Vaccinating Outside of Approved COVID-19 Emergency Use Authorization Has Legal Ramifications

As reported in a September 27, 2021 article by the US Attorney’s Office, the owner of a pharmacy in Juana Díaz, Puerto Rico, “knowingly and willfully” administered vaccine outside of the Emergency Use Authorization (EUA) and subsequently billed Medicaid for the claims. Twenty-four children between 7-11 years of age were vaccinated with the Pfizer-BioNTech COVID-19 vaccine.  The current EUA is solely for the age group of 12-15 years of age, with patients 16 years or older FDA-approved. Pharmacies are required to follow the requirements pertaining to COVID-19 vaccine administration set forth by the FDA, which includes any EUAs in place. Due to the violations, the owner was charged with “participating in a felony conspiracy to convert government property and to commit health care fraud”, to which they plead guilty. For the guilty plea, they voluntarily forfeited their right as a provider for all federal health care programs for five years and returned the reimbursement paid to the pharmacy by the illegitimate Medicaid claims to the United States. In addition, they face up to five years in prison, a fine of up to $250,000, and three years of supervised release.

Due to the seriousness of administering COVID-19 vaccine outside of FDA guidance, this case reiterates the importance of confirming patient eligibility. Due diligence must be performed to substantiate the patient receiving a vaccine dose, including an additional “third” or booster dose. Short of obtaining the patient’s medical record, utilizing PAAS’ COVID-19 Vaccine Self Attestation document, located on the PAAS Portal under Tools & Aids for PAAS Audit Assistance members, will help support a vaccine dose was appropriately given. For more information PAAS Audit Assistance members can refer to the October 2021 Newsline article, COVID-19 Vaccine Administration Audit Risk.

MedImpact is Turning Up the Heat on FWA Investigations

PAAS National® has recently received several FWA audit results requiring the pharmacy to submit additional, and arduous, supporting documentation. Pharmacies need to be aware of the audit risks for medications with high Average Wholesale Prices (AWP) and narrow FDA approved indications (e.g., Pennsaid®). Significant time and effort must be put forth by the pharmacy, prescriber and potentially the patient, to support these claims.

MedImpact FWA audit results are requesting numerous items to support the claims submitted by the pharmacy. Important to note, these results have included many claims that were never paid by the plan. Any claim submitted to a PBM can be requested for audit, even if rejected at point of sale. Clearly these FWA audits are not focusing solely on financial recoupment, but also suspicious conduct by the pharmacy (i.e., test claims). Keep the following in mind:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  1. Prescriptions transferred from a pharmaceutical hub are under scrutiny. Claims for high AWP medications, with an origin code of 5, are easy claims for a PBM’s algorithm to flag. MedImpact results have come back to pharmacies requesting medical records to show proof of a valid patient/prescriber relationship and to support the necessity of the medication – often difficult to obtain. The audit results have also requested proof the patient authorized or requested these transferred prescriptions be filled prior to adjudication.
  2. Patient’s medication and pharmacy history are also being tracked by MedImpact during these audits. Prescription claims for patients starting on a high AWP formulation, versus potential lower cost therapies, are requiring a prescriber attestation with justification (again, not always easy to obtain). Pharmacies filling prescriptions for the first time for a patient, and only filling these high AWP medications, have been required to provide a written explanation of how these prescriptions were obtained.

With the current public health emergency, pharmacies must be diligent in verifying the legitimacy of telemedicine prescriptions, especially for high AWP medications. See the June 2019 PAAS Newsline article, Telemedicine: Questions to Consider from an Audit Perspective for more information.

Are You Violating PBM Return to Stock Policies? (including New PAAS Chart)

PAAS National® continues to see pharmacies losing money due to violating PBM Return to Stock policies. Each PBM sets a timeframe that unclaimed prescriptions must be reversed and returned to stock. Full recoupment of the claim can occur when a PBM discovers prescriptions are dispensed to patients outside this timeframe. Staying up to date on Return to Stock requirements is imperative. PAAS has a chart available on the PAAS Member Portal (portal.paasnational.com) in our Tools & Aids section so you can stay up-to-date on these policies.

