LIVE Webinar: Cybersecurity Considerations for Pharmacies

In a world where threats lurk around every digital corner, safeguarding sensitive information has never been more crucial. Recent events, such as the Change Healthcare cyberattack, serve as stark reminders of the pressing need for robust cybersecurity measures. In pharmacies, where compliance with regulations like HIPAA are of great importance, the stakes are higher than ever.

Join President of PAAS National®, Trent Thiede, on Wednesday, May 8, 2024 from 2:00-2:45 pm CT as he discusses:

  • The importance of cybersecurity in pharmacy
  • The top threats facing healthcare cybersecurity
  • Components, and importance, of a HIPAA Security Risk Analysis
REGISTER TODAY!

We will allow for some Q&A at the end of the webinar. If you would like to submit questions prior to the webinar, please click here.

PAAS Audit Assistance and FWA/HIPAA Compliance Program members will have access to the webinar recording following the LIVE event. 

Required: Proof of Patient Copay Collection

All PBM agreements contain language requiring pharmacies to collect copays and be able to prove those copays were collected if audited. Copays are used by insurers to help patients understand the cost of their medications and encourage less expensive alternatives. Pharmacies who reduce or waive copays adjudicated by the PBM risk full recoupment of those claims if audited, and possible contract termination.

How do you prove a copay was collected?

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.

  • Access Services
    • Audit Documentation Submission Guidance
    • An online form to submit safe filling and billing questions
    • Your PAAS Membership Manual
  • Newsline
    • Monthly newsletter articles, written by our expert PAAS analyst team, provide safe filling and billing tips and relays relevant/current PBM trends to be help prevent audits
    • Search the Newsline Archive to get PAAS tips at the click of a button
    • Special Edition Newslines including: Top 10 articles of the prior year, DMEPOS Article Series and a Self-Audit Article Series
    • Ability to print monthly issues or individual articles
  • Proactive Tips
    • Audit flags – list of various claim attributes the PBMs use to select claims for audit
    • Billing insulin vials – flowchart to assist whether you should bill Medicare Part B vs Part D
    • DAW Codes Explained – use to understand when to effectively use DAW codes, their definitions and why claims may be flagged for audit if a DAW code is used incorrectly
    • Basic DMEPOS documentation guidance
    • Onsite Credentialing Checklist and expanded definitions of policies and procedures
    • Proof of refill request and affirmative response form for DMEPOS items
    • Steps on how to prepare for an onsite audit
    • And more!
  • Days’ Supply Charts
    • Utilize the days’ supply charts for inhalers, insulins, nasal sprays, eye drops and topicals to aid you in calculating the correct days’ supply
    • Guidance on overbilled quantities and incorrect days’ supply account for a sizable portion of audit chargebacks
    • Additional miscellaneous charts, which include: Dispense in Original Container and Return to Stock
  • Forms
    • Signature Logbook for print
    • Signature Trifold Mailer
    • Fax and Email Coversheet
    • Patient Attestation for over-the-counter COVID-19 test kits
  • On-Demand Webinars
    • Short webinars on hot topics in the PBM industry. Here are a few examples:
      • USP 800 Compliance
      • Cultural Competency Training
      • Dispensing Prescriptions Off-Label
      • Biologic Medications and Interchangeability
      • Continuous Glucose Monitor Requirements for Medicare Part B

PAAS Tips:

