January 25, 2016
Audits of the 340B Drug Pricing Program by Health Resources and Services Administration (HRSA), a department of the U.S. Department of Health and Human Services, have increased significantly and it’s only expected to continue to rise, particularly as the much anticipated 2014 “mega reg” intended to clarify the program was scrapped due to another legal challenge. As a health care entity participating in the 340B Drug Pricing Program (Covered Entity), you must be proactive to take steps to ensure compliance. Self-audits are a way to accomplish this and can be completed either by internal personnel or an outside vendor.
The majority of HRSA audits are being done at random, with a few conducted due to whistleblowing or self-reporting. While the Federal Register outlines compliance and audit guidance dating back to 1996, most Covered Entities have had little knowledge of what to expect from a HRSA audit. However, as HRSA audits have become more commonplace, we have gained a better understanding of how the process generally works.
The Audit Process
A 340B audit generally begins with a notice from HRSA. This is followed by a HRSA auditor contacting the Covered Entity to schedule an “entrance conference” by phone. The auditor then schedules the onsite audit and submits a “data request,” asking for multiple documents relating to 340B usage during the six months prior to the audit. Some hospitals have had less than 30 days to prepare the required documentation, which is another reason we highly stress regular self-audits to ensure documentation is consistently ready to provide to HRSA, if needed.
The onsite audit is then conducted and an “exit interview” held with Covered Entity officials. After the audit, the Covered Entity will receive a Preliminary Audit Report from HRSA typically within a few months to more than year from the visit. The Covered Entity has the opportunity to contest and resolve the findings, after which a Final Audit Report is issued.
What is HRSA looking for?
Covered Entities have three major compliance requirements to remain eligible for the program:
During an audit, HRSA will examine policies, procedures and processes related to 340B drugs, internal controls to prevent diversion and duplicate discounts to ensure compliance with the GPO prohibition, and test transactions related to 340B drugs. HRSA audits cover the parent site, as well as any registered outpatient facilities and all contracted pharmacies.
What You Can Do Now
HRSA audits can happen with little time to prepare. We recommend that you conduct self-audits on a regular basis to not only be prepared, but protect your health care organization from potential financial impacts of 340B penalties. Self-audits can be conducted by individuals within your organizations who are familiar with the rules and guidelines of the 340B Drug Pricing Program or by outside vendors with that knowledge.
Through the HRSA audit process, Covered Entities have been ordered to pay back discounts to pharmaceutical companies in the event they violate requirements. This becomes a very complicated process, as drug prices generally update quarterly and calculations must be made per quarter. Additionally, refunds must be made to all participating pharma companies, and not paid in one lump sum to one manufacturer. The complexity of the calculations and time spent contacting the individual pharmaceutical companies can be overwhelming, so it is better to avoid the need to refund these discounts.
Additionally, the 340B Drug Pricing Program requires an annual recertification. This needs to be anticipated and monitored so the health care organization does not unknowingly drop out of eligibility and compliance. It is important to keep the information related to the 340B Drug Pricing Program current, such as the name and e-mail addresses of the key people. We have seen several instances where the annual recertification e-mail went to an individual no longer with the health care organization, so the recertification did not get completed.
The bottom line: falling out of compliance can have hefty consequences and cost your facility valuable resources. Self-audits, whether conducted by your internal staff or outsourced to third-party auditors, allow you to track how you are doing and keep you prepared for HRSA audits. In addition, do not be lulled into a false sense of security that your 340B Program will not be audited. With the resources being devoted to monitoring compliance with this program, chances are that you will likely be selected for a HRSA audit at some point.