Key Compliance Elements for 340B Entities
- Program Eligibility and Oversight
- Maintaining an Accurate and Correct 340B Database
- Prevention of Diversion
- Prevention of Duplicate Discounts
- Contract Pharmacy Oversight
- Adherence to GPO Prohibition and Orphan Drug Exclusion
340B Internal Audit and Best Practices for each Compliance Element
The most important aspect of any Covered Entity’s 340B Program is the dedication of resources and the appropriate oversight. A compliant 340B program contains strong policies and procedures, processes, internal controls and a leadership team that ensures they are being followed. These policies, procedures, processes and internal controls should incorporate a robust internal auditing/self-monitoring component.
Through our experiences, we have identified key elements that should be incorporated into an organization’s policies and procedures, as well as the processes and internal controls should be identified within, and which members of your organization may be included in building an oversight team.
Policies and Procedures Manual
This is an evolving document that identifies the processes, personnel, and outline of every aspect of the 340B Program within your entity, including but not limited to:
- Registration/recertification process
- Process for determining eligible sites
- Inventory procurement process
- Prevention of GPO Prohibition/ Orphan Drug Exclusion (if applicable)
- Definition of covered outpatient drugs
- Oversight of contract pharmacies
- Process for tracking and accounting for all 340B drugs
- Process for prevention of diversion
- Maintenance and monitoring of 340B split-billing software
- Process for prevention of duplicate discounts
- Definition of a material breach threshold and self-disclosure process to HRSA and manufacturers, if necessary
- Self-audit and independent-audit program
- Continuing education for employees
The policies and procedures manual should serve as the primary guideline for your entity in managing 340B compliance. Processes should be detailed, policies should be definitive and not left open for interpretation, and self-audit plans should be simple and clear to follow. Most importantly, your entity’s policies and procedures document should be reviewed and updated on an annual basis (at minimum) or anytime a change in the 340B program occurs.
Included in the policies and procedures manual should be the identification of a 340B Compliance Oversight Team. Members of an Oversight Team could potentially include,
- 340B Program Director
- 340B Analysts
- Compliance Director
- Internal Audit Director
- CFO/Finance Leadership
- Pharmacy Leadership
- Internal/External Counsel
- Authorizing Official/Primary Contact on HRSA record (if not already identified)
The 340B Program demands compliance in multiple areas of your organization and across multiple levels of leadership. An organized 340B Compliance Oversight Team promotes transparency and understanding throughout an organization on the different roles each department may have to contribute towards compliance. It also allows for a centralized workgroup to perform self-audit reviews and make decisions on program changes.
The Oversight Team should be trained in 340B and in the processes employed by the Covered Entity to support the 340B program (replenishment/procurement, eligibility determination, knowledge of contracted partners (TPAs/PBMs, Contract Pharmacies, split-billing vendors, etc.).
Self-Audit / Self-Monitoring Plan:
The next primary piece of a compliant 340B program is the development of a robust self-auditing/ self-monitoring plan. An effective self-audit plan consists of annual and quarterly/monthly routine procedures that encompass all aspects of the 340B program at your covered entity.
A best-practice habit is to keep all information that will be needed for annual, monthly and/or quarterly internal audit/monitoring procedures identified and located in a common location. Certain information should be routinely backed up in a secure location as well. Additionally, processes for obtaining information should be documented and responsibility for gathering/obtaining required information should be assigned to relevant personnel. Information that should be easily located and readily available may include:
- Covered Entity Policies and Procedures
- Contracts between Covered Entity and Contract Pharmacies, TPAs/PBMs, split billing software vendors
- Current Medicare Cost Reports
- Copies of contracts with state/local governments
- Detail of state Medicaid BIN/PCN identifiers (FFS and MCO)
- Detail of relevant Medicaid IDs for parent and child sites
- Detail of NPI numbers for parent and child sites
- Detail of eligible providers – including name, NPI, State DEA, specialty/practice area, location, etc.
- Reference/detail describing process to obtain relevant contractual documentation between providers and Covered Entity
- Detail of all locations – eligible child sites and ineligible sites – including addresses, corresponding HRSA IDs, mapping to MCR
- Identification of wholesalers employed, along with account identifiers
- Inventory/accumulator information
These documents should be the source of information needed to conduct the annual and quarterly/ monthly self-audit procedures to ensure 340B compliance at your covered entity. The Policies and Procedures should identify the specific processes to be employed through the internal audit, and specific process documents should be drafted to identify the procedures to be performed. In addition to the specific procedures to be performed, the internal audit processes should identify:
- Information required for specific tests being performed
- How/where to obtain required information
- Define a frequency and time period for the processes (monthly, quarterly, semi-annually, annually)
- Define desired or expected outcomes/results of test being performed
- Defined follow-up or expansion of tests/procedures if outcomes deviate from desired or expected outcomes
- Define materiality threshold(s) for self-reporting
Annual Internal Audit Procedures
1. Processes for registration and recertification
a. Are Authorizing Official and Primary Contact up to date and listed appropriately?