  • MORE AUDITS, MORE INSIGHT – PAAS National® is the industry-leading defender of community pharmacy dealings with Prescription Benefit Programs, including Caremark, Express Scripts, Humana, Medicaid, OptumRx, Prime Therapeutics., and more. PAAS assists on all third-party audits, including: desktop audits, onsite audits, invoice audits, OIG/Medicaid audits, Medicare B audits. The PAAS team is dedicated to helping you! We have five pharmacists and a complement of technician analysts with over 50 years of dedicated audit assistance experience. PAAS continuously updates their database with every audit received — in fact, we even keep a scorecard on individual auditors.
  • Get answers to your questions on days’ supply calculations, drug substitutions, billing practices, required documentation, prior authorization requirements, record retention, and internal audit procedures – just to name a few. As a trusted partner, we will provide tailored guidance to help you proactively prevent audits. Remember, the prescription claims you submit today are the audits of the future.
  • Keep your employees engaged and help lower audit risk by adding all employees to the portal and giving them permission to access these tools, resources and eNewsline. For more information review September 2019 Newsline article, What Are You Waiting For? Make Sure ALL of Your Employees are Added to the PAAS Portal!
  • Contact PAAS at (608) 873-1342, if you would like a tour of your PAAS Member Portal, so you can reap all the benefits of your PAAS Audit Assistance. We appreciate you being a member.

High AWP Omeprazole leads to $2.3M Medicaid Fraud Case

An Ohio pharmacist and owner of four pharmacies, along with a technician, have been found guilty by a federal jury for Medicaid fraud to the tune of $2.3M dollars. The recent announcement by the Department of Justice states each were convicted on one count of conspiracy to commit health care fraud and two counts of defrauding Medicaid. Each guilty count carries a maximum of 10 years in prison – they are currently awaiting sentencing.

Investigators discovered the pharmacist and technician conspired a plan to bill Medicaid for the highest reimbursed NDC for omeprazole but dispense over-the-counter product. The discovery was made when inventory purchases for the NDC billed fell short of the number of units billed to Medicaid. Upon further investigation, it was found the product dispensed for these claims was purchased over-the-counter at a big box store. The pharmacy also billed Medicaid for omeprazole when no prescriptions existed. The submission of these claims was cited as false and fraudulent, leading to the charges and conviction.

Ensure your pharmacy has internal controls in place to avoid potential invoice shortage issues (e.g., NDC scanners at the filling station). Pharmacy staff must be trained to understand the importance of billing, filling, and purchasing the correct NDCs.

More than just training, PAAS’ FWA/HIPAA compliance program can help pharmacies prevent and detect potential FWA in the workplace.

Employer Pays $4.75 Million after Employee Stole, then Sold, Protected Health Information

While HIPAA training may feel tedious and appear to be a waste of time and payroll, it’s crucial not to take shortcuts when it comes to compliance!

First, HIPAA Privacy and Security Rules were created to protect sensitive patient information and improve the quality of care patients receive. Patients should feel comfortable sharing their most private health information with healthcare providers during their examinations and treatments. If patients fear their information will not remain confidential, they are less likely to be transparent, potentially impacting the care they receive.

Second, as a Covered Entity under HIPAA, the pharmacy is responsibility to ensure staff are adequately trained and appropriate safeguards are in place to secure protected health information (PHI). Look no further than the February 6, 2024 press release from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) to see how expensive brushing off your obligations to the HIPAA Security Rule can be. According to the release, Montefiore Medical Center settled with OCR for a jaw dropping sum of $4.75 million dollars for several potential violations of the HIPAA Security Rule. As outlined in the release, an employee stole the electronic PHI of 12,517 patients and sold that information to an identity theft ring. The police notified Montefiore Medical Center of the situation after they had “evidence of theft of a specific patient’s medical information”. Only after the police notified Montefiore, two years after the employee stole the data, did the Medical Center perform an internal investigation and find the breach.

During the OCR’s investigation, they found “multiple potential violations of the HIPAA Security Rule, including failures by Montefiore Medical Center to analyze and identify potential risks and vulnerabilities to protected health information, to monitor and safeguard its heath information systems’ activity, and to implement policies and procedures that record and examine activity in information systems containing or using protected health information. Without these safeguards in place, Montefiore Medical Center was unable to prevent the cyberattack or even detect the attack had happened until years later.”

