Metformin HCl ER – Audit Considerations

Metformin HCl ER is indicated as an adjunct to diet and exercise to improve glycemic control in adults with type 2 diabetes mellitus. It is commonly prescribed for patients who have gastrointestinal side-effects when taking the original. non-ER. version of the medication. Unfortunately, the cost difference can be significant, leading to an increased risk for audit – especially when a patient is taking Glumetza® or Fortamet®.

To add to the confusion, there are three different versions of metformin HCl ER, with three different extended-release mechanisms.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
They are not interchangeable with one another and, consequently, have unique Therapeutic Equivalency (TE) codes to show which generic products can be substituted for a specific brand name. When there are multiple branded versions of an identical active drug ingredient, form, and route of administration, then the FDA must assign each brand an additional identifier such as AB, AB1, AB2 and AB3.

Brand Name Strengths (mg) FDA Orange Book TE Codes Extended-Release Format
Glucophage® XR 500, 750 AB, AB1 Dual hydrophilic polymer system
Fortamet® 500, 1000 AB2 Single-Composition Osmotic Technology (SCOT)
Glumetza® 500, 1000 AB3 Gastric Retention Technology

You may only dispense a generic formulation of the above if the TE code matches.

PAAS Tips:

  • Dispensing higher cost medications when lower cost alternatives are available is a red flag for PBMs and can lead to increased scrutiny
  • Auditors may require clarification from the prescriber when dispensing these higher cost medications
  • If switching a patient from metformin HCl to metformin HCl ER for clinical reasons, including side effects, document the rationale on the prescription
  • Switching a majority of your patients on metformin HCl to metformin HCl ER can also be a red flag for auditors
  • This could lead to accusations of solicitation and possible contract termination
  • Prescriptions written for generic metformin HCl ER should be clarified with the prescriber as to which version is preferred and make a clinical note on the prescription
  • Clinical notes should contain the date of the call, the name AND title of who you spoke with, what was discussed, and your initials
  • If substitution is required between versions that do not have the same TE code (e.g., Fortamet® to Glumetza®/AB2 to AB3), you will need to obtain prescriber approval and make a clinical note on the prescription
  • Prescriber approval is required even if the plan requires one formulation over another
  • TE codes can be identified by using the FDA Orange Book

Diabetic Test Strip Authorized Distributors

Independent pharmacies continue to receive threatening letters from LifeScan and an affiliated law firm on a monthly basis. These letters argue that pharmacies submitted more claims for LifeScan’s OneTouch® diabetic test strip products to PBMs than are supported by purchase history from authorized distributors. This is essentially an “invoice audit” conducted behind the scenes and pharmacies are not participants until they receive the negative results.

Additionally, these letters threaten to expose pharmacies to harm by withholding rebate dollars owed to PBMs and notify PBMs of the pharmacy’s “non-compliance” unless the pharmacy pays a large amount of money to make the issue “go away”.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

As readers are well aware, it is difficult to make a profit on insured claims where PBMs control the selling price, so it is logical to look to lower your cost of goods as much as possible to either squeak out a little profit or minimize the losses. What becomes problematic is trying to buy at the lowest cost possible while also adhering to PBM contractual requirements and ensuring that products obtained through the supply chain are legitimate.

Because diabetic test strips are classified by the FDA as OTC medical devices, they fall outside of the Drug Supply Chain Security Act (DSCSA) and there is no requirement for a “pedigree” to ensure sourced product is legitimate and not stolen, counterfeit or previously dispensed (gray market). Pharmacies need to take extra care when considering sourcing product that is advertised at a lower cost compared to your primary wholesaler. Manufacturers have developed and maintained “lists” to aid supply chain partners like pharmacies.

