Update to PAAS’ Onsite Credentialing Guidelines

PAAS National® has created an Onsite Credentialing Guidelines, an extensive checklist to assist PAAS members with scheduled and/or unexpected visits from PBM auditors. Unannounced visits can catch pharmacy staff off guard when the Pharmacist-in-Charge (PIC) is not present. Be sure you are reviewing and advising your staff on the information included on this checklist so they are prepared.

There was an 11% increase in reported onsite audits over the past two years. PAAS takes pride in staying up to date on ever changing trends in pharmacy. Keeping our members informed on PBM inquiries during the credentialing process, or an onsite visit, is one of our priorities. We recently added the following updates to our Onsite Credentialing Guidelines:

  • Emergency Supply – Federal law requires Medicaid to provide at least a 72-hour supply of a covered drug to Medicaid patients in an emergency situation when prior authorization is pending as per 42 US Code 1396r-8(d)(5)(B). Pharmacists should use their professional judgement regarding whether there is an immediate need. See your state Medicaid agency for details on billing “emergency supply”.
  • Out of Stock Medication – Pharmacies must develop and follow procedures to ensure patients have timely access to prescribed medications. This may include ordering medication for next business day, transferring prescription to another pharmacy or contacting prescriber to obtain a prescription for an alternative therapy.
  • CMS 10147 – As of January 1, 2023, pharmacies must also include a Multi-Language Insert pursuant to CY 2023 Medicare Advantage and Part D Final Rule (CMS-4192-F) published May 9, 2022. There is no requirement for pharmacies to document the distribution of the notice. Auditors may confirm that pharmacies are distributing the current version of the CMS 10147 and multi-language insert to beneficiaries. PAAS Audit Assistance members can see this month’s Newsline article, Multi-Language Insert Must Be Provided to Medicare Beneficiaries as of January 1, 2023.

Interested in having a customized FWA/HIPAA Compliance program? Contact PAAS to get started today! info@paasnational.com or 608-873-1342.

Criminal HIPAA Charges Filed Against Compounding Pharmacy Sales Rep

Criminal HIPAA charges are not handed down frequently, but when an individual “knowingly” and inappropriately obtains and discloses a patient’s protected health information (PHI), they could face up to $50,000 in fines and up to one year in prison, according to 42 U.S.C. § 1320d-6. Additionally, if found guilty of obtaining or disclosing the information with the intent to sell, transfer, or use the PHI for commercial advantage, personal gain, or with malicious intent the penalties can increase up to $250,000 and 10 years in prison.

According to a October 20, 2022 Department of Justice press release, a former compounding pharmacy sales representative located in New Jersey is facing criminal HIPAA charges for obtaining unauthorized access to PHI with the intent to personally profit. The sales rep promoted compounded prescriptions and other medications which were subsequently filled by a Louisiana pharmacy. The sales rep and his co-conspirators knew which plans would reimburse significantly for certain compounded medications and the sales rep then recruited patients with that specific insurance. To do this, the sales rep gained access to a medical clinic where the doctor allowed him to have significant access to patient medical records. Since the sales representative was not an employee of the doctor’s office, he was not authorized to access the information without first obtaining proper release. The sales rep would then sift through medical records to identify patients with the sought-after insurance plan. The patient files would be tagged so the doctor could easily identify patients with the specific insurance plan so he knew whom he should prescribe the compounds. On occasion, the sales representative would even join the doctor and patient in the exam room as if he were employed by the medical office, which he was not.

Patients were targeted based on information illegally gained from within secure patient records, then they were prescribed and dispensed medically unnecessary compounded medications all as a result of this scheme.

Training staff to appropriately handle PHI, and discussing the consequences of mishandling PHI, is critical to preventing a breach and other unauthorized access to protected information—malicious or not. If you have not already taken advantage of the PAAS National® Fraud, Waste, and Abuse and HIPAA Compliance Program, now is a great time to reach out to a PAAS staff member to learn about the best program available to independent pharmacies. Ring in the New Year with confidence knowing that you have a method to provide your staff with comprehensive, community pharmacy focused HIPAA training.

Valid Prescriber/Patient Relationships and Marketing Concerns

With the U.S. Department of Health and Human Services Office of Inspector General’s (OIG) recent focus on telemedicine fraud, pharmacies may be wondering what their obligations are when determining a prescription’s authenticity – especially when it comes to whether a valid prescriber/patient relationship exists. Many PBMs, including Express Scripts, TRICARE, CVS Caremark, and OptumRx all have language in their provider manuals placing the responsibility on the pharmacy of ensuring a valid prescriber/patient relationship exists.

How can you determine if a prescriber/patient relationship is valid? Questions you may ask to verify this are:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Does the patient regularly see this prescriber?
  • Does the patient live in the same area where the prescriber’s office is located?
  • Would you be able to obtain medical records to validate this relationship if needed?
  • Can you confirm the patient is aware of and requested the prescription?

