur with an increasing frequency. The OCR Summer Update references a report that states in the healthcare sector, 61% of data breaches have been committed by external threats, leaving the other 39% by internal employees. This article serves to reflect upon how your pharmacy safeguards patient ePHI and potential considerations to strengthen those efforts.

Two HIPAA Security Rule standards, Information Access Management and Access Control, dictate how access to ePHI is handled. Each standard is then further divided into what is called “implementation specifications”. Each implementation specification is either required (entities must implement to be in accordance with the Security Rule) or addressable (entities must assess if that implementation specification is reasonable and appropriate). If the entity decides to forego an addressable specification, documentation of why, and if appropriate, what equivalent measures were implemented in its place, is necessary.

First, Information Access Management, made up of “Access Authorization” and “Access Establishment and Modification” implementation specifications, define how access to ePHI is authorized. It requires pharmacies to:

  • Have policies and procedures for granting ePHI access to personnel
  • Define to what degree of access is needed for an employee to adequately do their job
  • Explore how access is altered depending on a change in job description or employment

Example #1:  The pharmacy clerk who handles prescription sales may not require access to patient profiles.

Example #2: Changing system access to allow for remote access – something frequently done due to the pandemic.

Other points to consider include what policies and procedures does the pharmacy have in place to establish, document, review, and modify employees’ degree of access and who oversees ensuring such policies and procedures are followed. PAAS FWA/HIPAA compliance members should review Section 11.5 Information Access Management of their Policy and Procedure manual and the Employee Request for Access in Appendix B.

Second, the Access Control standard, which addresses the technical controls to ePHI access, requires access restrictions be in place to allow for ePHI only to be accessible in accordance with the Information Access Management processes discussed above. There are four implementation specifications included within the Access Control standard:

  • “Unique User Identification” (required) – Utilizing unique credentialing for each employee is an important aspect to preserve the security of ePHI. This identification can be implemented several ways, one being user-based access. Examples may include each employee having their own credentials to utilize when pulling up patient profiles or selling pseudoephedrine products. Another example would be role-based access, or only a pharmacist’s credentials will allow for additional access to ePHI that pharmacy technicians do not require.
  • “Emergency Access Procedure” (required) – When power or internet failures occur, interruption of workflow may happen. What degree of ePHI can a pharmacy get by utilizing while in such situations? This also includes the question of how employees working remotely have peace of mind that they are securely accessing ePHI without risking a breach.
  • “Automatic Logoff” (addressable) – Implementing a user being automatically logged off after a specified amount of time could decrease the risk of unauthorized access or misuse of PHI.
  • “Encryption and Decryption” (addressable) – Encrypting data can be used to reduce risks of unauthorized access to ePHI. If ePHI is encrypted following the NIST Special Publication 800-111 (Guide to Storage Encryption Technologies for End User Devices), it is considered secured per OCR’s guidance for securing PHI and therefore not subject to the Breach Notification Rule if a data breach or loss of a device containing ePHI would occur.

Covered entities, such as pharmacies, must keep PHI protected by ensuring their computer systems are secured. Section 11.5 Information Access Management of the PAAS FWA/HIPAA compliance program Policy and Procedure manual is designed to meet this standard.

PAAS Analysts are always happy to discuss how our Fraud, Waste, & Abuse and HIPAA compliance program is built to help you address federal regulations. Call (608) 873-1342 or visit paasnational.com to see how you can become an FWA/HIPAA Compliance Member today.

Hope to See You This Fall at the NCPA Annual Convention!

PAAS National® is hopeful to be at our first in-person event in almost two years. This fall, visit the PAAS team at the NCPA 2021 Annual Convention in Charlotte, NC on October 9-12, 2021. Trent Thiede will be at the premier event for community pharmacy owners. We hope to see you there! Stop by booth #1304 in the convention exhibit hall to connect with us.

We love to hear from our members on how we are helping you fight for fair audit treatment, and toward compliance with rules and regulations regarding HIPAA and Fraud, Waste and Abuse. For other community pharmacy friends/non-members we welcome the opportunity to chat with you on how PAAS works hard to keep your hard-earned money in your pocket.

For more details on this event, visit: ncpa.org/annual-convention

OIG and GSA Exclusion Checking – Are You Compliant?

The United States Department of Justice recently released the outcome of an investigation of the False Claims Act. Two pharmacists and their management company in Pennsylvania agreed to pay $250,000 to resolve the potential liability.

