Pharmacy Audits: What Any Pharmacy Owner or Manager Needs to Know
Say you’re a pharmacy owner or manager who has just been notified that your company will be audited—you’re likely not having a good day. An audit is a formal review of claims and processes to ensure pharmacy procedures are consistent with regulatory and contractual agreements. As much as you’d like to sweep this event under the rug, the reality is that this is a significant event in your professional life that will absolutely affect your company’s financial standing. The audit may even affect your personal financial position.
In today’s environment of media scrutiny, government oversight, and computerization, it is safe to assume that your pharmacy will eventually be the subject of a pharmacy compliance audit. What you do and the decisions you make surrounding the audit will impact the quality of your life and the viability of your business model.
As a trained pharmacist, you are highly educated; you are an expert in biology, chemistry, and human anatomy, among other complex subject matter. But you have not been trained as an auditor. The potential ramifications of this audit can include administrative, civil, and even criminal repercussions for you and your corporation. Like it or not, you will quickly be in over your head if you attempt to address the audit alone. You need help navigating the tricky terrain you will be required to traverse in the coming months.
Protect Your Pharmacy with Written Guidelines
The Oberheiden P.C. team recommends establishing an employee policy and procedures handbook that contains recommendations for industry best practices. This tool is designed to protect the interest of and provide for the corporation’s due diligence practices by identifying those areas typically examined during the audit process.
The employee handbook acts as the guiding light for each employee’s behaviors and duties within the pharmacy environment. Each employee should be required to read the employee handbook and sign off on their understanding of the pharmacy’s written standards of operation and willingness to work within the compliance standards of operation.
Types of Audits
The first issue for the pharmacy owner/manager is identifying exactly what type of audit you are facing. Pharmacy audits generally come in three distinct flavors, each with its own set of obstacles and pitfalls. These audit types can be identified as:
- Pharmacy Benefit Managers (PBMs): Every pharmacy that is a contract provider of prescription services is subject to a clause in its provider agreement that allows an audit of the pharmacy’s records, including written prescriptions, signature logs, digital records of refills, and records of invoices.
- Drug Enforcement Administration (DEA) and the various state Boards of Pharmacy.
- HRSA 340B Compliance Audits.
Pharmacy Benefit Managers (PBMs) and Pharmacy Auditing
Pharmacies must interact with large PBMs on a regular basis, so it’s important to carefully review all contracts and agreements with the PBMs. In some cases, the reviewer may find terms that should be negotiated before the contract is signed.
For an independent pharmacy owner, a PBM audit can be one of the most expensive and stressful obstacles for your business. Consider choosing a specific employee who will be in charge of accessing any requested information during the day of the audit. The designated person should be a pharmacist or officer of the pharmacy and should have no distractions while the audit is being conducted.
Before a PBM requires an audit, pharmacies must be ready. A prepared pharmacy will already be in compliance with any contracts, making the audit process go smoothly. For easy access, all agreements, contracts, and policy manuals should be kept in one location. Any related documents should be thoroughly reviewed to ensure the pharmacy is in compliance; any questions about an agreement with the PBM should be asked and answered in writing.
A PBM will usually send a pharmacy a letter indicating when the audit is scheduled. Once the letter is received, the pharmacy needs to get ready for the audit. Individuals involved in the audit should review agreement and policy manuals to determine the exact rights the auditor has. A pharmacy representative should also contact the auditor to learn essential information, such as when the audit will occur, how long it will last, what kind of audit it will be, why the audit is being conducted, and what procedures will be used. Any information can help the pharmacy prepare for the audit.
While the auditor can ask for specific files, they should not have free access to the pharmacy and its records. Any copies made for the auditor should be duplicated for the audit file. Employees should not answer any questions posed by the auditor, and they should only send questions to the pharmacy representative. The auditor’s concerns and questions should be written down by the representative.
Regulatory Agency Audits
Regulatory agency audits conducted by the DEA and the various state Boards of Pharmacy are particularly tricky for the pharmacist to safely navigate alone. These are the types of audits that can result in criminal indictments. DEA audits can also result in a request for voluntary surrender of a pharmacist’s DEA license—a pharmacist should always resist the “generous offer” made by DEA auditors/investigators to self-surrender their license until having the opportunity to consult with their lawyer. Additionally, one must never lose sight of the auditor’s use of the prescription monitoring program (PMP). This is a program designed to prevent doctor shopping, which gives a patient the opportunity to obtain multiple prescriptions for the same ailment, by tracking a patient’s prescription issuance via database query.
Health & Human Services, HRSA 340B Compliance Audit
In an HRSA 340B Compliance Audit, a pre-audit begins the process. In a pre-audit:
- Covered entities selected for audit will receive a letter that explains what to expect and how to prepare
- Auditors have a teleconference with the entity to request specific documents, such as policies, procedures, and internal controls
- Auditors schedule an opening meeting with key entity management to discuss expectations for the onsite audit
Next is the onsite audit. In this part of the audit, auditors:
- Acquire and review 340B program data and internal controls.
- Go over relevant policies and procedures and see how they are operationalized
- Verify eligibility, including GPO and outpatient clinic eligibility
- Verify internal controls to prevent diversion and duplicate discounts, including how the covered entity defines whether a patient is considered inpatient or outpatient, HRSA Medicaid Exclusion File designations, and accuracy of covered entity’s 340B OPAIS record
- Review compliance of the 340B program at covered entity, outpatient or associated facilities, and contract pharmacies
- Test 340B drug transaction records on a sample basis
Auditors collect facts throughout the audit, but they are not authorized to summarize their findings to the entity. Their report will contain the facts as they understand them and must undergo OPA review. Any statements made by the auditor during the audit are not considered final.
If a re-audit of a covered entity identifies the same exact finding of noncompliance, the entity may have to undergo additional audits. A finding of noncompliance with the diversion prohibition in two or more audits can be considered systematic, egregious, knowing, and intentional, which may result in the covered entity being removed from the 340B Program in accordance with section 340B(d)(2)(B)(v) of the Public Health Service Act.
Topics Covered & Documents Required
Topics that are routinely covered in pharmacy compliance audits include:
- Invoice preparation accuracy
- Compliance with formulary requirements
- Assuring that special inventory controls exist for government-mandated discount programs
- Correct administration of a benefit plan
- Assuring that rebates and risk-sharing provisions in a benefit plan are working properly
- Controlled substance purchasing and dispensing
- Compliance with contractual requirements for point of dispensing programs
- Claim accuracy, which includes quantity, dispensing date, dispensing intervals, and prescriber information
- Suspicion of fraud and abuse
- Product selection criteria for generic versus brand utilization
Pharmacies need to know what types of documentation an auditor may request. The documents typically reviewed by an auditor may include:
- Hard-copy prescriptions
- Digital dispensing records
- Physician records to support prescription records
- Purchase records and invoices
- Policies and procedures manual
- Patient signature logs
- Financial records
- Communications logs
- Provider payment record
- Quality control plans
- Clients and membership eligibility records and contract
Speak with a Pharmacy Compliance Lawyer at Oberheiden P.C.
If your pharmacy is the subject of an audit, you need an experienced attorney to guide you through the process. To speak with a pharmacy and compliance defense lawyer, call the Oberheiden P.C. team at 888-680-1745 or request a free case assessment online now.