Lastly, learn from Montefiore Medical Center mistakes and follow these PAAS Tips:

  • Prioritize having a comprehensive HIPAA training program
    • In place for all employees involved in the handling of PHI
    • Ensures HIPAA Rules are equally enforced across all levels of staff
    • Employees understand the importance of taking their training seriously.
    • HIPAA training should include information about civil, monetary, and criminal penalties for violations of the HIPAA Rules to reinforce the importance of compliance.
  • Review and update, no less then annually, your HIPAA Risk Analysis to ensure you have the proper safeguards in place. This is a required HIPAA form and must be retained for six years.
  • Ensure there are adequate safeguards in place to prevent and detect malicious behavior; for more information review the following Newsline articles:

If you are not sure where to start, contact PAAS National®® (608) 873-1342 for more information on PAAS’ FWA/HIPAA Compliance Program that is easy to set-up, web based and customized for your pharmacy.

Tip to Federal Agents Leads to Jail Time for Pharmacy Owner

The Department of Justice announced a Nebraska pharmacist, and owner of two pharmacies, was sentenced to two months of imprisonment, three years of supervised release, and ordered to pay restitution in the amount of $573,000.

The pharmacist was found guilty of making a false, fictitious, and fraudulent statement related to health care services. The investigation began in 2020 based on a tip to Federal Agents, and included pharmacy staff interviews, patient interviews and an inventory audit. The inventory audit reconciled claims billed to both Medicare and Medicaid with invoice purchases made by the pharmacy.

Upon completion of the investigation, the inventory audit identified significant shortages. Investigators discovered the pharmacist was billing for brand name drugs but ordering and dispensing the generics. Additionally, the pharmacist in question was submitting claims that were never dispensed to the patient.

PAAS Tips:

 Contact PAAS National®®  today and start your robust Fraud, Waste and Abuse and HIPAA Compliance Program, ensuring your pharmacy employees are informed and trained against fraudulent activities.

Law Enforcement Access to Protected Health Information – What’s Your Policy?

Understanding and adhering to the HIPAA Privacy Rule is required for covered entities who handle protected health information (PHI), but because the Privacy Rule was designed to be flexible, implementation of policies and procedures to meet the Privacy Rules can vary from covered entity to covered entity. Look no further than the December 12, 2023 letter from the United States Senate Committee on Finance (herein, “The Committee”) for evidence of this variation and how it can seriously impact the privacy of sensitive patient data.

In the December letter drafted to Xavier Becerra, Secretary of the U.S. Department of Health & Human Services, The Committee outlined the results of their oversight inquiry into the seven largest pharmacy chains (CVS Health, Walgreens Boots Alliance, Cigna, Optum Rx, Walmart Stores, Inc., The Kroger Company, and Rite Aid Corporation), and Amazon Pharmacy. The inquiry focused on obtaining briefings from the major pharmacy chains about their policies and procedures for releasing PHI to law enforcement agencies. Below is a general overview of the findings:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.

  • Access Services
    • Audit Documentation Submission Guidance
    • An online form to submit safe filling and billing questions
    • Your PAAS Membership Manual
  • Newsline
    • Monthly newsletter articles, written by our expert PAAS analyst team, provide safe filling and billing tips and relays relevant/current PBM trends to be help prevent audits
    • Search the Newsline Archive to get PAAS tips at the click of a button
    • Special Edition Newslines including: Top 10 articles of the prior year, DMEPOS Article Series and a Self-Audit Article Series
    • Ability to print monthly issues or individual articles
  • Proactive Tips
    • Audit flags – list of various claim attributes the PBMs use to select claims for audit
    • Billing insulin vials – flowchart to assist whether you should bill Medicare Part B vs Part D
    • DAW Codes Explained – use to understand when to effectively use DAW codes, their definitions and why claims may be flagged for audit if a DAW code is used incorrectly
    • Basic DMEPOS documentation guidance
    • Onsite Credentialing Checklist and expanded definitions of policies and procedures
    • Proof of refill request and affirmative response form for DMEPOS items
    • Steps on how to prepare for an onsite audit
    • And more!
  • Days’ Supply Charts
    • Utilize the days’ supply charts for inhalers, insulins, nasal sprays, eye drops and topicals to aid you in calculating the correct days’ supply
    • Guidance on overbilled quantities and incorrect days’ supply account for a sizable portion of audit chargebacks
    • Additional miscellaneous charts, which include: Dispense in Original Container and Return to Stock
  • Forms
    • Signature Logbook for print
    • Signature Trifold Mailer
    • Fax and Email Coversheet
    • Patient Attestation for over-the-counter COVID-19 test kits
  • On-Demand Webinars
    • Short webinars on hot topics in the PBM industry. Here are a few examples:
      • USP 800 Compliance
      • Cultural Competency Training
      • Dispensing Prescriptions Off-Label
      • Biologic Medications and Interchangeability
      • Continuous Glucose Monitor Requirements for Medicare Part B

