EFPR Group, LLP

For over 60 years, our knowledgeable and experienced team of CPAs and business consultants have been serving individuals and businesses in Western New York and around the nation.

  • EFPR Group, LLP was founded on the principle of improving the lives of our clients by providing superior guidance, extraordinary service and creative solutions.

    Visit EFPRgroup.com

340B Compliance Playbook

Home > Library > Compliance Auditing > 340B Compliance Playbook

New call-to-action

Key Compliance Elements for 340B Entities

  1. Program Eligibility and Oversight
  2. Maintaining an Accurate and Correct 340B Database
  3. Prevention of Diversion
  4. Prevention of Duplicate Discounts
  5. Contract Pharmacy Oversight
  6. Adherence to GPO Prohibition and Orphan Drug Exclusion

340B Internal Audit and Best Practices for each Compliance Element

The most important aspect of any Covered Entity’s 340B Program is the dedication of resources and the appropriate oversight. A compliant 340B program contains strong policies and procedures, processes, internal controls and a leadership team that ensures they are being followed. These policies, procedures, processes and internal controls should incorporate a robust internal auditing/self-monitoring component.

Through our experiences, we have identified key elements that should be incorporated into an organization’s policies and procedures, as well as the processes and internal controls should be identified within, and which members of your organization may be included in building an oversight team.

Policies and Procedures Manual

This is an evolving document that identifies the processes, personnel, and outline of every aspect of the 340B Program within your entity, including but not limited to:

  1. Registration/recertification process
  2. Process for determining eligible sites
  3. Inventory procurement process
  4. Prevention of GPO Prohibition/ Orphan Drug Exclusion (if applicable)
  5. Definition of covered outpatient drugs
  6. Oversight of contract pharmacies
  7. Process for tracking and accounting for all 340B drugs
  8. Process for prevention of diversion
  9. Maintenance and monitoring of 340B split-billing software
  10. Process for prevention of duplicate discounts
  11. Definition of a material breach threshold and self-disclosure process to HRSA and manufacturers, if necessary
  12. Self-audit and independent-audit program
  13. Continuing education for employees

The policies and procedures manual should serve as the primary guideline for your entity in managing 340B compliance. Processes should be detailed, policies should be definitive and not left open for interpretation, and self-audit plans should be simple and clear to follow. Most importantly, your entity’s policies and procedures document should be reviewed and updated on an annual basis (at minimum) or anytime a change in the 340B program occurs.

Included in the policies and procedures manual should be the identification of a 340B Compliance Oversight Team. Members of an Oversight Team could potentially include,

  1. 340B Program Director
  2. 340B Analysts
  3. Compliance Director
  4. Internal Audit Director
  5. CFO/Finance Leadership
  6. Pharmacy Leadership
  7. Internal/External Counsel
  8. Authorizing Official/Primary Contact on HRSA record (if not already identified)

The 340B Program demands compliance in multiple areas of your organization and across multiple levels of leadership. An organized 340B Compliance Oversight Team promotes transparency and understanding throughout an organization on the different roles each department may have to contribute towards compliance. It also allows for a centralized workgroup to perform self-audit reviews and make decisions on program changes.

The Oversight Team should be trained in 340B and in the processes employed by the Covered Entity to support the 340B program (replenishment/procurement, eligibility determination, knowledge of contracted partners (TPAs/PBMs, Contract Pharmacies, split-billing vendors, etc.).

Self-Audit / Self-Monitoring Plan:

The next primary piece of a compliant 340B program is the development of a robust self-auditing/ self-monitoring plan. An effective self-audit plan consists of annual and quarterly/monthly routine procedures that encompass all aspects of the 340B program at your covered entity.