Claims were brought forward under qui tam, known as the whistleblower provision of the False Claims Act statue. After an investigation by U.S. Department of Health and Human Services’ Office of Inspector General (OIG), the U.S. Office of Personnel Management’s Office of Inspector General, and the U.S. Attorney’s Office for the Eastern District of Pennsylvania, it was discovered the management group and pharmacies employed a pharmacist that had been excluded from participating in federal health care programs. This exclusion occurred due to a felony-controlled substance conviction.

The investigation also revealed that the pharmacist in question, although having a suspended pharmacist license due to his conviction, had been given administrative authority and was filling prescriptions when pharmacists-in-charge were not available.

Claims billed to Medicare, Medicaid or the Federal Employee Health Program by an excluded person are considered false or fraudulent. Penalties, claim recoveries and possible pharmacy exclusion can result from an excluded employee. Pharmacies must be diligent in monitoring the OIG and the General Services Administration (GSA) exclusion lists. Potential employees must be checked prior to hire.

PAAS National®’s Fraud, Waste and Abuse & HIPAA Compliance Program monitors the OIG and GSA lists for our members. The pharmacy is notified immediately if an excluded employee is found. The program also allows members to print monthly exclusion lists and stores them electronically. PBMs will often request proof of exclusion checks during an audit.

Contact PAAS National® at (608) 873-1342 or visit paasnational.com/fwac-hipaa for more information on our FWA/HIPAA Compliance Program. By becoming an Elite member of both programs you save $120; join today to avoid any gaps between checks and get daily OIG and GSA exclusion list checks!  

PAAS Tip:

Audit Risk: Ivermectin Used for Treating COVID-19 (September Update)

Ivermectin has been getting a lot of press as of late, from news outlets, national associations, and federal agencies, regarding the dangers of using it to treat or prevent COVID-19. While many of the reports discuss the concern about using veterinary products, there are also many reports of adverse effects when using high, and unauthorized or unapproved, doses of human products.

In March of 2021, the FDA published an article titled Why You Should Not Use Ivermectin to Treat or Prevent COVID-19 which lays out some of the reasons it is currently considered an ill-advised treatment, including not being an anti-viral drug, potential for serious patient harm when taken in large doses, and potential for patients to access via illegitimate sources and/or medications intended for animals. Subsequently, the CDC issued an official health advisory on August 26 to remind both clinicians and the public about the lack of evidence to support ivermectin use for COVID-19 and the potential dangers. Despite the FDA warning, the CDC advisory indicated a 24-fold increase in the number of outpatient prescriptions being prescribed, compared to the pre-pandemic baseline.

Consequently, PAAS is seeing more PBM audits on ivermectin prescriptions. Pharmacies should be prepared to

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
have claims looked at for potential recoupment on the basis of “clinical appropriateness”. Pharmacists should give extra scrutiny to telemedicine prescribers who may not have a valid patient-provider relationship, be prescribing outside their scope of practice, or not licensed in the state in which the patient resides.

Due to the exponential increase in prescribing and dispensing, the AMA, APhA and ASHP issued a joint press release on September 1, 2021 calling for an immediate end to the prescribing, dispensing, and use of ivermectin for COVID-19 outside of clinical trials.

PAAS Tips:

  • See our July 2021 Article, Audit Risk: Ivermectin Used for Treating COVID-19
  • Prescriptions successfully processed at point-of-sale do not guarantee payment. PBMs, and payers, use pay and chase methods to recoup claims to avoid inhibiting potentially needed access to medications.
  • Prescriptions dispensed for cash may still carry risk (outside the scope of PAAS audit services).
    • While off-label prescribing is commonplace, what is atypical with ivermectin treatment for COVID is the FDA, CDC, NIH, and National Medical and Pharmacy Organizations recommending against its utility. Consequently, this seems to open the door for potential malpractice lawsuits to occur.
    • At face value, would a prescription be considered reasonable in the face of the aforementioned opposition, or does the pandemic environment and a pharmacist’s experience and professional judgement supersede?

Medicare Part D Audits: Top 11 Areas for Scrutiny

By Karen Blum, Published August 26, 2021 by Specialty Pharmacy Continuum

Medicare Part D pharmacy audits are on the rise, and pharmacists would be wise to adapt their business practices and know how to respond, an audit expert said at the virtual MHA 2021 Business Summit.

