2022 Fraud, Waste & Abuse and HIPAA Compliance Program Updates

PAAS National® continuously monitors legislative and regulatory changes that may impact your Fraud, Waste & Abuse and HIPAA Compliance Program. We keep a close eye on enforcement from the Department of Justice and Office for Civil Rights to help ensure the program meets interpretative standards. Furthermore, PAAS works to keep pace with Pharmacy Benefit Managers as they continue to add credentialing requirements that can be extremely difficult and a significant nuisance to independent pharmacies.

The PAAS National® FWA/HIPAA Compliance Program has implemented changes to ensure pharmacies continue to have a robust program in place. PAAS FWA/HIPAA compliance members can login to the member portal to view the 2022 FWAC and HIPAA Updates.

Administrators should review all Compliance tasks (located in the left-hand navigation on the PAAS Member Portal) at least annually to keep the program up-to-date and in compliance. Section 2.6 Updates of Policies and Procedures of your manual contains information on maintaining open lines of communication and the distribution of changes.

Contact us TODAY at (608) 873-1342 or info@paasnational.com and add FWA/HIPAA for a discounted rate.

“We have been with PAAS for many years and added the FWAC/HIPAA material to our membership and as a compliance officer, I’ve never been more pleased with the program. If you have already made the best choice to have PAAS in your corner, then continue with the best for your FWAC/HIPAA needs.” – Member since 2010 from North Carolina

“PAAS National® Fraud, Waste, Abuse and Compliance educational sessions are unsurpassed. The PAAS National® Policy and Procedure manual that you create for your pharmacy is a must for all pharmacies to have for their staff. All of this keeps your pharmacy up to date with current pharmacy procedures and operations and ensure proper pharmacy practices going forward.” – Member since 2021 from New York

“A pharmacy without the compliance program does not have their bases covered and required work finished. I can sleep at night knowing this program keeps me protected and on task.” – Member since 2009 from Iowa

Humana Compliance Requirements – Training and Exclusion Checks Are Not Enough

PAAS National® analysts have received several questions regarding Humana’s 2022 Notice of Program Requirements. Humana’s Compliance Policy for Contracted Healthcare Providers explicitly states pharmacies must have a compliance program that meets the seven elements outline by CMS, including written policies, procedures and standards of conduct. Per the 2022 Pharmacy Compliance Education and Training Requirements FAQs: “Humana reserves the right to request documentation (e.g., policies and tracking records) confirming that your organization has an effective compliance program that meets the requirements outlined in the Compliance Policy and Standards of Conduct.”

PAAS’ Fraud, Waste & Abuse and HIPAA Compliance program keeps members compliant beyond training and exclusion checking. Since 2009, the program was designed to meet these CMS requirements, with the full support of our expert staff – pharmacists just like you, with years of experience helping community pharmacies with FWA and HIPAA compliance.

If you aren’t a member of FWA/HIPAA and are interested in saving $126 on your membership, please contact PAAS at (608) 873-1342 to become an Elite member.

PAAS Tips:

    1. Members can contact PAAS (608) 873-1342 if you have any questions
    2. See December 2021 Newsline article PBM Provider Manual Updates – What You Need to Know
    3. See August 2021 Newsline article Humana Audit Program Updates

Are You Prepared to Prove TIRF REMS Program Compliance?

The purpose of the Transmucosal Immediate-Release Fentanyl (TIRF) Risk Evaluation and Mitigation Strategy (REMS) Program is “to mitigate the misuse, abuse, addiction, overdose, and serious complications due to medication errors with the use of TIRF medicines.” If your pharmacy dispenses Actiq®, Fentora®, Subsys®, or other medications which fall under the TIRF program, now is a good time to evaluate your compliance with all TIRF REMS requirements. The program has strict standards for all stakeholders involved with TIRF products including program administrators, wholesalers, prescribers, pharmacies and patients. Annually, the program administrators must audit all certified outpatient pharmacies who ordered at least one shipment of a TIRF medication in the preceding 12 months, up to 400 pharmacies.

