A Need for a Compliance Program – Attest with Confidence

Since 2009, PAAS National® Fraud, Waste & Abuse and HIPAA Compliance program was designed to meet the CMS requirements, with the full support of our expert staff – pharmacists and technicians just like you, with years of experience helping community pharmacies with FWA and HIPAA compliance. Don’t be fooled by offers for training and exclusion checks – work with the best compliance program available to community pharmacies!

Consider the following:

Humana’s 2022 Notice of Program Requirements

Humana’s Compliance Policy for Contracted Healthcare Providers explicitly states pharmacies must have a compliance program that meets the seven elements outlined by CMS, including written policies, procedures and standards of conduct. Per the 2022 Pharmacy Compliance Education and Training Requirements FAQs: “Humana reserves the right to request documentation (e.g., policies and tracking records) confirming that your organization has an effective compliance program that meets the requirements outlined in the Compliance Policy and Standards of Conduct.”

PerformRx Pharmacy Compliance Attestation 2022/2023

PerformRx requires attestations to the following:

The pharmacy has implemented and maintains a compliance program that is consistent, at minimum, with applicable federal and state requirements, including, but not limited to the standards set forth in 42 CFR §423.504(b)(4)(vi) and other Centers for Medicare & Medicaid Services (CMS) guidance set forth in the Medicare Part D Prescription Drug Benefit Manual.

Be proactive. Be prepared. Be protected. Ensure you have all your compliance bases met so that when you attest to having one, you can provide proof if requested for credentialing or audit.

Don’t have an FWA/HIPAA Compliance Program? Contact PAAS and receive a $126 discount when you combine services with your audit assistance. Get started today! info@paasnational.com or (608) 873-1342.

Is Your Pharmacy Ready for an Unannounced Audit?

Pharmacies are often startled with the limited amount of time a PBM offers prior to an onsite audit. However, PBM auditors, DEA agents, FDA inspectors and state Board of Pharmacy inspectors can also make unannounced visits.

Ensuring your staff members are prepared in case of an unannounced visit is essential. Since these visits occur without warning, the Pharmacist-in-Charge (PIC) and/or owner may not be working or available to assist. Keeping information in a central location and advising staff on how to handle these intimidating visits will make the process go much smoother.

PAAS National® has created a document to help pharmacies prepare for PBM visits. Located on our website, under the Tools & Aids Section, you can find our Onsite Credentialing Guidelines. This tool provides a list of frequently asked questions from auditors. The guide also includes references to the Policy and Procedure Manual for PAAS National® Fraud, Waste & Abuse and HIPAA Compliance members.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

PAAS Tips:

  • Anyone requesting access to PHI (or your professional service area) should be identified with a company issued picture ID and other validating information
    • Follow your pharmacy’s HIPAA policy for visitors. PAAS FWA/HIPAA members can document information on their Visitor’s Log located in their Policy and Procedure Manual
  • Check PAAS’ newest guide How to Be Prepared for An Onsite Audit located in our Tools & Aids Section
  • Make sure all staff are:
    • Up to date on FWA and HIPAA compliance training
    • OIG and GSA exclusion checked; required monthly, PAAS performs these checks daily for our FWA/HIPAA members and records are accessible on the PAAS Member Portal
  • Review and update your FWA/HIPAA Compliance Manual and the Onsite Credentialing Guidelines with your Compliance Officer and/or PIC
  • Keep copies of all documents requested by auditor or inspector
  • Keep copies of any documents you are requested to sign
  • Contact PAAS once your PBM visit is over as we can track this information to better serve all members based on your experience

Don’t have an FWA/HIPAA Compliance Program? Contact PAAS and receive a $126 discount when you combine services with your audit assistance. Get started today! info@paasnational.com or (608) 873-1342.

Why PAAS Cultural Competency?

Developed by pharmacists for community pharmacies, PAAS National® brings you a tailored approach to Cultural Competency and Linguistically Appropriate Services using the PAAS Care Model. Your training history is documented, retrievable and easily tracked throughout the year. Simply put, the training is more realistic for pharmacy staff, and documented should you ever need evidence of completion – training, done better.

