340B Compliance: Audit preparatin and Response September 18, 2017 340B Compliance: Audit preparatin and Response
An interactive session about what you need to know.
Disclaimer Opinions expressed are mine Consult qualified legal counsel for specific advice Presentation is intended as general information only, not as specific legal advice
Today’s Agenda 340B compliance requirements HRSA audit process Manufacturer audits/inquiries Audit preparation Common audit findings Responding to audit findings
340B Compliance Requirements Duplicate discounts – dispensing 340B drug to a patient when manufacturer is liable for a rebate on that drug Medicaid Exclusion File is HRSA-designated method for FFS Medicaid No Federal standard for MCO claims State rules (??) But HRSA audits address additional issues Accuracy of information posted on OPA database Adequacy (“auditability”) of records
340B Audits Manufacturer audits Approved by OPA Follow GAO Standards (“Yellow Book”) HRSA – Initiated audits Risk based and random NO published audit protocol Part 75 financial audits Follow GAO Standards
Audit Consequences Finding of diversion or duplicate discount can result in repayment of the 340B discount to affected manufacturer(s) Any finding likely to result in submission of HRSA-approved Corrective Action Plan e.g. incorrect information on OPA 340B database HRSA may “remove” contract pharmacies from FQHC network for: Diversion or duplicate discounts FQHC’s failure to exercise oversight of the contract pharmacies
Audits: Manufacturer Process Authorized by statute (42 USC 256b(a)(5)(C)) “Reasonable cause” for need to audit Obtain OPA approval Written notice of suspected violations and completion of good faith effort to resolve Audit by independent auditor per Government Auditing Standards Oral briefing at end of audit Written report (shared with OIG) Covered entity has 30 days to respond Covered entity can challenge findings using voluntary dispute resolution procedures Administrative dispute resolution procedures mandated by ACA not yet implemented 1996 audit guidelines for manufacturer audits (reiterated in HRSA Policy Release No. 2011-3 (Nov. 2011) on manufacturer audits): Reasonable cause to believe the covered entity is in violation of the diversion and/or duplicate discount prohibitions, including, for diversion, compliance with the orphan drug exclusion final rule “Reasonable cause” can include, for example, significant changes in order quantities, or failure to respond to a manufacturer’s inquiries about 340B purchasing practices Written notification of the suspected violation(s) provided to the covered entity and completion of a 30-day, good faith resolution period Engagement of independent public accountant to perform the audit in accordance with Government Accounting Standards (GAS) Submission of audit plan to OPA prior to implementation Covered entity is not the subject of another audit during the same time OPA has accepted 6 manufacturer audit work plans as of July 2013, and is encouraging manufacturers to submit more.
Audits: OPA Process Authorized by statute (42 USC 256b(a)(5)(C)) At discretion of HRSA - targeted and random Initiated by engagement letter from OPA Onsite review Audit performed by BizZell Group (following Government Auditing Standards ?) OPA reviews preliminary findings with covered entity including obtaining any necessary additional and potential resolution and/or remedy “Notice and hearing?” Once report is finalized, findings and entity’s response summarized on the OPA website Corrective Action Plan (CAP) Notice to manufacturers of possible repayment obligations Further OPA follow up as needed Onsite review includes review of documentation, interviews with key staff, and sample audit of patient records; Pre-Audit Covered entities selected for audit receive an engagement letter explaining what to expect and how to appropriately prepare. HRSA regional auditors conduct an introductory teleconference with the entity to request and obtain specified documents, including policies, procedures, and internal controls. HRSA regional auditors work with the entity to schedule an opening meeting with key covered entity management to discuss expectations for the onsite audit. Onsite Audit HRSA regional auditors obtain and review select 340B Program data and internal controls. Audit procedures include, at a minimum: review of relevant policies and procedures and how they are operationalized; verification of eligibility, including GPO and outpatient clinic eligibility; verification of internal controls to prevent diversion and duplicate discounts, including how the covered entity defines whether a patient is considered inpatient or outpatient, HRSA Medicaid Exclusion File designations, and accuracy of covered entity’s 340B database record; review of 340B Program compliance at covered entity, outpatient or associated facilities, and contract pharmacies; and testing of 340B drug transaction records on a sample basis. HRSA regional auditors collect the facts throughout the audit but are not authorized to summarize any findings to the entity. Their report to OPA will contain the facts as they understand it and must undergo OPA review. Additionally, any auditor statements made during the audit are not considered final and are subject to change. Post Audit HRSA regional auditors forward a preliminary report to OPA for review. OPA reviews the preliminary report, drafts a Final Report and issues the report to the covered entity, with a request for a corrective action plan (CAP), if applicable. Notice and Hearing After HRSA issues a Final Report, the covered entity has 30 calendar days from the date of the HRSA Final Report to review findings noted in the HRSA Final Report, and to review HRSA’s request for a CAP related to the findings noted. If a covered entity agrees with the Final Report, a covered entity must submit a CAP to HRSA within 60 calendar days for HRSA’s approval. If a covered entity disagrees with the Final Report, it shall notify HRSA in writing within 30 calendar days with appropriate supporting documentation of the covered entity’s disagreement. OPA reviews the covered entity’s response and, if appropriate, may reissue the Final Report if changes are made based on documentation submitted. If an entity fails to submit a CAP, it may be removed from the 340B Program. Once an audit report is finalized by OPA, the findings and any associated corrective action will be summarized on the OPA public website. In addition, once HRSA reviews and approves a CAP, the covered entity will be required to provide HRSA a public letter that outlines the findings involving diversion and/or duplicate discounts, states that repayment may be necessary, and provides a contact person for any questions that may arise. This letter will be posted on the HRSA website under the CAP column in the audit findings table. HRSA closes out the audit once the covered entity attests that all repayment is resolved (if necessary) and that the CAP has been fully implemented. Covered entities whose findings involve repayment will be subject to audit in a year.