PAAS Tips:

  • MORE AUDITS, MORE INSIGHT – PAAS National® is the industry-leading defender of community pharmacy dealings with Prescription Benefit Programs, including Caremark, Express Scripts, Humana, Medicaid, OptumRx, Prime Therapeutics., and more. PAAS assists on all third-party audits, including: desktop audits, onsite audits, invoice audits, OIG/Medicaid audits, Medicare B audits. The PAAS team is dedicated to helping you! We have five pharmacists and a complement of technician analysts with over 50 years of dedicated audit assistance experience. PAAS continuously updates their database with every audit received — in fact, we even keep a scorecard on individual auditors.
  • Get answers to your questions on days’ supply calculations, drug substitutions, billing practices, required documentation, prior authorization requirements, record retention, and internal audit procedures – just to name a few. As a trusted partner, we will provide tailored guidance to help you proactively prevent audits. Remember, the prescription claims you submit today are the audits of the future.
  • Keep your employees engaged and help lower audit risk by adding all employees to the portal and giving them permission to access these tools, resources and eNewsline. For more information review September 2019 Newsline article, What Are You Waiting For? Make Sure ALL of Your Employees are Added to the PAAS Portal!
  • Contact PAAS at (608) 873-1342, if you would like a tour of your PAAS Member Portal, so you can reap all the benefits of your PAAS Audit Assistance. We appreciate you being a member.

2024 Fraud, Waste & Abuse and HIPAA Compliance Program Updates

PAAS National® continuously monitors legislative and regulatory changes that may impact your Fraud, Waste & Abuse and HIPAA Compliance Program. We keep a close eye on enforcement from the Department of Justice, Office of Inspector General, State Attorney Generals, and Office for Civil Rights to help ensure the program meets interpretative standards. Furthermore, PAAS works to keep pace with Pharmacy Benefit Managers as they continue to add credentialing requirements that can be extremely difficult, and a significant nuisance, to independent pharmacies.

The PAAS National® FWA/HIPAA Compliance Program has implemented changes to ensure pharmacies continue to have a robust program in place. PAAS FWA/HIPAA compliance members can login to the member portal to view the 2024 FWAC and HIPAA Updates.

Administrators should review all Compliance tasks (located in the left-hand navigation on the PAAS Member Portal) at least annually to keep the program up-to-date and in compliance. Section 2.6 Updates of Policies and Procedures of your manual contains information on maintaining open lines of communication and the distribution of changes.

If you’re not a member of PAAS’ FWA/HIPAA compliance program, contact us today at (608) 873-1342 or info@paasnational.com to add the program for a discounted rate.

News Article with Protected Health Information Led to an $80,000 HIPAA Settlement

According to a November 2023 press release from the Office for Civil Rights (OCR), Saint Joseph’s Medical Center (“Saint Joseph’s”) of New York state agreed to pay $80,000 and implement a corrective action plan in response to their unauthorized release of Protected Health Information (PHI). The OCR press release states a national publication from the Associated Press regarding Saint Joseph’s response to the COVID-19 pandemic included pictures of the facility and PHI about three patients. Since Saint Joseph’s did not obtain prior written authorization from the patients, or their authorized representatives, to release information about their COVID-19 diagnosis, their current medical status and medical prognosis, vital signs, or treatment plan, Saint Joseph’s was in potential violation of the HIPAA Privacy Rule.

