Hundreds of Patient Information Requests for Medicare: What This Means for Your Pharmacy

Pharmacy personnel are all tasked with keeping patient protected health information (PHI) secure. When a request to access or release PHI is received by the pharmacy, panic may ensue if staff are not well versed in how to handle the requests to be compliant with 45 CFR §164.524.

First, a patient must …

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.

  • Access Services
    • Audit Documentation Submission Guidance
    • An online form to submit safe filling and billing questions
    • Your PAAS Membership Manual
  • Newsline
    • Monthly newsletter articles, written by our expert PAAS analyst team, provide safe filling and billing tips and relays relevant/current PBM trends to be help prevent audits
    • Search the Newsline Archive to get PAAS tips at the click of a button
    • Special Edition Newslines including: Top 10 articles of the prior year, DMEPOS Article Series and a Self-Audit Article Series
    • Ability to print monthly issues or individual articles
  • Proactive Tips
    • Audit flags – list of various claim attributes the PBMs use to select claims for audit
    • Billing insulin vials – flowchart to assist whether you should bill Medicare Part B vs Part D
    • DAW Codes Explained – use to understand when to effectively use DAW codes, their definitions and why claims may be flagged for audit if a DAW code is used incorrectly
    • Basic DMEPOS documentation guidance
    • Onsite Credentialing Checklist and expanded definitions of policies and procedures
    • Proof of refill request and affirmative response form for DMEPOS items
    • Steps on how to prepare for an onsite audit
    • And more!
  • Days’ Supply Charts
    • Utilize the days’ supply charts for inhalers, insulins, nasal sprays, eye drops and topicals to aid you in calculating the correct days’ supply
    • Guidance on overbilled quantities and incorrect days’ supply account for a sizable portion of audit chargebacks
    • Additional miscellaneous charts, which include: Dispense in Original Container and Return to Stock
  • Forms
    • Signature Logbook for print
    • Signature Trifold Mailer
    • Fax and Email Coversheet
    • Patient Attestation for over-the-counter COVID-19 test kits
  • On-Demand Webinars
    • Short webinars on hot topics in the PBM industry. Here are a few examples:
      • USP 800 Compliance
      • Cultural Competency Training
      • Dispensing Prescriptions Off-Label
      • Biologic Medications and Interchangeability
      • Continuous Glucose Monitor Requirements for Medicare Part B

PAAS Tips:

  • MORE AUDITS, MORE INSIGHT – PAAS National® is the industry-leading defender of community pharmacy dealings with Prescription Benefit Programs, including Caremark, Express Scripts, Humana, Medicaid, OptumRx, Prime Therapeutics., and more. PAAS assists on all third-party audits, including: desktop audits, onsite audits, invoice audits, OIG/Medicaid audits, Medicare B audits. The PAAS team is dedicated to helping you! We have five pharmacists and a complement of technician analysts with over 50 years of dedicated audit assistance experience. PAAS continuously updates their database with every audit received — in fact, we even keep a scorecard on individual auditors.
  • Get answers to your questions on days’ supply calculations, drug substitutions, billing practices, required documentation, prior authorization requirements, record retention, and internal audit procedures – just to name a few. As a trusted partner, we will provide tailored guidance to help you proactively prevent audits. Remember, the prescription claims you submit today are the audits of the future.
  • Keep your employees engaged and help lower audit risk by adding all employees to the portal and giving them permission to access these tools, resources and eNewsline. For more information review September 2019 Newsline article, What Are You Waiting For? Make Sure ALL of Your Employees are Added to the PAAS Portal!
  • Contact PAAS at (608) 873-1342, if you would like a tour of your PAAS Member Portal, so you can reap all the benefits of your PAAS Audit Assistance. We appreciate you being a member.

If you are not a PAAS FWA/HIPAA Compliance member and you are interested in adding this service or learning more, please contact us at (608) 873-1342 or email info@paasnational.com

Walgreens $107 Million Settlement for False Claims Act Violations

A recent Department of Justice press release outlined a settlement with Walgreens for nearly $107 million for False Claims Act violations related to claims billed to government programs that were never dispensed. The government alleges that from 2009-2020, Walgreens restocked thousands of prescriptions billed to Medicare and Medicaid and resold the same medication, effectively collecting payment twice on the same medications.