The strictest Return to Stock Policy is 10 calendar days. Pharmacies that currently have a policy for 14 days are running the risk of full claim recoupment from these specific PBMs.

Recoupments are preventable if pharmacies follow through on this very important task. PAAS Fraud, Waste & Abuse and HIPAA Compliance Program members have a customized policy in their manual.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

PAAS Tips:

  • Review and update your pharmacy policy for unclaimed prescriptions and make necessary changes to comply with strict PBM requirements, Section 4.1.1 Unclaimed Prescriptions of your PAAS FWA/HIPAA Compliance manual
    • Review and provide notice to staff of any updates/changes made to current policy.
    • Members may also refer to Appendix B of the manual for the Unclaimed Prescription Reversal Log. This is a helpful tool to assist pharmacies in completing this task.
    • Documenting when the task has been completed provides support that your pharmacy is following their FWA program.
  • Check with your software vendor on the ability to run reports to show prescriptions waiting to be picked up > 10 days
  • Software vendors may be able to set your point-of-sale system to deny the ability to sell past 10 days
  • Assign Return to Stock procedures to one person and allocate time to complete
  • See the June 2021 PAAS Newsline article, Would Your REMS Prescription Pass an Audit? for REMS dispensing and timeframe requirements
  • Be sure to review additional areas where waiting prescriptions are kept (e.g., refrigerator, special order shelf, or an overstock shelf)
  • Partial and LTC prescriptions also fall into these timeframe requirements

Not a PAAS Fraud, Waste & Abuse and HIPAA Compliance Program member? Contact PAAS today at (608) 873-1342 or info@paasnational.com and save $120 by combining services.

Billing Insulin & Related Supplies – Medicare Part B vs Part D

PAAS National® analysts frequently field questions about billing insulin and related supplies – this can be particularly confusing when the patient has Medicare coverage. Coverage of insulin and related supplies may depend on both the type of Medicare benefit and how the item is being used. Specifically, insulin vials and alcohol swabs could be covered under either Medicare Part B or Part D!

Remember that Medicare patients could have prescription and medical benefits that are separate or combined.

  • Separate: stand-alone medical benefit Fee-for-Service (FFS), also known as “Original Medicare” + stand-alone pharmacy benefit through a Part D Plan (PDP)
  • Combined:  medical and pharmacy benefit under one roof (sometimes called Medicare Part C) through Medicare Advantage (MAPD) Plan

Here is a chart to help you identify the correct payer depending on the type of Medicare benefit and the item in question.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Pharmacy Medical Combined
Medicare Part D (PDP) Original FFS Medicare

(Part B/DMEPOS)

 Medicare Advantage

(MAPD)
Insulin supplies
 Insulin pen Yes No Yes
 Insulin vial for self-administration Yes No Yes
 Insulin vial for pump1 No Yes Yes
 Insulin syringes Yes No Yes
 Alcohol Swabs for Part D drug2 Yes No Yes
 Alcohol Swabs for glucose testing No Yes Yes
Testing Supplies
 Test Strips No Yes Yes
 Lancets No Yes Yes

A few nuances to keep in mind:

  1. Generally, insulin for a pump is covered under Medicare Part B, unless the patient does not meet coverage criteria. See September 2020 PAAS Newsline article Billing Insulin for a Pump is Tricky, Especially for Medicare Patients for more details.
  2. Alcohol swabs are only covered under Part D when used for a Part D “drug” (like insulin or Humira®) according to Section 10.5 of the CMS Prescription Drug Benefit Manual Chapter 6. Additionally, PBMs are likely to audit for high AWP alcohol swabs or when used in excess (i.e., if patient is to use both “before and after” injection). See August 2019 PAAS Newsline article Why Would Anyone Audit Alcohol Swabs? for more details.