PAAS National® analysts have seen audits recently conducted by Compliance Architects®, a company which offers many services including FDA risk management and compliance consulting. The audits have consisted of a short online survey followed by a self-scheduled virtual meeting. During the audit process, pharmacies are expected to share copies of various program-related documents such as:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

A key factor to successfully completing the audit is being able to provide robust policies and procedures which meet all program requirements. Whether you’re reviewing your current policies and procedures, or find yourself without this key compliance element, reviewing the Pharmacy Education document found online under the Pharmacy page of the TIRF REMS Access Program website is a good starting point. Mirroring each section from the Pharmacy Education document in your own policy and procedure can help ensure all compliance elements are captured.

If your pharmacy is found to be non-compliant, the type and severity of the offense determines the reprimand (which may consist of a corrective and preventative action plan, continued monitoring for compliance or potentially deactivation from the TIRF REMS program). A copy of the TIRF REMS Non-Compliance Protocol can be found on the Access Program website.

PAAS Tips:

  • All pharmacies dispensing TIRF REMS medication must have an Authorized Representative who successfully completed the TIRF REMS Pharmacy Knowledge Assessment, submitted the Pharmacy Enrollment Form and attested to following all program requirements.
  • Ensure all staff involved in the ordering, inventory management and dispensing of TIRF REMS medications have been trained by the pharmacy’s Authorized Representative.
  • The pharmacy must re-enroll and successfully complete the enrollment requirements every two years. The PAAS Vault can be utilized to store your enrollment forms and proof of training to ensure they are readily accessible for an audit. For more information on the PAAS Vault call 608-873-1342.
  • Have robust written policies and procedures which outline how your pharmacy will meet all program requirements including, but not limited to:
    • Checking for changes in a patient’s medication use and opioid tolerance
    • Documenting the patient’s around-the-clock opioid medication and RDA
    • Verifying the prescriber and the patient are enrolled in the TIRF REMS Program
    • Providing the patient with the product-specific Medication Guide and counseling
    • Reporting adverse events
    • Prohibiting the distribution, transfer, loaning or selling of TIRF medicines to other providers
  • For access to the full FDA TIRF REMS program information, access the FDA REMS online database

Webinar: PBM FWA Trends and COVID-19 Vaccine Audit Risks

On November 18, 2021 PAAS National® hosted PBM FWA Trends and COVID-19 Vaccine Audit Risks webinar. PAAS Audit Assistance members have access to the recorded webinar, in addition to many other tools and resources on the PAAS Portal.

This webinar reviews:

  • PBM Fraud, Waste and Abuse (FWA) Trends
  • COVID-19 Vaccine Audit Risks
    • Documentation Requirements
    • Additional Doses for Immunocompromised
    • Booster Doses for qualified patients
    • Medicare at-home patients
  • Pandemic related PBM waivers/concessions

HIPAA Guidance Regarding COVID-19 Vaccination Status in the Workplace

On September 30th, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released guidance regarding the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Privacy Rule and its application to the workplace, specifically discussing the disclosure and request of COVID-19 vaccination status.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

The Privacy Rule (45 CFR Parts 160 and 164) applies specifically to covered entities (CEs), such as health plans, health care clearinghouses, and health care providers who maintain or transmit individually identifiable health information, called “protected health information (PHI).” The Privacy Rule does not regulate a CE’s or its business associates’ (BA) ability to request the vaccination status of an individual, it regulates how the CE and BAs use and disclose the PHI obtained. The Rule expressly states that a member of the CE’s workforce is not considered a BA and the rule does not prohibit an employer from requesting the vaccination status of its employees, a patient, or a visitor and the Rule does not limit an individual from disclosing their own information to another person. In other words, even though a pharmacy is considered a CE and staff must abide by the Privacy Rule daily when utilizing and disclosing PHI, when the pharmacy is acting in its capacity as an employer the Rule does not regulate its ability to ask employees, customers, or patients about their vaccination status. The employee, customer, or patient might believe they do not have to share this information per HIPAA; however, that is not a valid assertion since HIPAA does not regulate or prohibit an individual from sharing their own information. Outside of HIPAA, there may be other applicable state or federal laws which could overlap HIPAA regulations – refer to your healthcare attorney for additional clarifications.