The underlying cause of the systematic overbilling was related to a feature in Walgreens’ pharmacy management software (Intercom Plus, IC+) where prescriptions which were billed but not sold were removed from the local IC+ servers after 29 days (to save space) and moved into an “Unaccounted-For Status” on the central IC+ server. Pharmacists in the stores could no longer see these prescriptions in the local IC+ work queue and there was no back-end process to reverse the paid claims that were moved into the Unaccounted-For Status. Essentially thousands of billed prescriptions “got lost” and Walgreens received payment for items never dispensed.

In January 2020, Walgreens self-disclosed the systematic error, began to implement corrective actions to resolve the problem, and fully cooperated with the government to settle the overpayments.

Two separate qui tam relators brought this systemic problem to the government’s attention and will receive $14.9 and $1.6 million dollars, respectively.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.

  • Access Services
    • Audit Documentation Submission Guidance
    • An online form to submit safe filling and billing questions
    • Your PAAS Membership Manual
  • Newsline
    • Monthly newsletter articles, written by our expert PAAS analyst team, provide safe filling and billing tips and relays relevant/current PBM trends to be help prevent audits
    • Search the Newsline Archive to get PAAS tips at the click of a button
    • Special Edition Newslines including: Top 10 articles of the prior year, DMEPOS Article Series and a Self-Audit Article Series
    • Ability to print monthly issues or individual articles
  • Proactive Tips
    • Audit flags – list of various claim attributes the PBMs use to select claims for audit
    • Billing insulin vials – flowchart to assist whether you should bill Medicare Part B vs Part D
    • DAW Codes Explained – use to understand when to effectively use DAW codes, their definitions and why claims may be flagged for audit if a DAW code is used incorrectly
    • Basic DMEPOS documentation guidance
    • Onsite Credentialing Checklist and expanded definitions of policies and procedures
    • Proof of refill request and affirmative response form for DMEPOS items
    • Steps on how to prepare for an onsite audit
    • And more!
  • Days’ Supply Charts
    • Utilize the days’ supply charts for inhalers, insulins, nasal sprays, eye drops and topicals to aid you in calculating the correct days’ supply
    • Guidance on overbilled quantities and incorrect days’ supply account for a sizable portion of audit chargebacks
    • Additional miscellaneous charts, which include: Dispense in Original Container and Return to Stock
  • Forms
    • Signature Logbook for print
    • Signature Trifold Mailer
    • Fax and Email Coversheet
    • Patient Attestation for over-the-counter COVID-19 test kits
  • On-Demand Webinars
    • Short webinars on hot topics in the PBM industry. Here are a few examples:
      • USP 800 Compliance
      • Cultural Competency Training
      • Dispensing Prescriptions Off-Label
      • Biologic Medications and Interchangeability
      • Continuous Glucose Monitor Requirements for Medicare Part B

PAAS Tips:

  • MORE AUDITS, MORE INSIGHT – PAAS National® is the industry-leading defender of community pharmacy dealings with Prescription Benefit Programs, including Caremark, Express Scripts, Humana, Medicaid, OptumRx, Prime Therapeutics., and more. PAAS assists on all third-party audits, including: desktop audits, onsite audits, invoice audits, OIG/Medicaid audits, Medicare B audits. The PAAS team is dedicated to helping you! We have five pharmacists and a complement of technician analysts with over 50 years of dedicated audit assistance experience. PAAS continuously updates their database with every audit received — in fact, we even keep a scorecard on individual auditors.
  • Get answers to your questions on days’ supply calculations, drug substitutions, billing practices, required documentation, prior authorization requirements, record retention, and internal audit procedures – just to name a few. As a trusted partner, we will provide tailored guidance to help you proactively prevent audits. Remember, the prescription claims you submit today are the audits of the future.
  • Keep your employees engaged and help lower audit risk by adding all employees to the portal and giving them permission to access these tools, resources and eNewsline. For more information review September 2019 Newsline article, What Are You Waiting For? Make Sure ALL of Your Employees are Added to the PAAS Portal!
  • Contact PAAS at (608) 873-1342, if you would like a tour of your PAAS Member Portal, so you can reap all the benefits of your PAAS Audit Assistance. We appreciate you being a member.

Is It Time to Purge? Understanding Record Retention Requirements

The majority of prescriptions filled by pharmacies are based off of an electronically-sent prescription, or “e-script” – 94% according to a 2021 Surescripts National Progress Report to be exact. However, physical hardcopies may still exist in the form of telephone orders, transfers, faxes and written hardcopies. In an effort to free up physical space, amongst other reasons, a common question PAAS National® analysts receive is in regard to how long pharmacies are obligated to retain physical hardcopies of prescriptions, in addition to other physical records. In essence, “PAAS, can I get rid of this yet?”.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.

