340B Audit: Building a Self-Audit Program

The 340B program launched in 1992 to “stretch scarce fed- eral resources” in order for participating entities to increase accessibility to care (eg, medications, clinical services, etc) for patients.¹ Since 2012, Health Resources & Services Administration (HRSA) has prioritized audits of covered entities as a part of its oversight of the program’s integrity. These audits have been ramping up, with the number of audits completed and the level of review increasing to what we see today.

For the past 5 years, based on HRSA audit findings posted on the HRSA website, the percentage of covered entities with at least 1 finding has averaged 73% (table 1²), with findings ranging from incorrect 340B database records to diversion to duplicated discount to group purchase organization (GPO) prohibition violations.² These findings fall in line with violations of the 340B Program requirements (table 2³). With the commencement of the Bizzell Group as contracted auditors, it will be interesting to see how trends in audit findings transform over the next few years.

TABLE 1. HRSA AUDIT TRENDS²

Audit Fiscal Year

% No Adverse Findings

% Adverse Findings

2016

34%

66%

2015

22%

78%

2014

19%

81%

2013

22%

78%

2012

37%

63%

TABLE 2. 340B PROGRAM REQUIREMENTS³

• Keep 340B database information accurate

• Recertify eligibility each year

• Prevent diversion to ineligible patients

• Prohibit duplicate discounts

• Maintain auditable records

• Undergo HRSA and manufacturer audits

The best way to recognize the level of compliance of your program and identify systemic compliance issues or risks is to conduct routine self-audits. Based on the makeup and intricacies of your covered entity, the frequency and depth of audits may vary. HRSA’s website provides a listing of all audit results, which is a helpful resource for covered entities to indentify the types of issues that arise at other organizations. These audit results can then help covered entities identify what to look out for in self-audits. Apexus also offers several self-audit tools for covered entities, including disproportionate share hospitals (DSHs), children’s hospitals, freestanding cancer hospitals, community health centers, rural hospitals, and contract pharmacy relationships. For example, DSHs self-audit tools include DSH eligibility, prevention of duplicate discounts, and prevention of diversion and GPO prohibition.⁴ Another tool to get your covered entity started is the document titled “Mapping the 340B Drug Operations Environment,” provided by Apexus.⁴

As you build your self-auditing program, it is important to ensure that it is comprehensive. Sample all outpatient and mix-use areas and evaluate all areas of your program. Table 3 lists examples of the types of audits, including transaction audits of mix-use settings, clean sites, retail pharmacies, and contract pharmacies and targeted audits of high-cost drugs and high-risk areas. Validating that your split-billing software is functioning correctly and that settings align with documented policies and procedures, site/area eligibility based on Medicare Cost Reports, and so forth is a key step that can be easily overlooked if solely focusing on transaction audits. Auditing practices vary based on your covered entity operations, inventory management process (physical vs virtual), application of split-billing software, and so forth.

TABLE 3. SAMPLE AUDIT SCHEDULE

Item

Description

Frequency

Transaction audit: covered entity

Audit “x” amount of transactions in each setting (mixed use, clean sites, retail pharmacies, etc).

Monthly

Transaction audit: contract pharmacy

Audit “x” amount of transactions for each contract pharmacy relationship.

Monthly

Targeted audit

Audit “x” amount of transactions of targeted drugs (ie, high cost drugs) or program requirements, including the GPO prohibition and duplicate discount prohibitions.

Monthly/quarterly

File transfer audit

Audit files transfering from the covered entity to the split-billing software (ie, pharmacy charges and ADT information from the electronic health record).

Monthly

Clinic/location list

Audit the hospital-based clinic list extracted from the electronic health record, loaded into the split-billing software, to ensure that eligibility matches worksheet A and C of the Medi- care cost report. Also, ensure that all offsite clinics are registered on the HRSA database. Verify to ensure ordering on the appropriate wholesaler accounts.

Quarterly

Provider audit

Audit the eligible provider list within the split-billing software to ensure that eligibility matches the provider criteria set by the covered entity.

Quarterly

HRSA database

Review the accuracy of 340B sites listed in the HRSA database for any additions, deletions, and corrections.

Quarterly

Medicaid exclusion file

Review the accuracy of 340B site’s Medicaid Provider Numbers/NPIs listed in the HRSA database for any additions, deletions, and corrections.

Quarterly

HRSA database vs Medicare Cost Report

Internal compliance team performs a mock HRSA transaction audit for covered entities and contract pharmacies.

Annually

340B policy and procedure audit

Review all 340B-related policies and procedures.

Annually

Internal mock HRSA audit

Conduct a full program review to mirror HRSA’s audit procedures by using a sample data request. These audits include personnel interviews, transaction testing, MCH/site registra- tion verification, among other aspects.

Annually

External mock HRSA/manufac- turer audit

Audit the 340B Program at the covered entity using the same criteria as HRSA and a 340B drug manufacturer.

Annually

ADT = admission, discharge, and transfer; GPO = group purchases organization; HRSA = Health Resources & Services Administration.

External audits are another excellent tool to assist with finding potential risk areas within your organization. Having a third party review program practices, policy and proce- dures, transactions, and other potential areas for audit can be beneficial regardless of your program size and confidence in compliance—especially with the added complexity of contract pharmacy relationships. Apexus offers a tool to provide covered entities with points to consider with developing a request for proposal (or RFP) for an external audit.⁴

Tools available through resources such as the HRSA website and Apexus can help shape strong auditing practices at your covered entity. Routine auditing practices can both increase the covered entity’s confidence in compliance with 340B Program requirements and lead to other opportunities, such as cost savings initiatives.

HALENA LEAH MARCELIN is the program manager for the 340B program and compliance at Memorial Healthcare System in south Florida. She completed a 2-year health-system pharmacy administration residency with the University of North Carolina Hospitals and Clinics and received her master of science in pharmaceutical sciences from the University of North Carolina in 2015.

GRAYSON K. PEEK is the manager of business development and integrity at Duke University Hospital in Durham, North Carolina. He completed a 2-year health-system pharmacy administration residency at Duke University Hospital in conjunction with his master of science degree in health-system pharmacy administration at the University of North Carolina at Chapel Hill. Dr Peek is a PharmD graduate of the University of Tennessee Health Science Center.

RUSOL KARRALLI is manager of 340B education and compliance support at Apexus. She completed the 2-year health-system pharmacy administration residency at Memorial Hermann Health System in conjunction with a master of science in health-system pharmacy administration at the University of Houston College of Pharmacy in Houston, TX.

REFERENCES

• Public Health Service Act, 42 USC, §340B. Health Resources & Services Administration website. hrsa.gov/opa/programrequirements/phsactsection340b. pdf. Accessed March 3, 2017.
• Program integrity. Health Resources & Services Administration website. hrsa. gov/opa/programintegrity/index.html. Accessed March 8, 2017.
• Program requirements. Health Resources & Services Administration website. hrsa.gov/opa/programrequirements/index.html. Accessed March 8, 2017.
• Apexus. 340B Prime Vendor Program website. 340bpvp.com/education/340b-tools/. Accessed March 13, 2017.