Manufacturer Authorized distributor lists for major diabetic test strips:

  1. Abbott https://www.diabetescare.abbott/support/distributors.html
  2. Ascensia https://www.ascensiadiabetes.com/ (click on “distributors” at the bottom of the page)
  3. LifeScan www.genuineonetouch.com
  4. Roche https://rxvp.accu-chek.com/welcome/adr_list
  5. Trividia HealthTM https://www.trividiahealth.com/where-to-buy/

It is also important to understand what each of the major PBMs have to say about sourcing diabetic test strips. While OptumRx does NOT explicitly require pharmacies to purchase test strips from authorized distributors, they do require that pharmacies source all products (including OTC test strips) from vendors that are both (i) licensed as a drug wholesaler in your state and (ii) an NABP accredited drug distributor. Both Caremark and Express Scripts have language in their respective Provider Manuals to require network pharmacies purchase test strips from authorized distributors only.

Finally, there are two states (California and New Jersey) that have regulations pertaining to the purchase and distribution of OTC diabetic test strips.

PAAS Tips:

  • Be mindful of the interplay between state pharmacy regulations, PBM contract requirements and manufacturer distribution channels when making inventory purchase decisions – the lowest possible price may cause you to run afoul of requirements
  • Contact PAAS at (608) 873-1342 or info@paasnational.com if you receive a letter from LifeScan or an affiliate law firm regarding purchases of diabetic test strips so that we can assist you in navigating a response

Ensuring Audit Readiness: What PBMs Look for in Signature Logs and Proof of Delivery

One of the most common questions PAAS National® receives from our members is: what are the requirements for audits when signature logs are requested. This article contains reminders and requirements auditors will be looking for to help ensure your pharmacy will be prepared.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

With the end of the Public Health Emergency on May 11, 2023, PBM waivers were rescinded regarding signature collection and mailing allowances, except for Humana who permitted the mailing waiver until December 31, 2023. Pharmacies must remind all staff to collect signatures at the time of prescription pickup and delivery. Not complying could result in big audit recoupments and lots of hassle for pharmacies to appeal.

Pharmacies and patients alike became used to not having to sign at prescription pick up, or like the convenience of having their local pharmacy mail or deliver medications to them. Unfortunately, getting patients to understand what their insurance requires can be difficult, but is necessary.

The large PBMs like Caremark, Humana, OptumRx and Express Scripts allow delivery of prescriptions, but some do have limitations or restrictions. Some PBMs may include these restrictions in their pharmacy contract agreements and not their provider manuals.

Two of the largest PBMs restrict delivery as follows:

  • OptumRx® Pharmacy Provider Manual specifically states deliveries can only be done by a pharmacy’s W-2 employee within a 100-mile radius. The use of common carriers, including USPS are prohibited by this PBM.
  • Caremark® Pharmacy Provider Manual states pharmacies that deliver greater than 20% of monthly claims by common carriers, including USPS, are not considered “Retail Pharmacies”.

PAAS Tips:

  • Remind all staff that signatures are now required for all in-store pick-up and delivered prescriptions
  • Signature logs, delivery logs, and tracking must include the date the patient received the prescription
  • Pharmacy staff and delivery drivers are not allowed to sign on behalf of a patient
  • Pictures showing delivery was made, or patient “authorization” to leave at their door is not acceptable for PBM audits
  • When utilizing a common carrier, the PBM requires a link between the prescription and the tracking
  • Tracking information is required for audit purposes, so be sure you have access to this information after deliveries have been made
  • Pharmacies that mail or ship prescriptions out of state must adhere to the receiving state’s licensure requirements
  • PAAS has additional resources available on our website, including Signature Log Book to be Printed and our Signature Trifold Mailer

2024 Self-Audit Series #5: Topical Prescriptions

Topical medications are easy audit targets, especially with the rising costs of some of these medications. The discrepancy that is commonly cited for topical medications is …

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
“non-calculable instructions”. This means the PBM does not feel the pharmacy can accurately bill the days’ supply based off the instructions on the prescription. This will require pharmacies to obtain additional information, usually in a prescriber’s statement, in an attempt to appeal.