  • Access Services
    • Audit Documentation Submission Guidance
    • An online form to submit safe filling and billing questions
    • Your PAAS Membership Manual
  • Newsline
    • Monthly newsletter articles, written by our expert PAAS analyst team, provide safe filling and billing tips and relays relevant/current PBM trends to be help prevent audits
    • Search the Newsline Archive to get PAAS tips at the click of a button
    • Special Edition Newslines including: Top 10 articles of the prior year, DMEPOS Article Series and a Self-Audit Article Series
    • Ability to print monthly issues or individual articles
  • Proactive Tips
    • Audit flags – list of various claim attributes the PBMs use to select claims for audit
    • Billing insulin vials – flowchart to assist whether you should bill Medicare Part B vs Part D
    • DAW Codes Explained – use to understand when to effectively use DAW codes, their definitions and why claims may be flagged for audit if a DAW code is used incorrectly
    • Basic DMEPOS documentation guidance
    • Onsite Credentialing Checklist and expanded definitions of policies and procedures
    • Proof of refill request and affirmative response form for DMEPOS items
    • Steps on how to prepare for an onsite audit
    • And more!
  • Days’ Supply Charts
    • Utilize the days’ supply charts for inhalers, insulins, nasal sprays, eye drops and topicals to aid you in calculating the correct days’ supply
    • Guidance on overbilled quantities and incorrect days’ supply account for a sizable portion of audit chargebacks
    • Additional miscellaneous charts, which include: Dispense in Original Container and Return to Stock
  • Forms
    • Signature Logbook for print
    • Signature Trifold Mailer
    • Fax and Email Coversheet
    • Patient Attestation for over-the-counter COVID-19 test kits
  • On-Demand Webinars
    • Short webinars on hot topics in the PBM industry. Here are a few examples:
      • USP 800 Compliance
      • Cultural Competency Training
      • Dispensing Prescriptions Off-Label
      • Biologic Medications and Interchangeability
      • Continuous Glucose Monitor Requirements for Medicare Part B

PAAS Tips:

  • MORE AUDITS, MORE INSIGHT – PAAS National® is the industry-leading defender of community pharmacy dealings with Prescription Benefit Programs, including Caremark, Express Scripts, Humana, Medicaid, OptumRx, Prime Therapeutics., and more. PAAS assists on all third-party audits, including: desktop audits, onsite audits, invoice audits, OIG/Medicaid audits, Medicare B audits. The PAAS team is dedicated to helping you! We have five pharmacists and a complement of technician analysts with over 50 years of dedicated audit assistance experience. PAAS continuously updates their database with every audit received — in fact, we even keep a scorecard on individual auditors.
  • Get answers to your questions on days’ supply calculations, drug substitutions, billing practices, required documentation, prior authorization requirements, record retention, and internal audit procedures – just to name a few. As a trusted partner, we will provide tailored guidance to help you proactively prevent audits. Remember, the prescription claims you submit today are the audits of the future.
  • Keep your employees engaged and help lower audit risk by adding all employees to the portal and giving them permission to access these tools, resources and eNewsline. For more information review September 2019 Newsline article, What Are You Waiting For? Make Sure ALL of Your Employees are Added to the PAAS Portal!
  • Contact PAAS at (608) 873-1342, if you would like a tour of your PAAS Member Portal, so you can reap all the benefits of your PAAS Audit Assistance. We appreciate you being a member.

Scare Away the Unwanted: Four Facility Access Controls You Need!

Safeguarding the pharmacy’s Protected Health Information (PHI) is critical. Cyberattacks receive a lot media attention and a brief discussion of the threat to community pharmacies can be found in the June 2024 Newsline article, Independent Pharmacies are NOT Safe from Cyberattacks. The HIPAA Privacy and Security Rules require pharmacies to take a multi-faceted approach to securing the pharmacy’s PHI. With the release of the August 2024 Office for Civil Rights (OCR) Cybersecurity Newsletter (which focuses on the HIPAA Security Rule Facility Access Controls) now is a great time to review information about this safeguard.