2. Processes for determining eligibility of parent/child sites
a. How is site eligibility determined?
b. Are all active sites still eligible?
c. Are all off-site locations receiving 340B drug registered on the database?
d. Is each child site listed as reimbursable on Medicare Cost Report?
3. Process for determining eligibility of contract pharmacies
a. How is site eligibility determined?
b. Are all active contract pharmacies still eligible?
c. Are all contract pharmacy relationships identified and active on the database?
d. Were any dispensations made prior to eligible start date?
4. Medicaid Carve-in status
a. Does your entity bill Medicaid for drugs purchased at 340B pricing?
b. Are all Medicaid NPI numbers used to carve-in correctly listed in the Medicaid Exclusion File?
5. Entity Eligibility
a. Validate/confirm Disproportionate Share Percentage on Medicare Cost Report
b. Validate/confirm 330 grantee status or FQHC-LA designation
c. Validate contracts/agreements with state and local governments
6. Detailed Review of Policies and Procedures including,
a. Processes for preventing patient diversion
i. Patient eligibility
ii. Defining outpatient status
b. Prescriber eligibility
c. Referral Rx prescription and processes
d. Refill/encounter policies
e. Identification of key program personnel and responsibilities
f. Procurement and inventory processes in place
i. Identify wholesalers and accounts – on-site and contract pharmacies
g. Detail of inventory processes – replenishment, virtual, manual, use and monitoring of accumulators, inventory reconciliations
h. Personnel authorized to purchase on 340B accounts
i. Requirement for 11-digit NDC replenishment
j. CDM to NDC crosswalk
k. Detail of split-billing software and monitoring activities – in-house and contract pharmacy
l. Detail regarding EMR employed
i. Identification of TPAs/PBMs employed – to include description of the flow of information between EMR and TPAs/PBMs
m. Policy/processes for adherence to GPO prohibition (where applicable)
n. Confirm/identify WAC accounts
o. Medicaid Carve-in status
i. Whether Covered Entity carves in or carves out
ii. If carve-out, describe processes employed to prevent the use of 340B drugs
iii. If carve-in: List all Medicaid NPI numbers used to carve-in on the Medicaid Exclusion File
p. State specific processes for treatment/billing of Medicaid claims
q. Processes employed for adherence to billing of Medicaid claims
r. Process in place to review/update Medicaid FFS/MCO BIN/PCN identifiers at least annually
s. 340B Program training/continuing education policies/requirements
t. Establishment and definition of material breach
u. Processes for self-reporting in the event of material breaches or reportable events.
v. Processes for quantification of benefit of 340B savings, and how these savings are being put to use to improve/extend patient care
7. Contract Pharmacy Review (Contract Pharmacy Oversight)
a. Processes in place for carve-in/carve-out of contract pharmacies
i. Process in place to communicate BIN/PCN identifiers to PBMs/TPAs/Contract pharmacies
b. For child sites utilizing contract pharmacies, ensure that the contracts either identify the specific sites or indicate all registered child sites may use the contract pharmacy(ies).
8. Performance of an independent external audit to assess compliance, review policies and procedures and identify areas of weakness/improvement
a. Include review of contract pharmacies
b. Detailed analysis of inventory – reconcile purchases to utilization, incorporating accumulators
c. Provide detailed reporting to internal leadership/stakeholders, to include plans for remediation and/or improvements
d. Ideally select an organization that is not currently providing other 340B services to the Covered Entity (TPA/split-billing provider) – allows for a fresh set of eyes
e. Should be independent of the organization, have knowledge and experience with the 340B program and be willing to provide support before and after an engagement
f. Fee should be representative of the size of the organization and the 340B activity
Quarterly/Monthly Internal Audit Procedures
1. Eligible provider testing – ideally monthly (Prevention of Diversion)
a. Review and update eligible provider listing
b. Maintain eligible provider detail in an electronic (ideally Excel) format
c. Summarize dispensations/approved claims for all sources (in-house pharmacies, contract pharmacies, mixed-use, etc) by provider/NPI and compare this to the eligible provider detail, highlighting any exceptions
d. Ensure that changes to provider file are reflected in the dispensation data
i. No new prescriptions from physicians removed from eligibility
ii. No approved 340B prescriptions prior to provider eligibility date
e. Investigate exceptions – if referral Rxs are captured, ensure that appropriate documentation is retained supporting referral and that referral conforms to your Covered Entity’s policy
2. Medicaid duplicate discount testing – ideally monthly (prevention of Duplicate Discounts)
a. Nature of testing dependent on carve-in/carve-out status
b. For carve-out facilities,
i. Summarize dispensation detail for all sources by BIN/PCN and compare this to the detail of Medicaid BIN/PCN identifiers – if any matches, research reason for 340B treatment and begin appropriate steps towards remediation
c. For carve-in facilities,
i. Select a sample of claims (15-20) that have been billed to Medicaid FFS/MCO and ensure that billing procedures unique to your state are followed and any identifiers/modifiers are appropriately included
3. Inventory reconciliation/analysis – ideally monthly (Prevention of Diversion)
a. May also address GPO prohibition and/or orphan drug adherence, dependent on entity type (GPO Prohibition and Orphan Drug Exclusion)
b. Can be used in virtual and physical inventory settings, and should incorporate all pharmacies – in-house retail, mixed use, contract pharmacies, etc.