Along with telemedicine, PBMs are also concerned about marketing practices of pharmacies. The provider manuals for Express Scripts, TRICARE, CVS Caremark, OptumRx, and Elixir all contain language surrounding what is not allowed and some, like Express Scripts, are known for using investigational audits to ensure compliance.

Prohibitions on certain marketing practices in these manuals include, but are not limited to:

  • Acquiring potential patients, either directly or from a third-party by referral, using door-to-door, telephonic or other cold-call tactics.
  • Obtaining the patient’s provider or billing information without the patient’s consent.
  • Using fraudulent, abusive, or deceptive television or internet advertisements or emails.
  • Contacting a patient or prescriber without a previously existing relationship.
  • Contacting or offering to contact a prescriber on a patient’s behalf without the patient’s express knowledge and authorization.
  • Obtaining a prescription from a prescriber by suggesting to a patient that the prescriber or patient’s health plan wants the patient to receive the medication without the prescriber’s knowledge and authorization.
  • Limiting a patient’s right to use a different pharmacy of the patient’s choice or use marketing techniques that may make a patient believe they are restricted to your pharmacy.

Pharmacies must remain vigilant and always conduct marketing practices in a manner consistent with their state laws, federal laws, and Medicare regulations and guidelines.

PAAS Tips:

  • Make every effort to confirm a patient authorized prescriptions coming from unusual prescribers
    • Consider, amongst other things, the prescriber’s scope of practice and location to patient/pharmacy
  • Know your state and federal laws surrounding marketing practices
  • See the Medicare Communications and Marketing Guidelines for specific guidance
  • Develop policies and procedures surrounding marketing practices to ensure compliance
  • See the following Newsline articles for additional tips:
  • To get started with your customizable FWA and HIPAA Compliance program contact PAAS National® today, (608) 873-1342 or info@paasnational.com.

2023 Fraud, Waste & Abuse and HIPAA Compliance Program Updates

PAAS National® continuously monitors legislative and regulatory changes that may impact your Fraud, Waste & Abuse and HIPAA Compliance Program. We keep a close eye on enforcement from the Department of Justice, Office of Inspector General, State Attorney Generals, and Office for Civil Rights to help ensure the program meets interpretative standards. Furthermore, PAAS works to keep pace with Pharmacy Benefit Managers as they continue to add credentialing requirements that can be extremely difficult, and a significant nuisance, to independent pharmacies.

The PAAS National® FWA/HIPAA Compliance Program has implemented changes to ensure pharmacies continue to have a robust program in place. PAAS FWA/HIPAA compliance members can login to the member portal to view the 2023 FWAC and HIPAA Updates

Administrators should review all Compliance tasks (located in the left-hand navigation on the PAAS Member Portal) at least annually to keep the program up-to-date and in compliance. Section 2.6 Updates of Policies and Procedures of your manual contains information on maintaining open lines of communication and the distribution of changes.

If you’re not a member of PAAS’ FWA/HIPAA compliance program, contact us today at (608) 873-1342 or info@paasnational.com to add the program for a discounted rate.

“We have been with PAAS for many years and added the FWAC/HIPAA material to our membership and as a compliance officer, I’ve never been more pleased with the program. If you have already made the best choice to have PAAS in your corner, then continue with the best for your FWAC/HIPAA needs.” – Member since 2010 from North Carolina

“PAAS National® Fraud, Waste, Abuse and Compliance educational sessions are unsurpassed. The PAAS National® Policy and Procedure manual that you create for your pharmacy is a must for all pharmacies to have for their staff. All of this keeps your pharmacy up to date with current pharmacy procedures and operations and ensure proper pharmacy practices going forward.” – Member since 2021 from New York

“A pharmacy without the compliance program does not have their bases covered and required work finished. I can sleep at night knowing this program keeps me protected and on task.” – Member since 2009 from Iowa

DMEPOS Mini-Series #8 – The Six Medicare Auditing Entities and Their Purpose

The six Medicare auditing entities are responsible for auditing records, claims and payments. While they may use different methods to conduct audits, they all aim to detect, correct, and prevent improper payments to curb fraud, waste, and abuse and protect the Medicare Trust Fund. The Medicare Program Integrity Manual contains the policies and responsibilities for the entities tasked with medical and payment review.

What is the rationale for having these auditing entities? Taxpayers and future Medicare beneficiaries benefit when Medicare payments are returned to the Medicare Trust Fund. Subsequently, these audits lower the Medicare payment error rates. On occasion, pharmacies can benefit if there are any underpayments identified during an audit, in which case those dollars will be repaid to the pharmacy.