PAAS Tips:

  • If you are unsure about a patient’s Medicare coverage (PDP vs MAPD), then ask to see a copy of their card and look for “MAPD” or “Medicare Advantage” wording or call pharmacy help desk if needed
  • If a Medicare patient presents a prescription for insulin vials, clarify if self-administered or used in a pump
    • The instructions for use may make the route clear such that no clarifications are needed
    • The presence of insulin syringes on patient’s profile may also make the route apparent
  • If a Medicare patient presents a prescription for alcohol swabs, clarify what they are being used with

COVID-19 Vaccine Administration Audit Risk (including New PAAS Resource)

With additional doses of the COVID-19 vaccine being approved comes additional opportunities for COVID-19 audits, particularly in the realm of vaccine administration to Medicare beneficiaries at their homes and to the immunocompromised patient population.

At the beginning of June, Medicare began their initiative of paying approximately $75 per vaccine dose administered to patients who have difficulties leaving their homes or are considered “hard-to-reach”.  Effective August 24, 2021, Medicare broadened the locations in which patients can receive vaccine administration to include “communal space of a multi-unit or communal living arrangement.” Additionally, Medicare allowed for increased payment, allowing for the $75 payment amount up to a maximum of five vaccine administration services within a single group living location as long as less than 10 Medicare patients receive the COVID-19 vaccination dose on the same day at the same location. Take the following example of two Medicare beneficiaries in the same household which was laid out in CMS’ Medicare Payment for COVID-19 Vaccination Administration in the Home document, and serves as a great reference document to have on hand if providing at home COVID-19 vaccinations:

  • From June 8, 2021 to August 24, 2021: Medicare pays approximately $115 ($35 for the in-home vaccination rate plus 2 x $40 for each dose of the COVID-19 vaccine)
  • Effective August 24, 2021: Medicare pays approximately $150 (2 x $35 for the in-home vaccination rate plus 2 x $40 for each dose of the COVID-19 vaccine)

The audit risk lies in the need to document.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
To avoid risking an audit recoupment, there must be clear documentation to support their, “clinical status or barriers they face to getting the vaccine outside the home”. CMS provides the following situations:

  • They have a condition, due to an illness or injury, that restricts their ability to leave home without a supportive device or help from a paid or unpaid caregiver
  • They have a condition that makes them more susceptible to contracting a pandemic disease like COVID-19
  • The patient is hard-to-reach because they have a disability or face clinical, socioeconomic, or geographical barriers to getting a COVID-19 vaccine in settings other than their home. These patients face challenges that significantly reduce their ability to get vaccinated outside the home, such as challenges with transportation, communication, or caregiving

Secondarily, there could be audit risk tied to administering an additional dose of vaccine, again due to the need for proper documentation. Note that a third dose of the vaccine is separate and distinct from administering a booster dose of the vaccine. Refer to the table below for the specific details of each:

Additional (Third) Dose1 Booster Dose2
 Patient Demographic
  • Been receiving active cancer treatment for tumors or cancers of the blood
  • Received an organ transplant and are taking medicine to suppress the immune system
  • Received a stem cell transplant within the last 2 years or are taking medicine to suppress the immune system
  • Moderate or severe primary immunodeficiency (such as DiGeorge syndrome, Wiskott-Aldrich syndrome)
  • Advanced or untreated HIV infection
  • Active treatment with high-dose corticosteroids or other drugs that may suppress your immune system
  • Individuals 65 years of age or older
  • Individuals 18-64 years old at high risk of severe COVID-19
  • Individuals 18-64 years old whose frequent institutional or occupational exposure to SARS-CoV-2 puts them at high risk of serious complications of COVID-19 including severe COVID-19
 3rd Vaccine Dosing Interval At least 28 days after 2nd dose At least 6 months after 2nd dose
 Effective Start Date mRNA COVID-19 vaccine –

Approved 9/2/2021

 Pfizer-BioNTech –

Approved 9/24/21

1 CDC COVID-19 Vaccines for Moderately to Severely Immunocompromised People

2 CDC Statement on ACIP Booster Recommendations

PAAS recommends having the patient attest to qualifying for an additional (third) dose, or booster dose, of the mRNA COVID-19 vaccine, although we do not believe knowing the patient’s exact diagnosis or condition is necessary. In a meeting between the CDC and NCPDP, it was stated that, “Providers should be responsible to receive attestation from patients regarding appropriate timelines”. Included in October’s Newsline is a new resource: COVID-19 Vaccine Additional (Third) Dose and Booster Dose Self-Attestation of Eligibility. You can find this resource under our Tools & Aids section of the PAAS Member Portal (portal.paasnational.com). Pharmacies can use this attestation for patients to fill out at the time of vaccine administration. Consider filing it with your placeholder prescription for easy retrieval.