c. Obtain purchase detail for all 340B accounts inclusive of the following elements,
i. Date of order
ii. Date of purchase
iii. Invoice number
v. Product description
vii. 340B price
viii. Package size
ix. Account number
x. Bill-to location
xi. Ship-to location
xii. WAC/AWP price
d. Obtain corresponding accumulators and beginning/ending inventory detail (if applicable) inclusive of the following elements,
i. Prescription number (Rx number)
ii. Date of dispensation
iii. Refill number
iv. Date of Rx
v. Patient identifier
vi. Location of dispensation
vii. Location of origination
ix. Product description
x. Quantity dispensed
xi. Package size
xii. CDM (where applicable)
xiii. Patient status/type (where applicable)
xv. Reimbursement (where applicable)
xvi. Dispense fee (where applicable)
xvii. BIN/PCN identifier
e. Based on purchase volumes, select 10-20 NDCs for reconciliation – typically a mixture of high volume drugs and high value drugs – for material purchase accounts. Summarize purchase detail for the period being reviewed
f. Upon selecting the NDCs, use the corresponding dispensation detail to summarize dispensations for the period of review and compare to the purchase detail
i. Different NDCs can be used during each reconciliation
g. Where applicable, incorporate accumulator and/or beginning and ending inventory information – investigate any variances noted in the inventory reconciliation.
h. Other things to consider (where applicable):
i. Accumulator reviews,
1. Matching of NDCs and quantities for accumulations
2. Matching of NDC dispensed/billed to accumulations
3. Matching of NDC ordered and received to accumulations
4. Review of accumulator for negative accumulations – investigate/assess nature of negative accumulation and if it is necessary to work with wholesaler for credit/rebill or returns
ii. GPO Prohibition analysis, (GPO Prohibition)
1. Summarize purchases through GPO account and reconcile a sample of NDCs to the corresponding inpatient usage detail.
2. Summarize purchases through WAC account(s)
3. Review GPO/WAC accumulators match NDC/quantities to purchases and dispensations
iii. Orphan Drug status, (Orphan Drug Exclusion)
1. If necessary, work with wholesaler(s), TPA(s) and HRSA to obtain/compile an orphan drug listing by NDC
2. Review purchases to ensure that Orphan Drugs have not been purchased on the 340B account
4. Detailed testing of 340B dispensations/claims – monthly or quarterly (Prevention of Diversion)
a. Obtain dispensation data from all 340B sources – (in-house, retail, contract pharmacies, etc.), and select samples from each of the sources
i. Sample sizes can vary, dependent on volume, product mix, perceived risk, etc.
b. For the claims sampled confirm the following,
i. CE maintains record of patient care
ii. Patient was eligible – outpatient status
iii. Care provided by an eligible provider
iv. Patient received care within the scope of grant (for CHCs)
v. Patient received care from a valid Covered Entity location
vi. Prescription (original prescription) corresponds to a patient encounter or otherwise documented in EMR
vii. If a refill, does the patient have an encounter within a specified time period that conforms to policies and procedures (ex, 1-year window)
viii. Patient coverage corresponds to Covered Entity’s Medicaid carve-in status
1. If entity carves out, Medicaid is not primary coverage
2. If entity carves in, and patient is covered by Medicaid transactions should be traced to billing to ensure adherence to state specific rules
Review and Reporting
Many of the monthly/quarterly internal audit processes can be performed concurrently by selecting a sample of claims from all 340B sources, incorporating analysis of 340B purchases, review of Medicaid BIN/PCN, eligible providers, etc. This sample of claims can be the basis for the inventory reconciliation procedures, eligible provider testing, duplicate discount testing and patient eligibility/diversion testing.
This audit outline should serve as the baseline for your self-audit plan and program optimization. Next-level analysis of your 340B program can be done in conjunction with your audit-plan and can include,
a) Minimizing WAC expense
b) Identifying Contract Pharmacy and TPA relationship “profit” margins
c) Quantifying operational weaknesses within your organization
d) Identifying growth and opportunity for 340B Program expansion across your organization
Upon concluding the elements of your audit plan the next steps are reporting the results to the Compliance Oversight Team and recording the audit information in an easily retrievable location such as a summary dashboard or an individual audit summary report.
Depending on the outcome of the audit it may be necessary to remediate and/or self-report any non-compliance. These decisions should be able to be made by the Compliance Oversight Team based on the material breach threshold identified in your Policies and Procedures document. Most importantly, all Covered Entity stakeholders should be kept “in the loop” on the performance of the 340B program.
Following this outline that includes, having stated policies and procedures, a detailed self-audit plan at both the annual and monthly/quarterly level and an engaged compliance oversight team will greatly reduce the risk of a finding during an audit from HRSA. Maintaining a compliant 340B program that includes participation from multiple members of your organization will help to optimize the benefits of the 340B program for your organization including your ability to spread scarce resources further throughout your patient population.
For more information about the 340B Compliance Playbook and how to implement the above outline, please contact us today!