Listed below are six Medicare contractors that conduct audits and their main objectives:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  1. MAC – Medicare Administrative Contractor
    1. Goal is to process claims for a defined jurisdiction
    2. Reviews claims on a pre-payment and post-payment basis
    3. Identify noncompliance with coverage, coding, payment, and billing policies through data analysis
    4. Take action to prevent and address improper payments
  2. UPIC – Unified Program Integrity Contractor
    1. Goal is to investigate cases of suspected FWA
    2. Take action to recoup inappropriate Medicare payments
    3. Ensure the integrity of claims under all lines of Medicare business
  3. SMRC – Supplemental Medical Review Contractor
    1. Goal is to lower the improper payment rates by conducting nationwide medical reviews with documentation requests
  4. CERT – Comprehensive Error Rate Testing Contractor
    1. Goal is to collect documentation and perform reviews on random samples of Medicare FFS claims post-payment
    2. Determine whether claims were paid appropriately based on Medicare coverage, coding, and billing rules in place
    3. Produces the improper payment rates to the MACs who can repay underpayments and recoup overpayments
  5. RAC – Recovery Audit Contractor
    1. Goal is to identify overpayments and underpayments by conducting automated and complex reviews on a post-payment basis
      1. Automated – no medical records needed
      2. Complex – medical records required
    2. OIG – Office of Inspector General
      1. Goal is to lead efforts to fight FWA
      2. Develop and distribute resources to help the health industry comply with FWA laws
      3. Education the public about fraudulent schemes
      4. Responsible for reporting to both the Secretary of Health and Human Services (HHS) and Congress and to provide recommendations to correct FWA

PAAS Tips:

  • Be prepared with FWA policies and procedures, should you not have a compliance program in place, learn more about PAAS’ Fraud, Waste & Abuse and HIPAA Compliance program or contact our office at 608-873-1342
  • Reminder: Send your Medicare Part B audits to PAAS! info@paasnational.com or fax (608) 873-4009 and we can advise what documentation is being requested and help navigate the Medicare Part B requirements and responses to audits.

Be on the Lookout for OptumRx Unannounced Onsite Audits

Receiving a PBM onsite audit notice can be intimidating but the pharmacy typically has some time to prepare before the auditor arrives. However, are you aware that pharmacies can receive unannounced onsite visits from PBMs, FDA inspectors, DEA agents or Board of Pharmacy inspectors? Being prepared for an unannounced audit is crucial and PAAS National® wants to make sure you have the tools to be successful. PAAS has become aware that OptumRx is again performing their unannounced onsite audits, see the tips below to help you be prepared should you get an unexpected visit.

PAAS Tips:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  • Utilize our Onsite Credentialing Guidelines resource
    • Provides a list of frequently asked questions from the PBM auditors
    • Includes references to the PAAS National® Policy and Procedure Manual for our Fraud, Waste & Abuse and HIPAA Compliance members
  • These audits typically focus on credentialing requirements and not prescription review
  • Auditors may check licenses, on-hand stock of certain medications and may ask permission to take a few photos – If you are a PAAS Vault member and have uploaded licenses to the portal, those licenses are available at your fingertips
  • Two auditors may be present, and the visit is usually about 30 minutes
  • See the OptumRx Provider Manual for more information regarding an onsite audit.
    • Administrator or its designee shall have the right, with or without notice, at reasonable times, to access, inspect, and review on-site the facilities, licenses and credentialing documents/records of Network Pharmacy Providers and pharmacy locations applying to participate in any of Administrator’s Benefit Plans, as well as make copies of the licenses credentialing documents/records etc. maintained by pharmacy. Pharmacy agrees to cooperate with Administrator or its designee with the on-site visit and acknowledges non-cooperation with an on-site visit may result in denial or termination of network participation.”
  • See the July 2022 Newsline, Is Your Pharmacy Ready for an Unannounced Audit?

Don’t have an FWA/HIPAA Compliance Program? Contact PAAS and receive a $126 discount when you combine services with your audit assistance. Get started today? info@paasnational.com or (608) 873-1342.

Fraud, Waste, and Abuse Compliance Programs Are Not Optional

PAAS National® analysts continue to see audits requesting documentation of compliance policies and procedures. FWA Training and OIG/GSA exclusion checks are not enough to be compliant as they do not constitute a compliance program. Since 2009, PAAS’ Fraud, Waste & Abuse and HIPAA Compliance program has been designed to meet CMS’ seven core elements required to adopt and implement an effective compliance program, which include:

  1. Written Policies, Procedures and Standards of Conduct
  2. Compliance Officer, Compliance Committee and High-Level Oversight
  3. Effective Training and Education
  4. Effective Lines of Communication
  5. Well Publicized Disciplinary Standards
  6. Effective System for Routine Monitoring and Identification of Compliance Risk
  7. Procedures and System for Prompt Response to Compliance Issues

PBM Provider Agreements require pharmacies to have a compliance program that meets CMS standards, and they reserve the right to request documentation of your compliance policies and procedures.