The fundamental requirement of Facility Access Controls [as per 45 CFR 164.310(a)(1)] is to “[i]mplement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.” Under the Facility Access Controls, there are four addressable implementation specifications to which a covered entity and/or business associate must assess whether it would be reasonable and appropriate for them to adopt an implementation specification as an appropriate safeguard for their environment. If it is appropriate, they would implement it and if it is not reasonable or appropriate, they would document why and implement an equivalent alternative measure if reasonable and appropriate. Below is a table which outlines the four addressable implementation specifications for Facility Access Controls, what they are, and suggestions for pharmacies.

Implementation SpecificationExplanation1Practical Application for Pharmacy
Contingency operationsEstablish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency.A plan to respond to emergencies such as natural disasters (e.g., floods, earthquakes, tornados, hurricanes, fires) and malicious attacks like hacking or malware, and human error (e.g., accidently disabling critical systems or deleting data)   Includes plans such as which workforce members will be allowed access during Emergency Mode Operation, how to prevent ePHI from being compromised during an emergency or disaster and plans to maintain and access ePHI during restoration activities.
Facility security planImplement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.Possible elements to integrate into this area would be security alarms to detect and deter unauthorized access, pharmacy barriers such as doors/gates/walls to block physical access without proper keys, video recording surveillance system, hardware which contains ePHI is secured or locked to its location within the pharmacy to prevent removal and portal hardware and media is kept secured or locked when not in use or under direct control.
Access control and validation proceduresImplement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.Utilize a sign-in log for vendors, maintenance workers, etc. and ensure the individual(s) remains under direct supervision while in your professional service and access is only granted after a Business Associate Agreement is signed.   Require all non-employee visitors (e.g., volunteers, students, etc.) to successfully complete HIPAA training prior to access to pharmacy professional services areas.
Maintenance recordsImplement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security (for example, hardware, walls, doors, and locks).Maintain a record of all repairs and modifications to the physical components of the pharmacy related to security such as walls, doors, locks and hardware. For each repair/modification, record (at a minimum) the date and time, description, reason, name of the person(s) responsible for the work, and the individual responsible for overseeing the work.

145 CFR 164.310

PAAS Tips:

  • Failure to implement Facility Access Controls can increase a pharmacies vulnerability to data breaches and theft
  • Documentation related to HIPAA must be maintained for a minimum of 6 years from the date of its creation or the date when it was last in effect, whichever is later
  • A PAAS Fraud, Waste and Abuse and HIPAA Compliance Program membership addresses all of the implementation specifications for Facility Access Controls listed above within a customized Policy and Procedure Manual. Staff will also have access to Cybersecurity Training and much, much more!

Unveiling a Health Care Fraud and Illegal Black-Market Conspiracy

The Department of Justice recently announced the sentencing for a California (CA) pharmacy owner and their co-conspirator for submitting fraudulent claims to Medicare and CA Medicaid for prescription drugs that were never dispensed to beneficiaries.

Investigators from the Federal Bureau of Investigation, the Office of Inspector General and the CA Department of Justice uncovered the fraudulent scheme, in addition to discovering the conspirators were selling drugs on the black market over an eight-month period.

The pharmacy owner was sentenced to two years and three months in prison and their co-conspirator one year and eleven months. The jury convicted both the pharmacy owner and their co-conspirator of one count of conspiracy to commit health care fraud and one count of conspiracy to engage in the unlicensed wholesale distribution of prescription drugs. The co-conspirator was also convicted of an additional three counts of health care fraud.

The pharmacy owners’ co-conspirators created the fraudulent prescriptions based on the owner’s recommended combinations of expensive prescription medications, including HIV drugs. The pharmacy owner would check eligibility of patients for reimbursement, bill the claims to Medicare and Medicaid, but never dispensed them to the patients. Instead, these medications were provided to a co-conspirator (who was not a medical professional) to be sold on the illegal market.

Ensure your pharmacy has a robust Fraud, Waste and Abuse Compliance Program in place for employees to understand the repercussions of violating laws and regulations such as the False Claims Act. Contact PAAS National®® for more information on PAAS’ FWA/HIPAA Compliance Program.

What FWA and HIPAA Compliance Elements are Necessary for Interns, Job Shadows, Floating Staff, Cashiers and Delivery Drivers?

Safeguarding the pharmacy’s Protected Health Information (PHI) is a MUST for all staff expected to come in contact with this sensitive information. Requiring HIPAA training prior to interns, job shadows, or floating pharmacy staff stepping foot behind your pharmacy counter is one way to ensure they have a good grasp on appropriate safeguards and the negative repercussions (including civil monetary penalties and criminal consequences) of disclosing PHI. HIPAA compliance training is also required for any staff that may come into contact with PHI, which typically includes cashiers and delivery drivers. Additionally, if an employee has access behind the pharmacy counter, they need to be HIPAA trained.