“We understand there is a need to address federal and state requirements and meet PBM credentialing requirements,” stated Trent Thiede, President at PAAS National®, “The PAAS CARE Model can be used in any patient interaction to help identify a patient’s cultural differences and guide the pharmacy on how to proceed.”

The PAAS CARE Model is an acronym for Competence Evaluation, Adherence, Realistic, Evaluate and Educate in the training module. Our adage of “Be aware to CARE” uses real-life, pragmatic examples to serve as a launching pad for enhancing patient experiences. PAAS’ unique approach to training ensures its content resonates with all pharmacy staff, making the goal of cultural competence achievable, across the board.

Plus, if you are already a PAAS Fraud, Waste & Abuse and HIPAA Compliance member, your employees will have the ease of completing their FWA, HIPAA and Cultural Competency training on one screen. No clicking to multiple programs or browsers to access the yearly training for your staff.

If you would like more information about PAAS Cultural Competency Training Program starting at $99/year, please visit paasnational.com/culturalcompetency or contact PAAS National® at (608) 873-1342 or info@paasnational.com.

Excluded Individual Creates Chaos for A Pharmacy IF Not Caught Right Away!

PAAS National®’s Fraud, Waste and Abuse & HIPAA Compliance Program monitors the Office of the Inspector General (OIG) and General Services Administration (GSA) lists daily for our members, even though the requirement is monthly. The program allows members to print exclusion list checks and stores this documentation electronically. PBMs will often request this proof of exclusion checks during an audit. PAAS Audit Assistance members can see our September 2021 Newsline article, OIG and GSA Exclusion Checking – Are You Compliant?.

Recently PAAS identified an excluded individual as an exact match through our proprietary exclusion checking offered by the Fraud, Waste & Abuse and HIPAA Compliance Program. The Pharmacist-in-Charge was called immediately. PAAS’s quick actions prevented this excluded individual from working in the pharmacy, saving the owner a lot of heaches – fines and additional repercussions.

  • What is an excluded individual?
    • An excluded individual has been identified by the OIG and/or the GSA as a person who is not allowed to be involved with any acts or services that are associated with Federal healthcare payments (Medicare or Medicaid). This includes ordering, prescribing, fulfilling orders, or providing services.
  • What causes an individual to become excluded?
    • Conviction of a crime related to federal healthcare programs, patient abuse or neglect, felony conviction related to controlled substances, participating in other healthcare fraud, defaulting on health education loan, or other reasons.
    • See more information on the OIG website
  • What are the consequences of hiring an excluded individual?
    • Hiring an excluded individual is a direct violation of Medicare Part D contracts
    • Items or services involving an excluded individual in any way cannot receive reimbursement from Medicare or Medicaid.
    • The pharmacy may be required to pay up to $10,000 each claim that the excluded individual was involved in as well as up to three times the damages incurred from these claims.
    • A pharmacy owner and pharmacist employee recently agreed to pay $250,000 to resolve False Claims Act liability related to employing an excluded individual

PAAS Tips:

  • The pharmacy Compliance Officer should screen every individual for OIG and GSA exclusions prior to hire, monthly thereafter, or in accordance with state laws. This includes:
  • These exclusion list searches should be documented and retained for 10 years.
  • Enter the hired person’s name into the exclusion review system exactly as it appears on their state or federally issued form of identification in order to ensure integrity of the check
    • Keep in mind, excluding individuals often try to hide their identity by changing their name or using a different name – don’t take a chance.

On-Demand Webinar: Compliance Issues, HIPAA Enforcement and Audit Risks with COVID-19

On April 7, 2022 PAAS National® hosted Compliance Issues, HIPAA Enforcement and Audit Risks with COVID-19 webinar. PAAS Audit Assistance members have access to the recorded webinar, in addition to many other tools and resources on the PAAS Member Portal.

