WSJ logo
Forbes logo
Fox News logo
Bloomberg logo
Los Angeles Times logo
Washington Post logo
CNN logo
Telemundo logo
New York Times
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo

Medicare Pharmacy Audit Defense

Pharmacies that bill Medicare are subject to numerous laws and regulations. The U.S. Department of Health and Human Services (DHHS) audits pharmacies for Medicare Part D compliance, and CMS hires private contractors to conduct Medicare Part D audits as well.

Medicare Part D is an optional program that provides coverage for certain prescription drugs. For pharmacies, serving patients who are on Medicare drug plans can fill an important gap between serving patients who have private health insurance and serving those who are uninsured.

However, as with all federal healthcare benefit programs, billing Medicare Part D carries a substantial compliance burden, and pharmacies that fail to maintain strict adherence to the Medicare Part D rules and regulations can face steep penalties. In many cases, these penalties will arise as the result of audits conducted by the U.S. Department of Health and Human Services’ Office of Inspector General (DHHS-OIG) or by private contractors working for the Centers for Medicare and Medicaid Services (CMS).

What Does it Take for Pharmacies to Be Medicare-Compliant?

Given the complexities of Medicare compliance for pharmacies, what does it take for a pharmacy to establish compliance and avoid liability for recoupments and other penalties in the event of a Medicare Part D audit? As a baseline, CMS has published a series of Pharmacy Toolkits that pharmacies can use to begin to understand their compliance obligations. However, while CMS’s Pharmacy Toolkits are useful resources, they are far from sufficient on their own. In order to establish and maintain compliance with Medicare Part D, pharmacies must adopt comprehensive policies and procedures which are custom-tailored to their facilities, personnel, billing procedures, and general operations.

One document in CMS’s Pharmacy Toolkits in particular that provides some useful insights into the Medicaid Part D audit process is CMS’s 50-step self-auditing checklist. As the introduction to the checklist explains:

“The self-audit consists of 50 steps to help identify potential audit triggers in a pharmacy practice. The audit . . . is divided into four sections that can be used separately or together as appropriate to meet the needs of the pharmacy practice: prescribing practices, controlled substances management, invoice management, and billing practices. . . . Consider each step, answer the questions listed, and examine existing policies and procedures to identify any audit triggers related to [each of the four sections].”

Documentation to Establish (and Prove) Medicare Part D Compliance

In order to conduct CMS’s Medicare Part D “self-audit,” pharmacies must first collect several forms of documentation. Why is this necessary? Because in the event of a DHHS-OIG or Medicare contractor audit, these are the forms of documentation that will be requested in order to prove Medicare Part D compliance. Pharmacies that bill Medicare – whether directly or through a pharmacy benefit manager (PBM) – should have all of the following documentation readily available, and it must be up-to-date and fully implemented (as applicable) within the structure of an effective pharmacy compliance program:

  • Pharmacist, intern, and technician licenses
  • Pre-hire screening and background check materials
  • U.S. Drug Enforcement Administration (DEA) Forms 106 and 222
  • Reverse distributor records
  • Spare key logs
  • Security camera and surveillance maintenance logs
  • Controlled substance inventory records
  • Law enforcement or State pharmacy board alerts
  • Purchase records
  • Invoices
  • Claim transaction records
  • Signature logs

Crucially, this list is not exclusive—despite being recommended by CMS. For example, pharmacies must also have documented Medicare Part D compliance policies and procedures, and they must be prepared to demonstrate compliance with the Anti-Kickback Statute, Stark Law, Drug Supply Chain Security Act (DSCSA), electronic prescription regulations under the Controlled Substances Act (CSA), and other pertinent sources of federal authority. As audit defense counsel, we assist our pharmacy clients with ensuring that they have all of the necessary documentation on hand to produce in the event of a Medicare audit, and we assist with ensuring that our clients do not unnecessarily disclose potentially-harmful documentation as well.

Examples of Key Compliance Risks for Medicare-Participating Pharmacies

When facing a Medicare audit conducted by DHHS-OIG or a CMS audit contractor, there are several compliance risks of which pharmacies need to be aware. These risks can potentially lead to substantial liability exposure, and many of them are not readily-apparent—even to experienced pharmacy owners and pharmacists-in-charge.

For example, when we represent pharmacies in Medicare Part D audits, some of the key issues we examine proactively in order to protect our clients include:

1. Does the Pharmacy Have All Necessary Documentation on Hand?

As discussed above, documentation is crucial not only to establishing Medicare Part D compliance, but also to proving Medicare Part D compliance in the event of an audit. Due to the importance of having this documentation readily available, the inability to quickly produce any required records will often be viewed as a red flag for non-compliance.

2. Are There Any “Red Flags” for Prescription Drug Fraud or Opioid Diversion?

In addition to the inability to produce required documentation, there are a number of common “red flags” that can trigger closer scrutiny during a Medicare audit as well. Many of these have to do with prescription drug fraud and the high risk for opioid diversion. For example, accepting cash payments, regularly refilling prescriptions, regularly dispensing high-suspicion drugs, and dispensing known dangerous drug combinations are all practices that will be intensely examined during a Medicare audit.