Since interns, float staff, cashiers and delivery drivers are involved in daily pharmacy operations such as billing, filling, counseling, dispensing, delivery of services and/or other professional services, they must also complete Fraud, Waste and Abuse (FWA) training. They are in the pharmacy and have the potential to oversee (or even instigate) wasteful practices, diversion, or other fraudulent activities and FWA training must be completed.

Pharmacy staff who are contracted to deliver medications for your pharmacy, work on a temporary basis or simply float through your store are also subject to FWA and HIPAA training requirements. Whether these employees are hired directly by your pharmacy (or paid through a 1099), or they are contracted through a third-party staffing company, the burden is on the pharmacy owners/operators to ensure all members of their staff have received appropriate training.

Another safety measure for pharmacies is to perform exclusion checks against both the Office of Inspector General (OIG) and General Services Administration (GSA) lists prior to “hire” and monthly thereafter. This should be done for all staff involved in the billing, processing, handling, or delivery of prescriptions, including interns. Additionally, be sure all applicable local exclusion lists are appropriately checked and documented proof is readily retrievable (e.g., New York State Medicaid Exclusion list), in accordance with state laws. Floating and contracted staff must also be checked. Not only is hiring an excluded individual a direct violation of Medicare Part D contracts, but items or services involving an excluded individual in any way cannot receive reimbursement from Medicare or Medicaid. The pharmacy would also be required to pay up to $10,000 for each claim that the excluded individual was involved in as well as up to three times the damages incurred from these claims.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.

  • Access Services
    • Audit Documentation Submission Guidance
    • An online form to submit safe filling and billing questions
    • Your PAAS Membership Manual
  • Newsline
    • Monthly newsletter articles, written by our expert PAAS analyst team, provide safe filling and billing tips and relays relevant/current PBM trends to be help prevent audits
    • Search the Newsline Archive to get PAAS tips at the click of a button
    • Special Edition Newslines including: Top 10 articles of the prior year, DMEPOS Article Series and a Self-Audit Article Series
    • Ability to print monthly issues or individual articles
  • Proactive Tips
    • Audit flags – list of various claim attributes the PBMs use to select claims for audit
    • Billing insulin vials – flowchart to assist whether you should bill Medicare Part B vs Part D
    • DAW Codes Explained – use to understand when to effectively use DAW codes, their definitions and why claims may be flagged for audit if a DAW code is used incorrectly
    • Basic DMEPOS documentation guidance
    • Onsite Credentialing Checklist and expanded definitions of policies and procedures
    • Proof of refill request and affirmative response form for DMEPOS items
    • Steps on how to prepare for an onsite audit
    • And more!
  • Days’ Supply Charts
    • Utilize the days’ supply charts for inhalers, insulins, nasal sprays, eye drops and topicals to aid you in calculating the correct days’ supply
    • Guidance on overbilled quantities and incorrect days’ supply account for a sizable portion of audit chargebacks
    • Additional miscellaneous charts, which include: Dispense in Original Container and Return to Stock
  • Forms
    • Signature Logbook for print
    • Signature Trifold Mailer
    • Fax and Email Coversheet
    • Patient Attestation for over-the-counter COVID-19 test kits
  • On-Demand Webinars
    • Short webinars on hot topics in the PBM industry. Here are a few examples:
      • USP 800 Compliance
      • Cultural Competency Training
      • Dispensing Prescriptions Off-Label
      • Biologic Medications and Interchangeability
      • Continuous Glucose Monitor Requirements for Medicare Part B

PAAS Tips:

  • MORE AUDITS, MORE INSIGHT – PAAS National® is the industry-leading defender of community pharmacy dealings with Prescription Benefit Programs, including Caremark, Express Scripts, Humana, Medicaid, OptumRx, Prime Therapeutics., and more. PAAS assists on all third-party audits, including: desktop audits, onsite audits, invoice audits, OIG/Medicaid audits, Medicare B audits. The PAAS team is dedicated to helping you! We have five pharmacists and a complement of technician analysts with over 50 years of dedicated audit assistance experience. PAAS continuously updates their database with every audit received — in fact, we even keep a scorecard on individual auditors.
  • Get answers to your questions on days’ supply calculations, drug substitutions, billing practices, required documentation, prior authorization requirements, record retention, and internal audit procedures – just to name a few. As a trusted partner, we will provide tailored guidance to help you proactively prevent audits. Remember, the prescription claims you submit today are the audits of the future.
  • Keep your employees engaged and help lower audit risk by adding all employees to the portal and giving them permission to access these tools, resources and eNewsline. For more information review September 2019 Newsline article, What Are You Waiting For? Make Sure ALL of Your Employees are Added to the PAAS Portal!
  • Contact PAAS at (608) 873-1342, if you would like a tour of your PAAS Member Portal, so you can reap all the benefits of your PAAS Audit Assistance. We appreciate you being a member.