In addition to the $80,000 settlement and corrective action plan, Saint Joseph’s must also develop written policies and procedures to ensure their facility and workforce is compliant with the HIPAA Privacy Rule. They will also be monitored by the OCR for two years to ensure they are compliant with their updated policies and procedures and the HIPAA Privacy Rule.

PAAS Tips:

  • Pharmacies must have customized HIPAA policies and procedures which employees can be trained on
  • Ensure all staff with access to PHI receive training on the appropriate handling of PHI to prevent accidental disclosures
  • Contracted entities with access to the pharmacy’s PHI or electronic PHI also need to have HIPAA training; training details should be addressed in the signed Business Associated Agreement and the entity should provide the pharmacy with proof of training, if requested
  • Training should include information about civil, monetary, and criminal penalties for violations of the HIPAA Privacy Rule to reinforce the importance of following the HIPAA Rules
  • Members enrolled in the PAAS National® Fraud, Waste & Abuse and HIPAA Compliance Program can review Section 10 of their Policy & Procedure Manual for more information on HIPAA privacy and breaches or call us to speak to a PAAS National® analyst about your HIPAA concerns

Unveiling a Multi-Million Dollar Fraud and Kickback Scheme

According to an August 18, 2023 press release from the Department of Justice (DOJ), a pharmacy operations manager and some co-conspirators have pled guilty to committing healthcare fraud and to paying illegal kickbacks for Medicare and Medicaid claims that were never dispensed to patients. The two pharmacies in New Jersey and New York, now closed, operated as “specialty pharmacies” processing expensive medications to treat Hepatitis C, Crohn’s disease, and rheumatoid arthritis.

The pharmacies in question obtained retail contracts with several PBMs, which allowed them to receive payment for the specialty medication claims that were falsely billed. In order to increase the number of prescriptions being filled, bribes were paid to doctors and their staff to steer prescriptions to their pharmacies. Some of the bribes were expensive meals, cash, checks, wire transfers and paying an employee to work inside a doctor’s office. While the pharmacies usually dispensed the initial prescriptions to the patients, they billed for refills of these same medications without ever dispensing them to the patients.

For five years, the pharmacies received tens of millions of dollars for claim reimbursement from Medicare, Medicaid and private insurances that were not only never dispensed, but never even ordered from their wholesaler. The PBMs began to investigate by conducting routine audits for these “specialty pharmacies.” One of the co-conspirators told employees to falsify records by forging shipping documents to make it appear as if the medications were being shipped to the patient when they were not. The conspiracy to commit healthcare fraud has a maximum sentence of ten years in prison and the conspiracy to pay illegal kickbacks has a maximum of five years in prison. Both counts face a $250,000 fine, or twice the gross gain or loss from the offence, whichever is greatest.

Ensure your pharmacy has a robust Fraud, Waste and Abuse Compliance Program in place for employees to understand the repercussions of violating laws and regulations such as the False Claims Act and the Anti-Kickback laws. Contact PAAS National® (608) 873-1342 for more information on PAAS’ FWA/HIPAA Compliance Program that is easy to set-up, web based and customized for your pharmacy.

Best Practices for Financial Hardship Waivers

PAAS National® analysts have noticed an increase in PBM audits focusing on copay collection. These audits requested a copy of the pharmacies’ policies and procedures addressing copay collection and financial hardship.

In general, PBMs require that pharmacies collect copays at the point of sale and retain a “financial paper trail” to prove such collection took place. Pharmacies will be asked to provide check copies (front and back), credit card receipts with authorization numbers and bank deposit slips as evidence of receiving cash from patients. Pharmacies may also be required to provide Accounts Receivable balances and Coordination of Benefits billing information, where applicable.