This webinar reviews:

  • Compliance Program Requirements (and why it matters to community pharmacies)
  • HIPAA Enforcement/Action
  • COVID-19 Vaccine Audit Risks (updated)
  • OTC COVID-19 Tests Audit Risks (and Medicare B guidance)
  • Onsite Audit Preparation

Yes, OTC COVID-19 Tests Can Be Audited!

Dispensing OTC COVID-19 tests is widespread through community pharmacies. Pharmacies must be aware that submitting claims to PBMs for these tests opens the window for auditing. Ensuring you have procedures in place to accurately purchase, bill and dispense these home tests is imperative. While the dollar amount of these claims does not seem audit worthy, PBMs will be checking for Fraud, Waste and Abuse and contract violations.

PAAS National® has created a COVID-19 Resources section for our members on the PAAS Member Portal. Here you can find the Patient Request and Attestation for OTC COVID-19 Test Billing and Frequently Asked Questions. These documents have been created for our members to help answer questions and ease the documentation burden so pharmacies can save time and be audit ready.

Recently, a PAAS member received an audit request and results for an invoice audit targeting OTC COVID-19 tests. The audit was for a very short time frame and the PBM had already contacted patients to verify what manufacturer and quantity of tests the patient had received. Only tests that have been authorized by the FDA should be billed and dispensed. You can find a list of approved tests here.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Hackers Don’t Sleep, Your PHI is At Risk! What Are Your Safeguards?

Pharmacies, big and small, may find themselves on the probing end of a hacker’s criminal scheme designed to access and steal protected health information (PHI). Recently, CVS Pharmacy, Inc., Ravkoo (affecting Amazon Web Services), and Florida-based BioPlus Specialty Pharmacy Services LLC have all been targets of malicious actors after PHI. It comes as no surprise that the U.S. Department of Health and Human Service’s Office for Civil Rights (OCR) 2022 first quarter Cybersecurity Newsletter reported an increase in cyberattacks from 2020 to 2021. According to the OCR’s report, cyberattacks and “IT incidents” accounted for 66% of breaches affecting 500 individuals or more, and according to the 2020 Data Breach Investigations Report by Verizon, over 80% of data breaches due to hacking were from weak authentication requirements.

Having safeguards in place to detect, and prevent, unauthorized users from accessing PHI and electronic PHI (ePHI) is a requirement for all covered entities as outlined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and clarified by the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. Although ePHI is usually the target of cyberattacks, it is important to be aware of the potential for internal breaches as well, some of which may be the result of inadequate policies and procedures, not necessarily malicious actors. Rite Aid pharmacy chain found out the hard way that tossing medication vials with patient information into their regular trash bins was not the correct way to dispose of PHI. Rite Aid’s $1 million settlement for having insufficient internal policies and procedures for handling PHI can serve as a reminder of the importance of evaluating your own HIPAA policies and procedures. In fact, periodically reviewing your security protocols and correcting your security shortcomings is a HIPAA Security Rule requirement.

PAAS National® has a customizable Fraud, Waste & Abuse (FWA) and HIPAA Compliance Program with tools and resources to help pharmacies meet HIPAA and HITECH compliance requirements. The PAAS FWA/HIPAA Compliance Program walks members through setting up a robust compliance program which includes:

  • appointing HIPAA Privacy and Security Officers,
  • performing a Risk Analysis to identify and document threats and vulnerabilities that may impact ePHI,
  • developing administrative, technical and physical safeguards to protect ePHI,
  • developing customized HIPAA Policies and Procedures (including proper PHI disposal, security reminders, access controls, prevention of malicious software, etc.),
  • online HIPAA training and much, much more!

Having a robust HIPAA Compliance Program and an educated workforce that is fully engaged in protecting PHI can greatly reduce the risk of unauthorized access to PHI and ePHI. Don’t be the weak link and have no plan in place – it’s the law!