A best-practice habit is to keep all information that will be needed for annual, monthly and/or quarterly internal audit/monitoring procedures identified and located in a common location. Certain information should be routinely backed up in a secure location as well. Additionally, processes for obtaining information should be documented and responsibility for gathering/obtaining required information should be assigned to relevant personnel. Information that should be easily located and readily available may include:

  1. Covered Entity Policies and Procedures
  2. Contracts between Covered Entity and Contract Pharmacies, TPAs/PBMs, split billing software vendors
  3. Current Medicare Cost Reports
  4. Copies of contracts with state/local governments
  5. Detail of state Medicaid BIN/PCN identifiers (FFS and MCO)
  6. Detail of relevant Medicaid IDs for parent and child sites
  7. Detail of NPI numbers for parent and child sites
  8. Detail of eligible providers – including name, NPI, State DEA, specialty/practice area, location, etc.
  9. Reference/detail describing process to obtain relevant contractual documentation between providers and Covered Entity
  10. Detail of all locations – eligible child sites and ineligible sites – including addresses, corresponding HRSA IDs, mapping to MCR
  11. Identification of wholesalers employed, along with account identifiers
  12. Inventory/accumulator information

These documents should be the source of information needed to conduct the annual and quarterly/ monthly self-audit procedures to ensure 340B compliance at your covered entity. The Policies and Procedures should identify the specific processes to be employed through the internal audit, and specific process documents should be drafted to identify the procedures to be performed. In addition to the specific procedures to be performed, the internal audit processes should identify:

  1. Information required for specific tests being performed
  2. How/where to obtain required information
  3. Define a frequency and time period for the processes (monthly, quarterly, semi-annually, annually)
  4. Define desired or expected outcomes/results of test being performed
  5. Defined follow-up or expansion of tests/procedures if outcomes deviate from desired or expected outcomes
  6. Define materiality threshold(s) for self-reporting

Annual Internal Audit Procedures

1. Processes for registration and recertification

a. Are Authorizing Official and Primary Contact up to date and listed appropriately?

2. Processes for determining eligibility of parent/child sites

a. How is site eligibility determined?
b. Are all active sites still eligible?
c. Are all off-site locations receiving 340B drug registered on the database?
d. Is each child site listed as reimbursable on Medicare Cost Report?

3. Process for determining eligibility of contract pharmacies

a. How is site eligibility determined?
b. Are all active contract pharmacies still eligible?
c. Are all contract pharmacy relationships identified and active on the database?
d. Were any dispensations made prior to eligible start date?

4. Medicaid Carve-in status

a. Does your entity bill Medicaid for drugs purchased at 340B pricing?
b. Are all Medicaid NPI numbers used to carve-in correctly listed in the Medicaid Exclusion File?

5. Entity Eligibility

a. Validate/confirm Disproportionate Share Percentage on Medicare Cost Report

i. (DSH/PED/CAN/RRC/SCH)

b. Validate/confirm 330 grantee status or FQHC-LA designation

i. CHC

c. Validate contracts/agreements with state and local governments

6. Detailed Review of Policies and Procedures including,

a. Processes for preventing patient diversion

i. Patient eligibility

ii. Defining outpatient status

b. Prescriber eligibility

c. Referral Rx prescription and processes

d. Refill/encounter policies

e. Identification of key program personnel and responsibilities

f. Procurement and inventory processes in place

i. Identify wholesalers and accounts – on-site and contract pharmacies

g. Detail of inventory processes – replenishment, virtual, manual, use and monitoring of accumulators, inventory reconciliations

h. Personnel authorized to purchase on 340B accounts

i. Requirement for 11-digit NDC replenishment

j. CDM to NDC crosswalk

k. Detail of split-billing software and monitoring activities – in-house and contract pharmacy

l. Detail regarding EMR employed

i. Identification of TPAs/PBMs employed – to include description of the flow of information between EMR and TPAs/PBMs

m. Policy/processes for adherence to GPO prohibition (where applicable)

n. Confirm/identify WAC accounts

o. Medicaid Carve-in status

i. Whether Covered Entity carves in or carves out

ii. If carve-out, describe processes employed to prevent the use of 340B drugs

iii. If carve-in: List all Medicaid NPI numbers used to carve-in on the Medicaid Exclusion File

p. State specific processes for treatment/billing of Medicaid claims

q. Processes employed for adherence to billing of Medicaid claims

r. Process in place to review/update Medicaid FFS/MCO BIN/PCN identifiers at least annually

s. 340B Program training/continuing education policies/requirements

t. Establishment and definition of material breach

u. Processes for self-reporting in the event of material breaches or reportable events.

v. Processes for quantification of benefit of 340B savings, and how these savings are being put to use to improve/extend patient care

7. Contract Pharmacy Review (Contract Pharmacy Oversight)

a. Processes in place for carve-in/carve-out of contract pharmacies

i. Process in place to communicate BIN/PCN identifiers to PBMs/TPAs/Contract pharmacies

b. For child sites utilizing contract pharmacies, ensure that the contracts either identify the specific sites or indicate all registered child sites may use the contract pharmacy(ies).