Pharmacies must do their due diligence to ensure the appropriateness of what is being billed. Prescriptions that include the number of grams per application and a frequency can easily be billed with an accurate days’ supply. Vague instructions for use should be clarified with the prescriber and documented with a clinical notation on both the prescription and added to the patient’s label (an OptumRx requirement!).

Pharmacies must not rely on the days’ supply field indicated on an electric prescription as this is not accepted by PBM auditors. Prescriptions written for a quantity of “1”, are generally flagged for “incomplete quantity”. Auditors require a specific quantity in grams, milliliters, or pumps to be indicated. Verifying and documenting can help avoid audit recoupments!

PAAS Tips:

  • Educate staff to review topical prescriptions for complete instructions prior to filling
  • Self-audit expensive topical prescriptions frequently to ensure the instructions are sufficient for audit
  • Download and share with staff, the PAAS National® Topical Creams and Ointments Chart and utilize the PAAS National® App when utilizing the Finger-Tip Unit method
    • See PAASNational.com/app for more information
  • Topical medications should only be filled upon request
  • Reminder that all clinical notations should include: date, name and title of who you spoke with, what was clarified, and your initials

How to Safeguard Your Pharmacy from Fraudulent Electronic Prescriptions

PAAS National® has recently assisted pharmacies who received fraudulent electronic prescriptions from prescribers that had their electronic prescribing credentials hacked or stolen. There was a recent widespread e-prescription fraud reported earlier this year where criminals issued over 18,000 prescriptions to pharmacies in 18 states in just a 5-hour span.

Fraudulent prescriptions that are billed to the patient’s insurance are subject to full recoupment when audited by the PBM. Unfortunately, pharmacies will need to cooperate with the PBM audit process and prove that they were not willing participants by explaining their process of “due diligence” to authenticate the prescriptions. To offset the financial losses from PBM recoupment, pharmacies will need to lean on their business insurance or separately pursue legal action against the perpetrators.

Of course, it would be much better to avoid dispensing (and billing) these fraudulent prescriptions from the start. Although electronic prescriptions are generally safer than written or telephone prescriptions, they are still vulnerable to exploitation by criminals targeting unsuspecting pharmacies.

Here are some techniques to spot fraudulent electronic prescriptions at your pharmacy:

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

  1. Know the prescriber
    1. Is this a new prescriber in your area?
    2. Have you received electronic prescriptions from this prescriber before?
    3. Is the medication within their scope of practice?
    4. Can you verify prescriber information (e.g. phone, address) through public resources?
  2. Know the patient
    1. Is this a new patient at your pharmacy?
    2. Does this patient live within your service area?
    3. How did the pharmacy obtain prescription insurance information?
    4. Consider requiring a copy of photo identification for prescriptions picked up for new patients
    5. Some level of skepticism may be need if all interactions are with a friend or family member
  3. Review the prescription for unusual items such as:
    1. Is dose regimen outside the norm?
    2. Does patient have indication to support use?
    3. Does the patient have other prescriptions from this prescriber? Can the patient confirm they are being treated by the prescriber?
    4. Are there multiple prescriptions issued for high-cost medications brand medications, particularly those that may be dispensed in their original, intact containers

PAAS Tips:

  • Document your due diligence efforts on the prescription or in your pharmacy management software
  • Report fraudulent prescriptions to prescribers, local police, board of pharmacy/medicine, and the PBM
  • Contact your business insurance provider as they may have remedies to help manage fraud losses

What’s New with Prescription Validation Requests in 2024?