The Double Threat: Ransomware Attack Followed by HIPAA Non-Compliance Settlement

Imagine getting a papercut then moments later, cleansing your hands with alcohol hand sanitizer—you can almost feel the instantaneous sting the alcohol causes in the fresh wound. Not only are you subjected to the initial affliction, but also the second round of pain from the alcohol in the wound. Now, imagine a deeper “cut” directed this time at your pharmacy. The initial barrage is a malicious ransomware attack to capture your pharmacy’s electronic protected health information (ePHI), and the secondary “sting” comes when the Office for Civil Rights (OCR) investigates the pharmacy’s policies and procedures. The pharmacy then forks over a hefty monetary settlement for HIPAA Rule non-compliance. Ouch!

A health system servicing patients in Pennsylvania, Ohio and West Virginia found themselves in this exact scenario. According to the published OCR Resolution Agreement and Corrective Action Plan, the OCR initiated a compliance review of Heritage Valley Health System (HVHS) after media reports that HVHS experienced a data security incident. The following HIPAA Security Rule non-compliance issues were identified:

  • Failure to “conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity and availability of all of its ePHI”
  • Failure to “establish and implement policies and procedures for responding to an emergency or other occurrence, such as a fire, vandalism, system failure, and natural disaster, that damages systems that contain ePHI”
  • Failure to “implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs that have been granted access rights”

HVHS settled with OCR for a whopping $950,000, agreed to three years of OCR monitoring, and were required to take steps to resolve potential violations of the HIPAA Security Rule.

In addition to detailing the settlement with HVHS, OCR’s July 1, 2024 press release stated there has been a 264% increase in large breaches reported to OCR involving ransomware attack since 2018. This alarming statistic reflects the harsh reality that pharmacies, and their ePHI, are targets for criminals. Pharmacies are directly in the crosshairs of malicious actors and pharmacy owners [and employees] must take steps to safeguard their data. Not only is it the law, but it is your data, reputation, time and money on the line!

PAAS Tips:

  • Develop and implement policies and procedures to safeguard ePHI
    • For 15 years, PAAS FWA/HIPAA compliance program has been helping community pharmacies be compliant. Had HVHS implemented PAAS’ program, they would have not had the resulting non-compliance issues and resulting fines.
  • Ensure all staff handling ePHI receive training on a regular basis to understand their role in protecting ePHI and the implications of non-compliance, as well as intentional misuse (i.e., breach, fines, exclusion from Medicare/Medicaid, imprisonment, etc.)
  • At least once a year, the Security Officer should perform a thorough assessment of the potential threats, vulnerabilities and the associated risks to the confidentiality, integrity and availability of ePHI
  • PAAS’ FWA/HIPAA Compliance Program members can update their HIPAA Risk Analysis, complete HIPAA training and Cybersecurity training on the PAAS Portal

2024 National Health Care Fraud Takedown

On June 27th the U.S. Department of Justice (DOJ) issued a press release outlining a National Health Care Fraud Enforcement Action that resulted in 193 defendants charged, including doctors, nurses and pharmacists, and over $2.75 billion in false claims. This year marked the highest numbers since 2020 and included coordinated efforts by the DOJ, US attorneys’ offices, HHS Office of Inspector General, FBI, and the DEA.

Takedowns related to prescription drugs included:

  • Illegitimate distribution of Adderall® and other controlled substance stimulants via telemedicine
  • Distribution of diverted HIV medications through gray market wholesalers
  • Medically unnecessary prescriptions for compounds and foot baths
  • Submission of claims to federal payors for drugs that were not purchased or dispensed
  • Providing kickbacks to patients to fill medically unnecessary prescriptions
  • Bribing physicians with cash and entertainment to refer prescriptions

For 15 years, PAAS National®’s FWA/HIPAA compliance program has helped educate community pharmacies on federal regulations. Coupled with audit assistance and the Newsline, PAAS serves as a guiding light, steering pharmacies away from trouble and towards compliance. The FWA program not only meets CMS’ definition (and PBM requirements) of an effective compliance program, but also helps with written Policies and Procedure for credentialing.