8. Performance of an independent external audit to assess compliance, review policies and procedures and identify areas of weakness/improvement

a. Include review of contract pharmacies

b. Detailed analysis of inventory – reconcile purchases to utilization, incorporating accumulators

c. Provide detailed reporting to internal leadership/stakeholders, to include plans for remediation and/or improvements

d. Ideally select an organization that is not currently providing other 340B services to the Covered Entity (TPA/split-billing provider) – allows for a fresh set of eyes

e. Should be independent of the organization, have knowledge and experience with the 340B program and be willing to provide support before and after an engagement

f. Fee should be representative of the size of the organization and the 340B activity

Quarterly/Monthly Internal Audit Procedures

1. Eligible provider testing – ideally monthly (Prevention of Diversion)

a. Review and update eligible provider listing

b. Maintain eligible provider detail in an electronic (ideally Excel) format

c. Summarize dispensations/approved claims for all sources (in-house pharmacies, contract pharmacies, mixed-use, etc) by provider/NPI and compare this to the eligible provider detail, highlighting any exceptions

d. Ensure that changes to provider file are reflected in the dispensation data

i. No new prescriptions from physicians removed from eligibility

ii. No approved 340B prescriptions prior to provider eligibility date

e. Investigate exceptions – if referral Rxs are captured, ensure that appropriate documentation is retained supporting referral and that referral conforms to your Covered Entity’s policy

2. Medicaid duplicate discount testing – ideally monthly (prevention of Duplicate Discounts)

a. Nature of testing dependent on carve-in/carve-out status

b. For carve-out facilities,

i. Summarize dispensation detail for all sources by BIN/PCN and compare this to the detail of Medicaid BIN/PCN identifiers – if any matches, research reason for 340B treatment and begin appropriate steps towards remediation

c. For carve-in facilities,

i. Select a sample of claims (15-20) that have been billed to Medicaid FFS/MCO and ensure that billing procedures unique to your state are followed and any identifiers/modifiers are appropriately included

3. Inventory reconciliation/analysis – ideally monthly (Prevention of Diversion)

a. May also address GPO prohibition and/or orphan drug adherence, dependent on entity type (GPO Prohibition and Orphan Drug Exclusion)

b. Can be used in virtual and physical inventory settings, and should incorporate all pharmacies – in-house retail, mixed use, contract pharmacies, etc.

c. Obtain purchase detail for all 340B accounts inclusive of the following elements,

i. Date of order

ii. Date of purchase

iii. Invoice number

iv. NDC

v. Product description

vi. Quantity

vii. 340B price

viii. Package size

ix. Account number

x. Bill-to location

xi. Ship-to location

xii. WAC/AWP price

d. Obtain corresponding accumulators and beginning/ending inventory detail (if applicable) inclusive of the following elements,

i. Prescription number (Rx number)

ii. Date of dispensation

iii. Refill number

iv. Date of Rx

v. Patient identifier

vi. Location of dispensation

vii. Location of origination

viii. NDC

ix. Product description

x. Quantity dispensed

xi. Package size

xii. CDM (where applicable)

xiii. Patient status/type (where applicable)

xiv. Prescriber/NPI

xv. Reimbursement (where applicable)

xvi. Dispense fee (where applicable)

xvii. BIN/PCN identifier

e. Based on purchase volumes, select 10-20 NDCs for reconciliation – typically a mixture of high volume drugs and high value drugs – for material purchase accounts. Summarize purchase detail for the period being reviewed

f. Upon selecting the NDCs, use the corresponding dispensation detail to summarize dispensations for the period of review and compare to the purchase detail

i. Different NDCs can be used during each reconciliation

g. Where applicable, incorporate accumulator and/or beginning and ending inventory information – investigate any variances noted in the inventory reconciliation.