Potential Sanctions Administrative Sanctions Corrective action – prospective Statutory Sanctions After notice and hearing: Repay amount of discount to manufacturer ACA Sanctions Pay interest on discount for “knowing and intentional” diversion Removal from 340B Program and disqualification for a “reasonable” period of time if violation was “systematic and egregious” Collateral Sanctions False Claims OIG and related penalties
HRSA Audits: Common Findings Auditable Records Eligibility requirement or audit finding? Duplicate Discount Incorrect or missing Medicaid Exclusion File entry Incorrect or missing NPI/Medicaid billing number Diversion Site registration Inadequate patient record Ineligible provider/inadequate documentation Inadequate documentation of referrals Improper inventory control Duplicate discount Violations include: The entity having billed Medicaid contrary to information contained in the Medicaid Exclusion File Medicaid claims being incorrectly coded when provided to the state Diversion: Covered entities “shall not resell or otherwise transfer” any 340B drug “to a person who is not a patient of the entity.” See 42 U.S.C. § 256b(a)(5)(B) (prohibition on diversion). Examples of diversion: 340B-priced drugs dispensed to ineligible patients Misuses and abuses of HRSA’s existing “patient” definition guidance (e.g., employees) Outpatient entities inappropriately listed as participants in the program Contract pharmacies using 340B product for their own account Inpatient/outpatient diversion The scope of what is and is not “diversion” under 340B hinges significantly on how the term “patient” is defined. Under current program guidance, a person is a “patient” of the covered entity for 340B eligibility purposes if: The covered entity has established a relationship with the person such that the covered entity maintains records of the person’s healthcare; The person receives health care services from a provider employed by, or under a contractual or other relationship with, the covered entity such that responsibility for the care provided remains with the covered entity; and The person receives a service or range of services consistent with the service or range of services for which grant funding or Federally center look-alike status has been provided to the entity. (This requirement does not apply to disproportionate share hospitals.) This current definition issued in 1996. HRSA/OPA is working on a revised definition of a “patient” for 340B purposes, which the agency plans to include in an omnibus 340B proposed rule anticipated for release in 2014. Certifying Eligibility & Maintaining an Accurate Listing in 340B Database Covered entities must certify their 340B eligibility each year. Annual recertification for all entity types is a relatively recent requirement. The recertification process, among other elements: Involves the review and updating of a covered entity’s listing in the 340B covered entity database; Includes an obligation to register new outpatient facilities and contract pharmacies, and to update the Medicaid Exclusion File; and Requires the entity to make several attestations, including that the entity will contact OPA as soon as reasonably possible if a “material breach” of the entity’s compliance obligations is discovered. Entities must keep their 340B database entries accurate and current Corrective action plans are still pending for many 2012 HRSA audits, and HRSA undertook dozens more covered entity audits in 2013.
HRSA Audits: Common Findings Contract Pharmacies Lack of oversight – “removal” sanction No written contract Incorrect store addresses/missing locations Dispensing to ineligible patient Dispensing to Medicaid FFS patient without “duplicate discount” safeguard OPA Registration Incorrect AO/contact information, addresses Closed sites listed/incorrect name
Responding to Audits Engage auditor – but do not expect an exit conference Correct identified problems/improve processes Final Report Read and understand Obtain legal or other expert counsel Agree – CAP due in 60 days Disagree – Response due in 30 days Correct the facts Supplement the record Question interpretation of policy/guidance
Audits: Preparation Develop and document comprehensive 340B Program policies and procedures. Develop concrete methodologies for routine self-auditing. Routine processes for internal corrective action. Verify that contract pharmacy arrangements comply with the 340B requirements and are properly listed in the OPA database. Maintain “auditable records.”
Addressing Audit Findings Contest findings of fact Correct errors Provide additional documentation Consider potential legal issues Are findings grounded in the statute (e.g. site registration requirement) Audit procedures (HRSA does not follow GAO “Yellow Book” standards) Adequacy of “notice and hearing” (42 USC 256b(a)(5)(D)) Scope of audit (42 USC 256b(a)(5)(C))
Some Audit Resources Clarification of Manufacturer Audits of 340B Covered Entities (Release 2011-3, November 21, 2011) Manufacturer Audit Guidelines (61 Fed. Reg. 65406 (December 12, 1996)) Clarification of HRSA Audits of 340B Covered Entities (Release 2012-1.1, February 8, 2013 www.hrsa.gov/opa/programintegrity Apexus (Prime Vendor): www.340bpvp.com
Additional Questions? Michael B. Glomb Partner Feldesman Tucker Leifer Fidell LLP 1129 20th Street, NW, Fourth Floor Washington, DC 20036 Phone: 202-466-8960 mglomb@ftlf.com