PAAS Tips:

For more insight into these compliance issues, PAAS Audit Assistance members can consider reading the following articles (many more articles available on our eNewsline):

2024 Self-Audit Series #6: Return to Stock

PAAS National® analysts continue to see pharmacies face recoupment on audits due to return to stock violations. Pharmacies argue the patient received the medication, so how can the claim be recouped? Unfortunately, each PBM contract has a specific number of days, within which, the pharmacy must dispense the medication. Dispensing outside this time frame will likely result in full recoupment of the claim if discovered upon audit.

PBM return to stock windows range from 10 – 30 calendar days. With no industry standard interval, PAAS recommends …

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.

  • Access Services
    • Audit Documentation Submission Guidance
    • An online form to submit safe filling and billing questions
    • Your PAAS Membership Manual
  • Newsline
    • Monthly newsletter articles, written by our expert PAAS analyst team, provide safe filling and billing tips and relays relevant/current PBM trends to be help prevent audits
    • Search the Newsline Archive to get PAAS tips at the click of a button
    • Special Edition Newslines including: Top 10 articles of the prior year, DMEPOS Article Series and a Self-Audit Article Series
    • Ability to print monthly issues or individual articles
  • Proactive Tips
    • Audit flags – list of various claim attributes the PBMs use to select claims for audit
    • Billing insulin vials – flowchart to assist whether you should bill Medicare Part B vs Part D
    • DAW Codes Explained – use to understand when to effectively use DAW codes, their definitions and why claims may be flagged for audit if a DAW code is used incorrectly
    • Basic DMEPOS documentation guidance
    • Onsite Credentialing Checklist and expanded definitions of policies and procedures
    • Proof of refill request and affirmative response form for DMEPOS items
    • Steps on how to prepare for an onsite audit
    • And more!
  • Days’ Supply Charts
    • Utilize the days’ supply charts for inhalers, insulins, nasal sprays, eye drops and topicals to aid you in calculating the correct days’ supply
    • Guidance on overbilled quantities and incorrect days’ supply account for a sizable portion of audit chargebacks
    • Additional miscellaneous charts, which include: Dispense in Original Container and Return to Stock
  • Forms
    • Signature Logbook for print
    • Signature Trifold Mailer
    • Fax and Email Coversheet
    • Patient Attestation for over-the-counter COVID-19 test kits
  • On-Demand Webinars
    • Short webinars on hot topics in the PBM industry. Here are a few examples:
      • USP 800 Compliance
      • Cultural Competency Training
      • Dispensing Prescriptions Off-Label
      • Biologic Medications and Interchangeability
      • Continuous Glucose Monitor Requirements for Medicare Part B

PAAS Tips:

  • MORE AUDITS, MORE INSIGHT – PAAS National® is the industry-leading defender of community pharmacy dealings with Prescription Benefit Programs, including Caremark, Express Scripts, Humana, Medicaid, OptumRx, Prime Therapeutics., and more. PAAS assists on all third-party audits, including: desktop audits, onsite audits, invoice audits, OIG/Medicaid audits, Medicare B audits. The PAAS team is dedicated to helping you! We have five pharmacists and a complement of technician analysts with over 50 years of dedicated audit assistance experience. PAAS continuously updates their database with every audit received — in fact, we even keep a scorecard on individual auditors.
  • Get answers to your questions on days’ supply calculations, drug substitutions, billing practices, required documentation, prior authorization requirements, record retention, and internal audit procedures – just to name a few. As a trusted partner, we will provide tailored guidance to help you proactively prevent audits. Remember, the prescription claims you submit today are the audits of the future.
  • Keep your employees engaged and help lower audit risk by adding all employees to the portal and giving them permission to access these tools, resources and eNewsline. For more information review September 2019 Newsline article, What Are You Waiting For? Make Sure ALL of Your Employees are Added to the PAAS Portal!
  • Contact PAAS at (608) 873-1342, if you would like a tour of your PAAS Member Portal, so you can reap all the benefits of your PAAS Audit Assistance. We appreciate you being a member.

Don’t have written compliance policy and procedures? Consider joining the PAAS National® FWA/HIPAA Compliance Program today! info@paasnational.com or (608) 873-1342.