Additionally, the Privacy Rule does not dictate what information can be requested of its employees as a condition of employment. Even the federal equal employment opportunity laws do not prevent an employer from requiring staff to be vaccinated before entering the workplace, as long as reasonable accommodations are made per the Americans with Disabilities Act (ADA). If an employer maintains confirmation or proof of vaccination, the ADA requires those records be stored separately from the individual’s personnel file. Furthermore, an employer can require each member of its workforce to sign a HIPAA authorization to obtain proof of vaccination directly from a covered health care provider and an employer may require its workforce to disclose their vaccination status to a patient, if asked.

The Privacy Rule does prohibit a CE and their BAs from using or disclosing an individual’s medical records, including vaccination status, to an individual’s employer or other entity unless the individual approves the request in advance, or the release pertains to treatment, payment, or other healthcare operations (TPO). Unless the individual has restricted the release of their PHI, the pharmacy can share the individual’s vaccination status with entities such as the individual’s primary care provider, their insurance company, and the state immunization database without the patient’s consent. For disclosure to an entity outside TPO, patients must first approve the release of their protected information (including vaccination history). Be sure to keep all HIPAA-related documentation for a minimum of six years.

PAAS Tips:

  • PAAS Fraud, Waste and Abuse and HIPAA Compliance members, refer to section 10.5 of your Policy and Procedure Manual for additional information regarding the use and disclosure of PHI and Appendix B for the Request to Access or Release Protected Health Information form.
  • Refer to the OCR’s guidance document for additional scenarios, including vaccine records maintained by schools, disclosure to public health authorities, and hospitals releasing PHI relating to an employee’s vaccination status (including documented side effects of the vaccine) to an employer.

Accepting Gifts Can Be an FWA Violation

The U.S. Department of Justice issued a press release on September 30, 2021, outlining that a former public official accepted “gratuities” (aka gifts or kickbacks) in exchange for referring business to a specific outside vendor. The employee was sentenced to eight months in federal prison and required to pay almost $8,000 in restitution.

According to the press release, David Laufer worked at Walter Reed Medical Center and was the Chief of the Prosthetics and Orthotics Department. Mr. Laufer reportedly accepted thousands of dollars in cash and other gifts such as airline tickets, lodging and entertainment tickets from Pinnacle Orthopedic Services in exchange for steering business from 2012 to 2016. Mr. Laufer repeatedly hid these outside compensations from his employer despite being required to complete annual Confidential Financial Disclosure Forms intended to identify and deter this type of activity. Mr. Laufer also denied receiving any benefits from Pinnacle during interviews with federal agents as part of a corruption investigation at Walter Reed.

The press release makes it very clear that Mr. Laufer was fully aware that his activity was wrong and made multiple explicit attempts to avoid detection. Despite the efforts of his employer to prevent (through disclosure forms) and detect (through investigation) this bad actor was able to break the rules.

Just think how bad things would have been had his employer (the federal government) not had certain FWA prevention/detection elements in place.

PAAS Fraud, Waste & Abuse and HIPAA Compliance members have an electronic Code of Conduct, Business Ethics and Conflicts of Interest Policy that employees must sign annually as well as a policy about Receiving Gifts and Entertainment-Conflicts in Section 3.2.2 of the FWAC/HIPAA Policy and Procedure Manual.