In the PAAS National® January 2024 Newsline article PBM Validation Requests Rose 123% in 2023 – What You Need to Know, we discussed the PBM trends we saw in 2023. Below is a list of drugs reviewed and analyst comments that have been compiled through the first six months of 2024 for comparison.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

Top 5 drugs reviewed in 2023 compared to first half of 2024:

January-June 2024 January-December 2023
Ozempic® Lantus®
Nurtec® Humalog®
Mounjaro® Creon®
Creon® Levemir®
Ubrelvy® Invega®

 

While Creon® is still one of the top PBM targets, you can see that during the first half of 2024, the PBMs have shifted their focus from monitoring insulin claims to GLP-1s and migraine medications, demonstrating how PBM audit trends change over time. Be assured that the PBMs will continue to send claim reviews for insulin as well. While they may not show in the top 5 drugs of 2024 so far, Tresiba®, Humalog®, Levemir®, insulin lispro and Toujeo® were all right behind Ubrelvy® in the number of claim reviews the PBMs have issued to date in 2024.

The top 5 comments noted by an analyst after claim review mimic the same 5 from 2023:

  1. Document the reason for the cut quantity – auditor will want to know why the pharmacy dispensed less that what was prescribed
  2. Black out acquisition cost and/or profit margin values on the backtag
  3. A clinical notation is needed and requires 4 elements: Date, who you spoke with and their title, what they confirmed, and the pharmacy employee initials
  4. No backtag/sticker attached, typically requested by the PBM and helpful for PAAS to review the billing elements
  5. Verify the quantity prescribed and make a clinical notation on the hard copy – Unit of Measure (UOM) is not specified or does not make sense for the medication ordered

PAAS Tips:

Proper Billing of Nayzilam® and Valtoco® Nasal Sprays

A subset of patients who experience seizures due to epilepsy suffer from seizure clusters, despite being on maintenance epilepsy medications. Nayzilam® and Valtoco® are both FDA-approved for the “acute treatment of intermittent, stereotypic episodes of frequent seizure activity (i.e., seizure clusters, acute repetitive seizures) that are distinct from a patient’s usual seizure pattern” in patients 12 years and older and 6 years and older, respectively. Regardless, if your patient is prescribed Nayzilam® or Valtoco®, the perplexing billing opens the door for easy recoupments from PBMs.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!

The first step to take when receiving either a Nayzilam® or Valtoco® prescription is to ensure it has clear directions and quantity prescribed.

Per the manufacturer product label, the initial dose of Nayzilam® is one spray into one nostril. If needed, and the directions support, an additional spray may be administered into the opposite nostril 10 minutes after the initial dose if the patient has not responded to the initial dose. For Valtoco®, the number of sprays per dose is dependent on the strength prescribed. According to the manufacturer product label, the initial dose for the 5 mg and 10 mg strengths is one spray into one nostril while the initial dose for the 15 mg and 20 mg strengths is two sprays – one spray into each nostril. If needed, and the directions support, a second dose may be administered at least 4 hours after the initial dose if the patient has not responded to the initial dose.

Also, it is necessary to know the maximum number of episodes the patient is allowed to treat per month to correctly calculate the days’ supply. FDA-approved directions recommend no more than two doses of Nayzilam® should be used to treat a single episode and it should not be used to treat more than one episode every three days with a maximum of five episodes per month. Similarly, FDA-approved directions recommend no more than two doses of Valtoco® should be used to treat a single episode and it should not be used to treat more than one episode every five days with a maximum of five episodes per month.

See the chart below and PAAS Tips for recommended billing guidance, in addition to other prescription components necessary to best protect your pharmacy from audit recoupments:

Drug Name NCPDP Billing Unit per Box Number of Sprays per Dose Number of Doses per Box Number of Sprays per Box Suggested Days’ Supply per Box
Nayzilam® 5 mg/spray 2 EA 1 dose = 1 spray 2 2 x 5 mg 3
Valtoco® 5 mg/spray 1 dose = 1 spray 2 x 5 mg 5
Valtoco® 10 mg/spray 1 dose = 1 spray 2 x 10 mg
Valtoco® 15 mg/2 sprays 1 dose = 2 sprays 4 x 7.5 mg
Valtoco® 20 mg/2 sprays 1 dose = 2 sprays 4 x 10 mg