3. Have Any Requisite Licenses or Registrations Lapsed (or Been Suspended or Revoked)?

While most pharmacies stay on top of their licensing and registration requirements, operating a pharmacy without a current license or DEA registration is an extremely serious matter that can have severe and immediate repercussions. If any of your pharmacy’s or pharmacists’ licenses or registrations are not up-to-date, this is an issue that you will need to proactively address as soon as possible.

4. Does the Pharmacy Have Documented Medicare Billing Compliance Procedures?

When conducting a Medicare audit, one of the first things auditors will want to examine is the pharmacy’s Medicare compliance program. If pharmacy personnel are unaware of the program’s location or existence, this will raise red flags for the auditors as well.

5. Does the Pharmacy Have Regular and Ongoing Contact with Prescribing Physicians?

In order to ensure the validity of prescriptions and to ensure that all drugs dispensed are medically-necessary (both of which are required for Medicare reimbursement eligibility), pharmacies must maintain regular and ongoing contact with their prescribing physicians. Again, these contacts will need to be clearly documented—and they will need to be documented in such a way that they remove any concerns (rather than raising additional concerns) about Medicare Part D compliance.

6. Does the Pharmacy Have a Higher-Than-Expected Inventory Error Rate?

Inventory error rates are another main focus for DHHS-OIG and CMS’s audit contractors. If a pharmacy’s inventory error rate is higher than is to be expected, then this too is going to raise additional questions that will need to be answered during the audit process.

7. Does the Pharmacy Have Financial Relationships with Prescribing Physicians?

Financial relationships with prescribing physicians are a concern for DHHS and CMS because they give rise to the possibility of Medicare being overbilled in order to pay financial incentives (or provide other forms of remuneration) for patient referrals. While there are legal ways to establish certain types of financial relationships between pharmacies and prescribing physicians, these relationships need to be structured very carefully in order to avoid Anti-Kickback Statute and Stark Law violations.

8. Does the Pharmacy Have Adequate Staff to Effectively Manage Medicare Compliance?

Inadequate staffing is a concern because it suggests that a pharmacy may not be devoting the necessary resources to ensure Medicare compliance and maintain quality control with respect to the drugs that are dispensed to patients. While this is largely a subjective inquiry, auditors will not hesitate to point to supposed staffing deficiencies in order to justify further inquiry or allegations of non-compliance.

9. Is the Pharmacy Fully Compliant with the Federal Electronic Prescription Rules?

Electronic prescription compliance is becoming an increasingly prevalent compliance concern for pharmacies. If a pharmacy fills an electronic prescription without using an appropriate application and without following all of the requisite procedures, this can lead to a recoupment request during a Medicare audit. 

10. Does the Pharmacy Have a History of Issues with Auditors or the DEA?

Finally, once your pharmacy runs into an issue during an audit or DEA inspection, it can be extremely difficult to shake a bad reputation. However, past mistakes are not indicative of current performance, and our federal pharmacy defense lawyers are skilled at protecting pharmacies by using their on-hand documentation to demonstrate their current good-faith compliance efforts.

What are the Risks in a Medicare Audit?

When facing a Medicare Part D audit, the risks can be significant. The audit itself can lead to recoupment demands, denial of pending claims, pre-payment review, and loss of Medicare eligibility. However, if DHHS-OIG (or another federal law enforcement agency) decides to launch an investigation based on the information uncovered during a Medicare pharmacy audit, then fines, treble damages, and even federal prison time can all be on the table.

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden



John W. Sellers
John W. Sellers

Former Senior Trial Attorney
U.S. Department of Justice

Local Counsel

Joanne Fine DeLena
Joanne Fine DeLena

Former Assistant U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney & Former District Attorney

Local Trial & Defense Counsel

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Aaron L. Wiley
Aaron L. Wiley

Former Federal Prosecutor

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (OIG)

Michael Koslow
Michael Koslow

Former Supervisory Special Agent (FBI)

Chris Quick
Chris Quick

Former Special Agent (FBI & IRS-CI)

Kevin M. Sheridan
Kevin M. Sheridan

Former Special Agent (FBI)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

Dennis A. Wichern
Dennis A. Wichern

Former Special Agent-in-Charge (DEA)

Speak with a Federal Pharmacy Defense Lawyer or Compliance Consultant at Oberheiden P.C.

At Oberheiden P.C., we have federal pharmacy defense lawyers and compliance consultants who are available to represent pharmacies during Medicare audits nationwide. If you have questions or concerns about a DHHS-OIG or Medicare contractor audit, call us at 888-680-1745 or request a free initial consultation online now.

Why Clients Trust Oberheiden P.C.

  • 1,000+ Cases Handled
  • Available Nights & Weekends
  • Experienced Trial Attorneys
  • Former Department of Justice Trial Attorneys
  • Former Federal Prosecutors, U.S. Attorney’s Office
  • Former Agents from FBI, OIG, DEA
  • Cases Handled in 48 States
Email Us Call: 888-680-1745