Getting Help with an Audit

Oh no! You just received an audit, now what? First step is to get your audit notice to PAAS National® as soon as you receive them.

Pre-audit assistance steps:

  1. Call (608) 873-1342 to get a case step-up for your incoming audit notice
  2. Send in your audit, one of three ways and please reference the case number upon sending in:
    • Email the audit notice to info@paasnational.com
    • Fax to (608) 873-4009
    • Upload an audit on the PAAS Member Portal under “Access Services” in the left hand navigation
  3. Upon receiving your notice, a PAAS Analyst will reach out to you within 1-2 business days to guide you on next steps and documentation collection.

Post-audit/appeal assistance:

  1. Get your audit results to PAAS as soon as you receive them via email info@paasnational.com or fax (608) 873-4009, please reference the case number upon sending in. Note: If you don’t have a case set-up with us from pre-audit assistance, please call (608) 873-1342 to start a case.
  2. Upon receiving the results, a PAAS Analyst will review your results and provide appeal guidance as soon as possible.

PAAS Tip:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
  • Send all pages of audit notice to PAAS before you start document collection
  • All audits have deadlines, time is of an essence for getting PAAS the notice and/or appeals. The more time we have the better.
  • When additional information is requested, organize documents in order as per the audit notice
  • If you have multiple pages, numbering the pages has provided many benefits including:
    1. Better organization
    2. Ensuring nothing is missing
    3. Making phone calls with PAAS team or PBM auditor more efficient

Humana Audit Program Updates

On July 1, 2021 Humana updated three audit program documents and published them on their public pharmacy resources page under the “Manuals and forms: Audit guide, claim form and other materials” tab section. Below is a list of the three documents and important updates for each.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Humana Pharmacy Solutions Audit Uniform Prescriber Statement Form

  • One page document necessary to appeal various discrepancy codes
  • New as of July 1, 2021
  • Replaces the Prescriber Statement that was required to be handwritten on prescriber pre-printed prescription pads
  • Prescriber statements will not be accepted during appeal unless submitted on this form

Humana Pharmacy Solutions Audit Discrepancy Code List

  • Eight page document that describes each discrepancy code, identifies the financial outcomes, and acceptable appeal materials (coined “mitigating documentation”)
  • There are no longer references to the Corrected Values Form
  • Pharmacies may submit documentation to appeal discrepancies that otherwise would result in a $5.00 Administrative Penalty (e.g. Incorrect Origin Code IOCP)
  • Some discrepancies may now be appealed with electronic date/time stamped notes from your pharmacy system
  • There are now 4 codes describing different Invalid Signature Logs (instead of 1) that provides more appeal flexibility
  • Missing Signature Logs (MSL) may now be appealed with original signature logs rather than having to get a Member Statement (in some states)
  • Wrong Hard Copy (WHC) may now be appealed with a Prescriber Statement
  • Member Statements (PAAS National® often calls these “Patient Affidavits”) that are signed by someone other than the patient must include signature, print name and relationship to the patient

Humana Pharmacy Solutions Audit and Claim Review Guide

  • Twenty-one page document explains Humana audit program, processes and documentation requirements
  • Section 2.1.4 explains that pharmacies will be assessed a 25% penalty (capped at $10,000) for late submissions for desk audits – if no response is submitted by the post-audit (appeal) due date, then Humana may assess 100% claim recoupment
  • Section 2.2 explains that onsite audits may review up to 150 claims and that pharmacies wishing to reschedule must request within 7 days of the audit letter
  • Section 5.9 states that Humana does not require pharmacies to break boxes of insulin pens and that pharmacies may submit max day supply on claims and monitor for future refill appropriateness (e.g. the PAAS “ILQ process”)
  • FAQ #15 explains that audit results are typically sent within 30-60 days (PAAS often finds that Humana results take longer to receive than many other PBMs that often send results < 30 days)