PAAS Tips:

  • If any clarifications need to be made on the directions, be sure to include a full clinical note, complete with a date, name and title of person spoken with, what was communicated, and your initials
  • Ensure both the quantity and unit of measure is clear on the prescription as “2 boxes” and “2 EA” will lead to different billing outcomes
  • Notate the number of episodes the patient will be treating per month to ensure proper billing and use, paying particular attention to the refill intervals
  • Nayzilam® and Valtoco® are both C-IV and therefore require all aspects of a valid controlled substance prescription on the hard copy, such as patient address, physician address and physician DEA #

On-Demand Webinar: Cybersecurity Considerations for Community Pharmacies

On May 8, 2024, PAAS National® hosted a webinar: Cybersecurity Considerations for Community Pharmacies. PAAS Audit Assistance members have access to the recorded webinar, in addition to many other tools and resources on the PAAS Member Portal.

In a world where threats lurk around every digital corner, safeguarding sensitive information has never been more crucial. Recent events, such as the Change Healthcare cyberattack, serve as stark reminders of the pressing need for robust cybersecurity measures. In pharmacies, where compliance with regulations like HIPAA are of great importance, the stakes are higher than ever.

President of PAAS, Trent Thiede, discussed:

  • The importance of cybersecurity in pharmacy
  • The top threats facing healthcare cybersecurity
  • Components, and importance, of a HIPAA Security Risk Analysis

Should you have any questions, or need assistance getting access, call 608-873-1342 or email info@paasnational.com.

PAAS Tips:

The Different Cyclosporine Eye Drops That Could Cause Audit Trouble

Cyclosporine eye drops are used to increase tear production in individuals with certain eye conditions and dry eye disease. You are likely familiar with Restasis® and Restasis MultiDose®, but the newest cyclosporine product Vevye®, hit the market in late 2023.

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

Join today!
Vevye® uses a water-free vehicle which allows the medication to spread evenly and remain longer across the surface of the eye. The Vevye® drop size of 10 microliters is much smaller than eye drop formulations that contain water which have a typical drop size of between 30 to 50 microliters. This can cause confusion when trying to calculate a days’ supply. Vevye®, along with the other three medications listed in the chart, are unique and would NOT apply to the PBM published drops per millimeter guidelines.

Medication NDC Package Size Manufacturer Beyond Use Date
Cequa® 0.09% solution 47335-0506-96 60 Each The solution from one single-use vial is to be used immediately after opening for administration to one or both eyes: the remaining contents should be discarded immediately
Restasis® 0.05% emulsion 00023-9163-30

00023-9163-60

 30 Each

60 Each

 The emulsion from one single-use vial is to be used immediately after opening for administration to one or both eyes; the remaining contents should be discarded immediately

Caution: Restasis® is also available in a 5.5 mL multi-dose preservative-free bottle NDC 00023-5301-05
Verkazia® 0.1% emulsion 65086-0001-12 120 Each The emulsion from one single-use vial is to be used immediately after opening for administration to one or both eyes; the remaining contents should be discarded immediately
Vevye® 0.1% solution* 82667-0900-02 2 mL After opening, can be used until the expiration date on the bottle

⃰ Written correspondence from manufacturer confirms 200 drops in a 2 mL bottle. 2 mL/0.01 mL per drop = 200 drops

PAAS Tips:

  • A prescription needs calculable directions including which eye, or eyes, the drops are being utilized in, the frequency for which they are used, and a specified quantity (e.g., mL, bottles, vials)
  • Ensure drops available in single-use vials are calculated based on the number of vials needed per day, not drops/mL
  • Be aware of the special billing considerations for Vevye® ophthalmic solution
  • Review our updated Eye Drops Days’ Supply chart on the PAAS Portal
  • Refer to the March 2024 Newsline articles to learn more about unique eye drops and special billing considerations