How to Safeguard Your Pharmacy from Fraudulent Electronic Prescriptions

PAAS National® has recently assisted pharmacies who received fraudulent electronic prescriptions from prescribers that had their electronic prescribing credentials hacked or stolen. There was a recent widespread e-prescription fraud reported earlier this year where criminals issued over 18,000 prescriptions to pharmacies in 18 states in just a 5-hour span.

Fraudulent prescriptions that are billed to the patient’s insurance are subject to full recoupment when audited by the PBM. Unfortunately, pharmacies will need to cooperate with the PBM audit process and prove that they were not willing participants by explaining their process of “due diligence” to authenticate the prescriptions. To offset the financial losses from PBM recoupment, pharmacies will need to lean on their business insurance or separately pursue legal action against the perpetrators.

Of course, it would be much better to avoid dispensing (and billing) these fraudulent prescriptions from the start. Although electronic prescriptions are generally safer than written or telephone prescriptions, they are still vulnerable to exploitation by criminals targeting unsuspecting pharmacies.

Here are some techniques to spot fraudulent electronic prescriptions at your pharmacy:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.

  • Access Services
    • Audit Documentation Submission Guidance
    • An online form to submit safe filling and billing questions
    • Your PAAS Membership Manual
  • Newsline
    • Monthly newsletter articles, written by our expert PAAS analyst team, provide safe filling and billing tips and relays relevant/current PBM trends to be help prevent audits
    • Search the Newsline Archive to get PAAS tips at the click of a button
    • Special Edition Newslines including: Top 10 articles of the prior year, DMEPOS Article Series and a Self-Audit Article Series
    • Ability to print monthly issues or individual articles
  • Proactive Tips
    • Audit flags – list of various claim attributes the PBMs use to select claims for audit
    • Billing insulin vials – flowchart to assist whether you should bill Medicare Part B vs Part D
    • DAW Codes Explained – use to understand when to effectively use DAW codes, their definitions and why claims may be flagged for audit if a DAW code is used incorrectly
    • Basic DMEPOS documentation guidance
    • Onsite Credentialing Checklist and expanded definitions of policies and procedures
    • Proof of refill request and affirmative response form for DMEPOS items
    • Steps on how to prepare for an onsite audit
    • And more!
  • Days’ Supply Charts
    • Utilize the days’ supply charts for inhalers, insulins, nasal sprays, eye drops and topicals to aid you in calculating the correct days’ supply
    • Guidance on overbilled quantities and incorrect days’ supply account for a sizable portion of audit chargebacks
    • Additional miscellaneous charts, which include: Dispense in Original Container and Return to Stock
  • Forms
    • Signature Logbook for print
    • Signature Trifold Mailer
    • Fax and Email Coversheet
    • Patient Attestation for over-the-counter COVID-19 test kits
  • On-Demand Webinars
    • Short webinars on hot topics in the PBM industry. Here are a few examples:
      • USP 800 Compliance
      • Cultural Competency Training
      • Dispensing Prescriptions Off-Label
      • Biologic Medications and Interchangeability
      • Continuous Glucose Monitor Requirements for Medicare Part B

PAAS Tips:

  • MORE AUDITS, MORE INSIGHT – PAAS National® is the industry-leading defender of community pharmacy dealings with Prescription Benefit Programs, including Caremark, Express Scripts, Humana, Medicaid, OptumRx, Prime Therapeutics., and more. PAAS assists on all third-party audits, including: desktop audits, onsite audits, invoice audits, OIG/Medicaid audits, Medicare B audits. The PAAS team is dedicated to helping you! We have five pharmacists and a complement of technician analysts with over 50 years of dedicated audit assistance experience. PAAS continuously updates their database with every audit received — in fact, we even keep a scorecard on individual auditors.
  • Get answers to your questions on days’ supply calculations, drug substitutions, billing practices, required documentation, prior authorization requirements, record retention, and internal audit procedures – just to name a few. As a trusted partner, we will provide tailored guidance to help you proactively prevent audits. Remember, the prescription claims you submit today are the audits of the future.
  • Keep your employees engaged and help lower audit risk by adding all employees to the portal and giving them permission to access these tools, resources and eNewsline. For more information review September 2019 Newsline article, What Are You Waiting For? Make Sure ALL of Your Employees are Added to the PAAS Portal!
  • Contact PAAS at (608) 873-1342, if you would like a tour of your PAAS Member Portal, so you can reap all the benefits of your PAAS Audit Assistance. We appreciate you being a member.