Self-Audit Series #6: Transfer Prescriptions

Transferred prescriptions are at high risk for audit recoupment. The PBMs are hitting pharmacies on incomplete transferred prescriptions based on missing required elements. In many cases, these discrepancies are flagged as “law violations” and are difficult to appeal. Your state has specific elements that must be documented on the transferred prescription. Don’t let a simple mistake cost you big money!

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Always double check your transferred prescriptions against your state’s transfer requirements to avoid these recoupments. Contact PAAS (608) 873-1342 or info@paasnational.com if you need assistance obtaining a copy of your state transfer elements.
  • Consider utilizing a dedicated transfer prescription pad with blanks for required elements specific to your state.
  • If your pharmacy has a “transfer screen” where information is recorded, be sure to provide this information during a desk or on-site audit.
  • Section 3.14 of NCPDP Version D Questions and Answers states , all transfers should be billed with origin code 5 regardless of how you receive the prescription from the other pharmacy.
  • Be sure the original written date, not the transfer date, is entered into your pharmacy system to avoid refilling beyond the legal expiration date.
  • Ensure staff involved in receiving and typing  transferred prescriptions are familiar with the required elements of a valid transfer in your state.
  • Please see our May 2021 Newsline article Forwarding Unfilled Electronic Prescriptions for best practice when pharmacies are under common ownership or combo shop pharmacies.
  • Routinely perform a self-audit for prescriptions with an origin code of 5 and check the hard copies for accuracy.
  • Catch up on this year’s self-audit series:

LifeScan Hires Law Firm to Pursue Pharmacies Purchasing from Unauthorized Distributors

Test strip manufacturers sit in a unique position when it comes to monitoring nonprescription diabetic supply purchasing and dispensing. Manufacturers acquire purchase histories from authorized distributors regarding the volume of test strip products ordered by a pharmacy. Additionally, manufacturers can obtain information regarding the amount of test strip-associated rebates paid to PBMs by NCPDP number. With simple math, the manufacturer can identify when a pharmacy has not ordered diabetic test strips from a source they authorize.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
This was the premise for a law firm who went after pharmacies on behalf of Lifescan, the manufacturer of One Touch test strips. The law firm wrote correspondence to pharmacies, notifying them of alleged discrepancies between claims they submitted, and were subsequently paid for, and the purchase history obtained from a LifeScan Authorized Distributor.

In fact, legal action pertaining to test strip manufacturers alleging pharmacies and/or distributors malpractices have a long-standing history. In 2015, Abbott filed a complaint that U.S. pharmacies, wholesalers, and other distributors were selling Freestyle® test strips intended for sale internationally. This prompted both Caremark and Express Scripts to change their policies regarding authorized distributor use due to manufacturers withholding millions in rebates owed to PBMs. In 2019, Roche Diagnostics filed multiple lawsuits claiming, “nationwide fraud for improper sourcing or billing of diabetic test strips that caused the manufacturer to pay millions of dollars in unwarranted rebates.” This was previously written about in May 2019’s Newsline article, Fraud Risk with Diabetic Test Strip “Authorized Distributors” and Manufacturer Lawsuits.

It is of the utmost importance that the test strip distributor(s) pharmacies choose are properly vetted. PAAS National® has assisted on numerous cases pertaining to test strip manufacturers and PBMs trying to recoup funds on the premise of pharmacies utilizing unauthorized distributors. Pharmacies may think they are saving money, but the repercussions can be exorbitant, including recoupments, contract termination, and legal actions.

Manufacturers have compiled a list of authorized distributors which is posted on their websites. Refer to each manufacturer’s online authorized distributor list prior to purchasing test strips. Note that Drug Distributor Accreditation (DDA), formerly Verified-Accredited Wholesale Distributors (VAWD) is not the same as being an authorized distributor.