Consider the following:

  • OptumRx Section VIII Compliance; Fraud, Waste and Abuse (FWA); General Training; Audits – “A Network Pharmacy Provider involved in providing services for Medicare Part D/Medicaid Members is responsible for implementing a program to control FWA and to facilitate compliance in the delivery of Covered Prescription Services through the Medicare/Medicaid benefits.”
  • Humana’s 2022 Notice of Program Requirements – Humana’s Compliance Policy for Contracted Healthcare Providers explicitly states pharmacies must have a compliance program that meets the seven elements outlined by CMS, including written policies, procedures and standards of conduct.
  • PerformRx Pharmacy Compliance Attestation 2022/2023 – PerformRx requires attestations to the following: The pharmacy has implemented and maintains a compliance program that is consistent, at minimum, with applicable federal and state requirements, including, but not limited to the standards set forth in 42 CFR §423.504(b)(4)(vi) and other Centers for Medicare & Medicaid Services (CMS) guidance set forth in the Medicare Part D Prescription Drug Benefit Manual.
  • While not public, Express Scripts and Caremark also have explicit language to require a compliance program. See Caremark’s 2022 Provider Manual, Section 10.01.06 FWA program and Express Scripts 2022 Provider Manual with regards to maintaining a compliance program in accordance with CMS requirements.

Ensure you have all your compliance bases met so you can provide proof when requested for credentialing or audit. Don’t have an FWA/HIPAA Compliance Program? Contact PAAS, info@paasnational.com or (608) 873-1342 and get started today!

On-Demand Webinar: Don’t Give PBMs a Reason to Audit (Or Terminate): Off-Label Drug Use and Compliance Requirements

On November 9, 2022 PAAS National® hosted “Don’t give PBMs a reason to audit (or terminate): Off-label drug use and compliance requirements” webinar. PAAS Audit Assistance members have access to the recorded webinar, in addition to many other tools and resources on the PAAS Member Portal.

For easy viewing, we’ve split the webinar into three separate recordings.

  1. PBM Fraud, Waste & Abuse Compliance Program Requirements
  2. Does My Pharmacy Really Need Cultural Competency Training?
  3. What are the Audit Risks for Dispensing Prescriptions Off-Label? which includes:
    • Can Ozempic® and MounjaroTM be used off-label for weight loss?

Product Substitution Best Practices

Consider a scenario where your pharmacy has been dispensing a product for years and you find that the product is being discontinued, requiring a product substitution. What steps should be taken to ensure your pharmacy is protected in case of an audit?

Most recently, this has been the case for pharmacies dispensing ProAir® HFA. Since it now has been discontinued and supplanted with ProAir RespiClick®, can the product be substituted without needing to contact the prescriber?

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Before automatically substituting, it would be wise to review a product’s therapeutic equivalence. Drugs approved under a New Drug Application (NDA), or Abbreviated New Drug Application (ANDA), will be found in the FDA Orange book and use Therapeutic Equivalency (TE) Codes to establish equivalency ratings. Biologics, on the other hand, are approved under a Biologic License Application (BLA) and will be found in the FDA Purple Book. The Purple Book does not use TE codes, but rather matching color cards and category headers to indicate biosimilars and interchangeable biosimilars.

Beyond the TE Codes (primarily used to identify generic equivalents), compare the original product’s NDA to the NDA of the product you are looking to substitute. To continue with the ProAir® example, consider the NDA of both ProAir® HFA and ProAir RespiClick®:

Since the NDA numbers do not match, it would be appropriate to obtain prescriber approval and document authorization to substitute the ProAir RespiClick® for the ProAir® HFA. When requesting the change, consider obtaining a new order to help mitigate audit risk. Substituting the RespiClick on the same Rx Number has a higher likelihood to flag for potential audit.

PAAS Tips:

LIVE WEBINAR NOVEMBER 9th – Sign Up Today!

Join President of PAAS National®, Trenton Thiede, PharmD, MBA for a LIVE webinar “Don’t give PBMs a reason to audit (or terminate): Off-label drug use and compliance requirements” on November 9, 2022 from 2:00-3:00 pm CT as he answers:

  • What are the audit risks for dispensing prescriptions off-label?
  • Can Ozempic® and MounjaroTM be used off-label for weight loss?
  • What do PBMs require for Fraud, Waste & Abuse Compliance?
  • Does my pharmacy need to complete cultural competency training?

We will allow for some Q&A at the end of the webinar. If you would like to submit questions prior to the webinar, please click here.

SIGN UP TODAY!

PAAS Audit Assistance members will have access to a recording on the PAAS Member Portal if they are unable to attend the live event.