PAAS Tips:

  • PAAS FWA/HIPAA members can review Policy & Procedure Questionnaire #5 and #6 to ensure their Receiving Gifts or Entertainment Policy is current
  • Pharmacies that do not utilize the PAAS FWAC/HIPAA program should evaluate their existing policies to ensure they are robust

LIVE WEBINAR NOV. 18: PBM FWA Trends and COVID-19 Vaccine Audit Risks

Join President of PAAS National®, Trenton Thiede, PharmD, MBA for a LIVE webinar “PBM FWA Trends and COVID-19 Vaccine Audit Risks” on November 18, 2021 from 2-2:30pm CT as he discusses:

  • Who We Are and How We Help
  • PBM Fraud, Waste and Abuse (FWA) Trends
  • COVID-19 Vaccine Audit Risks
    • Documentation Requirements
    • Additional Doses for Immunocompromised
    • Booster Doses for qualified patients
    • Medicare at-home patients
  • Pandemic related PBM waivers/concessions

We will allow for some Q&A at the end of the webinar.

SIGN UP TODAY!

PAAS Audit Assistance members will have access to a recording on the PAAS Member Portal if they are unable to attend the live event.

Stark Law and Anti-Kickback Violations –Indictments Handed Down for Medically Unnecessary Claims

According to a September 17, 2021 press release from the Department of Justice (DOJ), a podiatrist was indicted for defrauding Medicare and Medicaid “by prescribing and dispensing medically unnecessary foot bath medications.” The podiatrist owned a foot clinic along with several in-house pharmacies. When the doctor wrote prescriptions, which were subsequently filled at an in-house pharmacy, he benefited financially from the “drug cocktail” prescribed – the higher the price of the cocktail, the higher the profit for the podiatrist. The article explains the “cocktails included capsules, creams, and powders that were not indicated to be dissolved in water and some of which were not water soluble.” To illustrate how expensive these “medically unnecessary” prescriptions were, over one year, Medicare paid the pharmacy over $18,000 for a single patient’s claims. The podiatrist faces up to 50 years in prison for his scheme to defraud Medicare and Medicaid.

Less than a month later, on October 4, 2021, the DOJ released another statement regarding medically unnecessary foot soaks. In this case, a federal grand jury indicted a pharmacist for allegedly utilizing a marketing company to solicit prescriptions for “foot bath” medications, paying the marketing company kickbacks by providing a percentage of the profit gained off each prescription obtained through their service, knowingly filling prescription which were medically unnecessary, and knowingly filling prescriptions where a valid patient/provider relationship was not established. The pharmacist faces one count of health care fraud and three counts of violations of the Anti-Kickback Statute [42 U.S.C. § 1320a-7b(b)]. Willingly incentivizing prescribers or patients by directly or indirectly providing remuneration is a clear violation of the Anti-Kickback Statue which could result in exclusion from all Federal health care programs, criminal penalties, and monetary penalties including up to three times the amount of the kickback.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
Both cases are good reminders of the importance of the relationship between the patient, prescriber, and pharmacy as well as the medication itself and whether it is being used for a medically acceptable indication via the appropriate route of administration.

Being aware of the prescriber/pharmacy relationship is important due to the Physician Self-Referral Law, better known as the Stark Law. If a physician or a member of the physician’s immediate family has a financial relationship with a pharmacy and the prescriber refers a patient to that pharmacy, there is a potential violation of the Stark Law. The law also prohibits billing an item as a result of the prohibited referral. Additional information, including covered items or services and exceptions can be found on CMS.gov or within section 1877 of the Social Security Act (42 U.S.C. § 1395nn).

The relationship between the medication prescribed, the route of administration, and the indication for use should also be considered prior to dispensing. Claims billed under federally funded plans for prescriptions utilized for non-FDA approved indications and for administration by non-FDA approved routes (e.g., topical antifungal cream dissolved in a foot bath) may be subject to recoupment. These claims may be flagged due to lack of supporting evidence for use in Part D compendia. PAAS National® analysts continue to see enforcement of this policy.