h. Other things to consider (where applicable):

i. Accumulator reviews,

1. Matching of NDCs and quantities for accumulations

2. Matching of NDC dispensed/billed to accumulations

3. Matching of NDC ordered and received to accumulations

4. Review of accumulator for negative accumulations – investigate/assess nature of negative accumulation and if it is necessary to work with wholesaler for credit/rebill or returns

ii. GPO Prohibition analysis, (GPO Prohibition)

1. Summarize purchases through GPO account and reconcile a sample of NDCs to the corresponding inpatient usage detail.

2. Summarize purchases through WAC account(s)

3. Review GPO/WAC accumulators match NDC/quantities to purchases and dispensations

iii. Orphan Drug status, (Orphan Drug Exclusion)

1. If necessary, work with wholesaler(s), TPA(s) and HRSA to obtain/compile an orphan drug listing by NDC

2. Review purchases to ensure that Orphan Drugs have not been purchased on the 340B account

4. Detailed testing of 340B dispensations/claims – monthly or quarterly (Prevention of Diversion)

a. Obtain dispensation data from all 340B sources – (in-house, retail, contract pharmacies, etc.), and select samples from each of the sources

i. Sample sizes can vary, dependent on volume, product mix, perceived risk, etc.

b. For the claims sampled confirm the following,

i. CE maintains record of patient care

ii. Patient was eligible – outpatient status

iii. Care provided by an eligible provider

iv. Patient received care within the scope of grant (for CHCs)

v. Patient received care from a valid Covered Entity location

vi. Prescription (original prescription) corresponds to a patient encounter or otherwise documented in EMR

vii. If a refill, does the patient have an encounter within a specified time period that conforms to policies and procedures (ex, 1-year window)

viii. Patient coverage corresponds to Covered Entity’s Medicaid carve-in status

1. If entity carves out, Medicaid is not primary coverage

2. If entity carves in, and patient is covered by Medicaid transactions should be traced to billing to ensure adherence to state specific rules

Review and Reporting

Many of the monthly/quarterly internal audit processes can be performed concurrently by selecting a sample of claims from all 340B sources, incorporating analysis of 340B purchases, review of Medicaid BIN/PCN, eligible providers, etc. This sample of claims can be the basis for the inventory reconciliation procedures, eligible provider testing, duplicate discount testing and patient eligibility/diversion testing.

This audit outline should serve as the baseline for your self-audit plan and program optimization. Next-level analysis of your 340B program can be done in conjunction with your audit-plan and can include,

a) Minimizing WAC expense
b) Identifying Contract Pharmacy and TPA relationship “profit” margins
c) Quantifying operational weaknesses within your organization
d) Identifying growth and opportunity for 340B Program expansion across your organization

Upon concluding the elements of your audit plan the next steps are reporting the results to the Compliance Oversight Team and recording the audit information in an easily retrievable location such as a summary dashboard or an individual audit summary report.

Depending on the outcome of the audit it may be necessary to remediate and/or self-report any non-compliance. These decisions should be able to be made by the Compliance Oversight Team based on the material breach threshold identified in your Policies and Procedures document. Most importantly, all Covered Entity stakeholders should be kept “in the loop” on the performance of the 340B program.

Following this outline that includes, having stated policies and procedures, a detailed self-audit plan at both the annual and monthly/quarterly level and an engaged compliance oversight team will greatly reduce the risk of a finding during an audit from HRSA. Maintaining a compliant 340B program that includes participation from multiple members of your organization will help to optimize the benefits of the 340B program for your organization including your ability to spread scarce resources further throughout your patient population.

For more information about the 340B Compliance Playbook and how to implement the above outline, please contact us today!

Call us today

585.295.0550

585.295.0550 Toll-Free 888-247-9764 100 South Clinton Avenue, Suite 1500 Rochester, NY 14604

Additional offices in New York and Florida.

©2024 EFPR Group. All rights reserved. Privacy Policy.