“Prior to COVID-19, we’ve seen a nearly 80% increase in audits that pharmacies experience,” said Trenton Thiede, PharmD, MBA, the president of PAAS National®, a pharmacy audit assistance company. These have primarily been from pharmacy benefit managers (PBMs) but also by plan sponsors and the Centers for Medicare & Medicaid Services, Dr. Thiede noted. The increase has occurred partly as a result of escalating health care costs and the opioid epidemic, as well as instances of fraud, waste and abuse, he said. There’s been a shift from on-site to more quick turnaround desk audits that try to validate quick outliers, such as high-dollar items or incorrect days’ supply. Nearly one-fourth of desk audits seen by his company now are for these prescription validation requests, he said.

Over the past year, due to COVID-19, many PBMs have conducted virtual audits. These take elements from both on-site and desk audits, Dr. Thiede said, asking compliance questions, requiring photos of the pharmacy area and copies of licenses, as well as requesting copies of prescriptions and signature logs.

Pharmacy owners who don’t perform well on audits face risking their reputation, license, fines and even imprisonment, he said. Financial recoveries are common, but his firm is seeing more and more network terminations due to poor compliance or bad actors.

Overall, pharmacies need the following items to perform well on audits: prescriptions that are legal and valid per state and federal laws, proof of filling and billing accurately, proof of dispensing, proof of copay collection, and documents to prove enough inventory was purchased from an appropriate source.

Common audit discrepancies can occur over items such as missing, invalid or altered prescriptions; unauthorized refills; refilling medication too soon; incorrect dispense-as-written (DAW) codes; missing or invalid signature logs; and issues delivering medication greater than 10 days after the date of fill, Dr. Thiede said.

Dr. Thiede presented the top 11 audit discrepancy areas noted by his firm, and advised how to prepare for them. >>Learn more

Humana Notice of Erroneous Billing under Medicare’s Limited Income Newly Eligible Transition Program (LINET)

Brace yourself, a Humana LINET recoupment could be in your future. LINET is a program that started January 1, 2010 under CMS, designed to simplify Part D prescription drug coverage for Medicare beneficiaries who are eligible for Medicaid (dual eligible) or the Medicare Low-Income Subsidy (LIS).

PAAS National® has received an exorbitant number of audits from Humana, the administrator for the LINET program, in the past two weeks. Pharmacies should be concerned about these supposed “overpayments” going back 6+ years and the potential industry implications that lie ahead. PAAS has researched the issue and wants to help your pharmacy respond to these egregious attacks on your business.

SPECIAL: Join PAAS for 1 year, instead of 2 years today to get assistance with this recoupment.

Call us at (608) 873-1342 or go to ‘Buy Now’ to join today!

PAAS’ insight and proactive guidance will help you build an audit wall around your pharmacy. We want to save you vast amounts of TIME and MONEY. See why more than 5,000 pharmacies across the US agree. As a member, you receive an unlimited amount of one-on-one audit assistance—as much as you need!

PHI Access and Release for Deceased Patients

According to the Office for Civil Rights (OCR), the Privacy Rule allows for pharmacies to disclose PHI about a deceased patient to person(s) involved in the individual’s health care prior to their death, unless doing so is going against the patient’s documented requests. If under law an executor, administrator, or similar individual has the authority to act on behalf of the deceased patient, a pharmacy can treat that person as a personal representative with respect to disclosing PHI.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

When assessing a deceased patient PHI request, can you ensure the relationship to the patient is understood to the extent you feel comfortable with disclosing a patient’s PHI? In such precarious situations, documentation is key. If there is a question about how to proceed, partner with your pharmacy’s Privacy Officer. For PAAS National® Fraud, Waste & Abuse and HIPAA Compliance members, reference Section 10.5 of your Policy and Procedure Manual and utilize Appendix B documents. The Manual, and PAAS staff, are here as a resource to make sure the pharmacy is aware of how to proceed appropriately.  Reach out to PAAS for additional guidance by calling (608) 873-1342 or emailing info@paasnational.com.

PAAS Tips:

  • Properly vet individuals who are requesting PHI on a patient’s behalf. Could you justify giving them the deceased patient’s PHI if asked? What supporting documentation would you have?
  • Document all PHI requests whether such requests have been granted or denied
  • Retain forms for a period of at least six years after date last in effect