If patients are unable to pay their copay and the pharmacy waives or discounts the copay due to financial hardship, then you must have a robust written policy explaining the details on how such a policy is operated.

In general, financial hardship policies should include the following:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Did you know there is much more to your audit assistance membership than just help with audits? The PAAS Member Portal contains a wealth of information and resources to assist you with audits and member service questions. Below is a list of 6 pages found on the Audit Assistance section of the PAAS Member Portal to assist you and your pharmacy staff to be proactive when it comes to audits.

  • Access Services
    • Audit Documentation Submission Guidance
    • An online form to submit safe filling and billing questions
    • Your PAAS Membership Manual
  • Newsline
    • Monthly newsletter articles, written by our expert PAAS analyst team, provide safe filling and billing tips and relays relevant/current PBM trends to be help prevent audits
    • Search the Newsline Archive to get PAAS tips at the click of a button
    • Special Edition Newslines including: Top 10 articles of the prior year, DMEPOS Article Series and a Self-Audit Article Series
    • Ability to print monthly issues or individual articles
  • Proactive Tips
    • Audit flags – list of various claim attributes the PBMs use to select claims for audit
    • Billing insulin vials – flowchart to assist whether you should bill Medicare Part B vs Part D
    • DAW Codes Explained – use to understand when to effectively use DAW codes, their definitions and why claims may be flagged for audit if a DAW code is used incorrectly
    • Basic DMEPOS documentation guidance
    • Onsite Credentialing Checklist and expanded definitions of policies and procedures
    • Proof of refill request and affirmative response form for DMEPOS items
    • Steps on how to prepare for an onsite audit
    • And more!
  • Days’ Supply Charts
    • Utilize the days’ supply charts for inhalers, insulins, nasal sprays, eye drops and topicals to aid you in calculating the correct days’ supply
    • Guidance on overbilled quantities and incorrect days’ supply account for a sizable portion of audit chargebacks
    • Additional miscellaneous charts, which include: Dispense in Original Container and Return to Stock
  • Forms
    • Signature Logbook for print
    • Signature Trifold Mailer
    • Fax and Email Coversheet
    • Patient Attestation for over-the-counter COVID-19 test kits
  • On-Demand Webinars
    • Short webinars on hot topics in the PBM industry. Here are a few examples:
      • USP 800 Compliance
      • Cultural Competency Training
      • Dispensing Prescriptions Off-Label
      • Biologic Medications and Interchangeability
      • Continuous Glucose Monitor Requirements for Medicare Part B

PAAS Tips:

  • MORE AUDITS, MORE INSIGHT – PAAS National® is the industry-leading defender of community pharmacy dealings with Prescription Benefit Programs, including Caremark, Express Scripts, Humana, Medicaid, OptumRx, Prime Therapeutics., and more. PAAS assists on all third-party audits, including: desktop audits, onsite audits, invoice audits, OIG/Medicaid audits, Medicare B audits. The PAAS team is dedicated to helping you! We have five pharmacists and a complement of technician analysts with over 50 years of dedicated audit assistance experience. PAAS continuously updates their database with every audit received — in fact, we even keep a scorecard on individual auditors.
  • Get answers to your questions on days’ supply calculations, drug substitutions, billing practices, required documentation, prior authorization requirements, record retention, and internal audit procedures – just to name a few. As a trusted partner, we will provide tailored guidance to help you proactively prevent audits. Remember, the prescription claims you submit today are the audits of the future.
  • Keep your employees engaged and help lower audit risk by adding all employees to the portal and giving them permission to access these tools, resources and eNewsline. For more information review September 2019 Newsline article, What Are You Waiting For? Make Sure ALL of Your Employees are Added to the PAAS Portal!
  • Contact PAAS at (608) 873-1342, if you would like a tour of your PAAS Member Portal, so you can reap all the benefits of your PAAS Audit Assistance. We appreciate you being a member.