PAAS Tips:

MedImpact is Turning Up the Heat on FWA Investigations

PAAS National® has recently received several FWA audit results requiring the pharmacy to submit additional, and arduous, supporting documentation. Pharmacies need to be aware of the audit risks for medications with high Average Wholesale Prices (AWP) and narrow FDA approved indications (e.g., Pennsaid®). Significant time and effort must be put forth by the pharmacy, prescriber and potentially the patient, to support these claims.

MedImpact FWA audit results are requesting numerous items to support the claims submitted by the pharmacy. Important to note, these results have included many claims that were never paid by the plan. Any claim submitted to a PBM can be requested for audit, even if rejected at point of sale. Clearly these FWA audits are not focusing solely on financial recoupment, but also suspicious conduct by the pharmacy (i.e., test claims). Keep the following in mind:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  1. Prescriptions transferred from a pharmaceutical hub are under scrutiny. Claims for high AWP medications, with an origin code of 5, are easy claims for a PBM’s algorithm to flag. MedImpact results have come back to pharmacies requesting medical records to show proof of a valid patient/prescriber relationship and to support the necessity of the medication – often difficult to obtain. The audit results have also requested proof the patient authorized or requested these transferred prescriptions be filled prior to adjudication.
  2. Patient’s medication and pharmacy history are also being tracked by MedImpact during these audits. Prescription claims for patients starting on a high AWP formulation, versus potential lower cost therapies, are requiring a prescriber attestation with justification (again, not always easy to obtain). Pharmacies filling prescriptions for the first time for a patient, and only filling these high AWP medications, have been required to provide a written explanation of how these prescriptions were obtained.

With the current public health emergency, pharmacies must be diligent in verifying the legitimacy of telemedicine prescriptions, especially for high AWP medications. See the June 2019 PAAS Newsline article, Telemedicine: Questions to Consider from an Audit Perspective for more information.

Are You Violating PBM Return to Stock Policies? (including New PAAS Chart)

PAAS National® continues to see pharmacies losing money due to violating PBM Return to Stock policies. Each PBM sets a timeframe that unclaimed prescriptions must be reversed and returned to stock. Full recoupment of the claim can occur when a PBM discovers prescriptions are dispensed to patients outside this timeframe. Staying up to date on Return to Stock requirements is imperative. PAAS has a chart available on the PAAS Member Portal (portal.paasnational.com) in our Tools & Aids section so you can stay up-to-date on these policies.

The strictest Return to Stock Policy is 10 calendar days. Pharmacies that currently have a policy for 14 days are running the risk of full claim recoupment from these specific PBMs.

Recoupments are preventable if pharmacies follow through on this very important task. PAAS Fraud, Waste & Abuse and HIPAA Compliance Program members have a customized policy in their manual.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

PAAS Tips:

  • Review and update your pharmacy policy for unclaimed prescriptions and make necessary changes to comply with strict PBM requirements, Section 4.1.1 Unclaimed Prescriptions of your PAAS FWA/HIPAA Compliance manual
    • Review and provide notice to staff of any updates/changes made to current policy.
    • Members may also refer to Appendix B of the manual for the Unclaimed Prescription Reversal Log. This is a helpful tool to assist pharmacies in completing this task.
    • Documenting when the task has been completed provides support that your pharmacy is following their FWA program.
  • Check with your software vendor on the ability to run reports to show prescriptions waiting to be picked up > 10 days
  • Software vendors may be able to set your point-of-sale system to deny the ability to sell past 10 days
  • Assign Return to Stock procedures to one person and allocate time to complete
  • See the June 2021 PAAS Newsline article, Would Your REMS Prescription Pass an Audit? for REMS dispensing and timeframe requirements
  • Be sure to review additional areas where waiting prescriptions are kept (e.g., refrigerator, special order shelf, or an overstock shelf)
  • Partial and LTC prescriptions also fall into these timeframe requirements

Not a PAAS Fraud, Waste & Abuse and HIPAA Compliance Program member? Contact PAAS today at (608) 873-1342 or info@paasnational.com and save $120 by combining services.