Independent Pharmacies are NOT Safe from Cyberattacks

Have you ever had your credit card stolen, lost your wallet, or misplaced your social security card? Whether it has happened to you or not, you can imagine the pit of despair that settles in your stomach knowing that one malicious actor is all it takes to create dreadful issues in your life by misusing your information. The compulsion to protect your own credit cards and social security number has likely been engrained into your brain and safeguarding the information is second nature. What may surprise you, is that a valid set of payment card details is only worth a little over $5 on the black market and a social security number is only valued at around $0.50, according to a Trustwave Global Security Report. What is even more surprising is the value of a health care record – one record goes for around $250. Some comprehensive health care records may even be valued as high as $2,000!

The data clearly shows there is a large financial incentive for malicious actors to target the healthcare sector. The 2022 Annual Report to Congress on Breaches of Unsecured Protected Health Information showed 68% of breaches reported to the Office for Civil Rights that affected 500 or more individuals were from health care providers, which supports the fact that all health care providers should be taking action to ensure the safety and security of their protected health information (PHI).

The 2022 Annual Report to Congress also indicated 74% of those breaches were reportedly due to hacking/IT incidents of electronic equipment or a network server. The compulsion to protect the pharmacy’s electronic PHI (ePHI) needs to be as important to pharmacy personnel as protecting their own credit card information and social security number. The first step in that process is educating staff on cybersecurity. Whether you are the owner or an employee at a high-volume, multi-store pharmacy or a low volume, single-store independent pharmacy, your data is enticing to malicious actors and no pharmacy is safe from cyberattacks.

The IBM Cost of a Data Breach Report 2023 found that a malicious insider accounted for about 6% of the data breaches but was the most costly type of data breach, resulting in an annual cost of around $4.9 million dollars. Phishing and stolen or compromised credentials had an associated annual cost of $4.76 million and $4.62 million, respectively, but were more prevalent accounting for over 30% of the breach attack vectors. Additionally, only one in three organizations identified a breach using their organization’s own security team or tools—meaning, two out of three organizations had their breaches reported to them by law enforcement or the entity that unlawfully accessed their records (like when a ransom request was received to release their data). It also took an average of over 200 days from the date of the breach to identify that the breach occurred and another 73 days to contain the breach. Most pharmacies will take a full year to recover from a large data breach.

Rather than getting wrapped up in the financial and time-consuming repercussions of a large breach, be protective. Cybersecurity training is essential to protecting your business, your reputation, and your ePHI. Having a tailored policy and procedure for protecting ePHI is only as good as the staff that adhere to those policies and procedures. A single careless or negligent employee can be the weak link broken by bad actors and may be the end of the pharmacy’s good reputation…and hard-earned money.

PAAS Tips:

  • Watch the PAAS National® webinar, Cybersecurity Considerations for Community Pharmacies located on the Member Portal
  • Know the top threats facing healthcare cybersecurity:
    • Network connected medical device security
    • Insider accidental, or malicious data loss
    • Loss or theft of equipment and data
    • Ransomware
    • Social engineering
  • Understand the components, and importance of a HIPAA Security Risk Analysis
    • Perform and accurate and thorough assessment of the potential risk and vulnerabilities to the confidentiality, integrity, and availability of the pharmacy’s ePHI
    • Identify and implement reasonable and appropriate physical, technical, and administrative safeguards as required by the HIPAA Security Rule
  • Know the terms
    • Vulnerability – a flaw or weakness in system security procedures, design, implementation or internal controls
    • Threat – the potential for a person or thing to exercise a specific vulnerability (natural, human, and environmental)
    • Risk – a function of the probability that a threat will attack a vulnerability and the resulting impact to the organization
  • PAAS’ FWA/HIPAA Compliance Program members can update their HIPAA Risk Analysis and complete Cybersecurity training on the PAAS Portal