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

  • Review your HIPAA policies and procedures to check for appropriate administrative, technical, and physical safeguards
    • Administrative safeguards should include risk analysis, risk management, sanction policy, and information system activity review
    • Technical safeguards include access control (i.e., user identification, emergency access procedure, automatic logoff, encryption, and decryption), audit controls, ePHI integrity, person/entity authentication, and transmission security
    • Physical safeguards include facility access controls (i.e., contingency operations, facility security plan, access control and validation procedures, maintenance records), workstation use and security, and device and media controls
  • PAAS National® is here to assist you with your FWA and HIPAA Compliance needs and questions, call (608) 873-1342 today to start customizing a program for your pharmacy!

LIVE WEBINAR APRIL 7th: Compliance Issues, HIPAA Enforcement and Audit Risks with COVID-19

Join President of PAAS National®, Trenton Thiede, PharmD, MBA for a LIVE webinar “Compliance Issues, HIPAA Enforcement and Audit Risks with COVID-19” on April 7, 2022 from 2-2:45pm CT as he discusses:

  • Compliance Program Requirements (and why it matters to community pharmacies)
  • Recent HIPAA Enforcement/Action
  • COVID-19 Vaccine Audit Risks (updated)
  • OTC COVID-19 Tests Audit Risks (and Medicare B guidance)
  • Onsite Audit Preparation

We will allow for some Q&A at the end of the webinar.


PAAS Audit Assistance members will have access to a recording on the PAAS Member Portal if they are unable to attend the live event.

Four Tips for Navigating Pharmacy Compliance Audits in 2022

by Tracie Acosta, CPh, Published March 11, 2022 by Pharmacy Times

In recent years, the auditing process has evolved into a full-blown investigation, often requiring pharmacies to submit hundreds of pages of documentation

Compliance audits launched by pharmacy benefit managers (PBMs) have long been a cause of frustration for pharmacies, especially independent community pharmacies with limited manpower and resources compared to large chains. This challenge has only magnified since the onset of the COVID-19 pandemic in early 2020.

PBMs have adapted their practices by switching to virtual audits, leaving them with the ability to review more claims than ever before. As a result, pharmacies that are juggling the chaos of audit documentation, vaccine distribution, prescription refills, and a plethora of other responsibilities stand to lose. It’s no wonder that the average audit in 2020 cost pharmacies $23,978, which is 35% more than the annual average over the previous 5 years, according to the pharmacy audit assistance service, PAAS National.

Traditionally, a PBM would simply check that the pharmacy received a valid prescription, dispensed the proper amount according to the prescription, and submitted a claim for the correct amount dispensed. But in recent years, the auditing process has evolved into a full-blown investigation, often requiring pharmacies to submit hundreds of pages of documentation—and auditors can even use minor clerical errors as excuses to deny payments.

As pharmacy compliance audits grow in sophistication, it’s up to pharmacies to remain diligent in monitoring their operations, especially the following aspects of their operations in 2022. Here are some tips for getting ahead of and managing audits in the year ahead.

Continue to read the full article here.

Top 10 PAAS National Articles of 2021

PAAS Audit Assistance members receive a monthly newsletter with new audit tactics and prevention tips. The printed newsletter, PAAS National® Newsline is only a fraction of the content that we put out each month as members have access to additional content online in the Member Portal, in addition to an archive of articles.

The top 10 Newsline articles for 2021 include:

  1. Audit Risk: Ivermectin Used for Treating COVID-19
  2. COVID-19 Vaccine Billing Guidance
  3. Updated Dispense in Original Container Chart
  4. Are You Documenting DUR and Submission Clarification Codes?
  5. Dispensed Quantity is Different from the Prescription – Do I Need Documentation?
  6. HHS Advisory Opinion on Contract Pharmacies Under the 340B Program
  7. COVID-19 Vaccine Administration Audit Risk (Including a New PAAS Resource)
  8. Fraud, Waste, & Abuse and HIPAA Compliance Updates for 2021
  9. “Forwarding” Unfilled Electronic Prescriptions
  10. Victoza® – One Letter Can Cost You!

PAAS Audit Assistance Admins can also keep their employees informed to increase engagement and lower audit results by adding employees to the Portal so that their whole staff has access to the eNewsline.