Abbott® (Freestyle): https://www.diabetescare.abbott/ click on “Distributors” at the bottom of the page

Ascensia® (Contour® Next): https://www.contournext.com/ click on “Distributors” at the bottom of the page

LifeScan® (OneTouch®): https://www.lifescan.com/transparency

Roche® (Accu-Chek®): https://rxvp.accu-chek.com/welcome/adr_list

Safeguarding ePHI – Office for Civil Rights (OCR) Summer Update

Safeguarding patient’s electronic PHI (ePHI) is a top priority for all who work in healthcare. Unfortunately, tactics hackers use to access ePHI have become more sophisticated and occur with an increasing frequency. The OCR Summer Update references a report that states in the healthcare sector, 61% of data breaches have been committed by external threats, leaving the other 39% by internal employees. This article serves to reflect upon how your pharmacy safeguards patient ePHI and potential considerations to strengthen those efforts.

Two HIPAA Security Rule standards, Information Access Management and Access Control, dictate how access to ePHI is handled. Each standard is then further divided into what is called “implementation specifications”. Each implementation specification is either required (entities must implement to be in accordance with the Security Rule) or addressable (entities must assess if that implementation specification is reasonable and appropriate). If the entity decides to forego an addressable specification, documentation of why, and if appropriate, what equivalent measures were implemented in its place, is necessary.

First, Information Access Management, made up of “Access Authorization” and “Access Establishment and Modification” implementation specifications, define how access to ePHI is authorized. It requires pharmacies to:

  • Have policies and procedures for granting ePHI access to personnel
  • Define to what degree of access is needed for an employee to adequately do their job
  • Explore how access is altered depending on a change in job description or employment

Example #1:  The pharmacy clerk who handles prescription sales may not require access to patient profiles.

Example #2: Changing system access to allow for remote access – something frequently done due to the pandemic.

Other points to consider include what policies and procedures does the pharmacy have in place to establish, document, review, and modify employees’ degree of access and who oversees ensuring such policies and procedures are followed. PAAS FWA/HIPAA compliance members should review Section 11.5 Information Access Management of their Policy and Procedure manual and the Employee Request for Access in Appendix B.

Second, the Access Control standard, which addresses the technical controls to ePHI access, requires access restrictions be in place to allow for ePHI only to be accessible in accordance with the Information Access Management processes discussed above. There are four implementation specifications included within the Access Control standard:

  • “Unique User Identification” (required) – Utilizing unique credentialing for each employee is an important aspect to preserve the security of ePHI. This identification can be implemented several ways, one being user-based access. Examples may include each employee having their own credentials to utilize when pulling up patient profiles or selling pseudoephedrine products. Another example would be role-based access, or only a pharmacist’s credentials will allow for additional access to ePHI that pharmacy technicians do not require.
  • “Emergency Access Procedure” (required) – When power or internet failures occur, interruption of workflow may happen. What degree of ePHI can a pharmacy get by utilizing while in such situations? This also includes the question of how employees working remotely have peace of mind that they are securely accessing ePHI without risking a breach.
  • “Automatic Logoff” (addressable) – Implementing a user being automatically logged off after a specified amount of time could decrease the risk of unauthorized access or misuse of PHI.
  • “Encryption and Decryption” (addressable) – Encrypting data can be used to reduce risks of unauthorized access to ePHI. If ePHI is encrypted following the NIST Special Publication 800-111 (Guide to Storage Encryption Technologies for End User Devices), it is considered secured per OCR’s guidance for securing PHI and therefore not subject to the Breach Notification Rule if a data breach or loss of a device containing ePHI would occur.

Covered entities, such as pharmacies, must keep PHI protected by ensuring their computer systems are secured. Section 11.5 Information Access Management of the PAAS FWA/HIPAA compliance program Policy and Procedure manual is designed to meet this standard.

PAAS Analysts are always happy to discuss how our Fraud, Waste, & Abuse and HIPAA compliance program is built to help you address federal regulations. Call (608) 873-1342 or visit paasnational.com to see how you can become an FWA/HIPAA Compliance Member today.