To help maintain 340B Program integrity, HRSA has the authority to audit covered entities for compliance with the program requirements. At its core, the audit looks for accuracy of the Office of Pharmacy Affairs Information System (OPAIS), record keeping, compliance with program prohibitions-Group Purchasing Organization (GPO), diversion, and duplicate discounts.
Failure to comply with an audit, or findings of noncompliance during an audit, can make the covered entity liable to manufacturers for refunds of program discounts, create unnecessary scrutiny or cause the covered entity to be removed from the 340B Program.
How are entities selected for audits?
HRSA audits involve an in-depth review of the covered entity’s 340B Program operations and compliance. HRSA identifies three groups for audits based on risk in this order:
- Entities randomly chosen from program types determined to be at higher program risk due to volume of purchases, increased complexity of program administration and use of contract pharmacies
- Entities chosen from program types determined to be at lesser risk
- Entities thought to be in violation of 340B requirements, often called targeted audits. (these may be identified by whistleblowers, manufacturers, or self-reporting)
Ultimately, these audits help HRSA and participating covered entities identify and mitigate program risk and establish best practices for 340B Program compliance.
What are HRSA auditors looking for?
- 340B Program data and internal controls
- Relevant policies and procedures and how they are operationalized
- Eligibility, including GPO and outpatient clinic eligibility
- Internal controls to prevent diversion and duplicate discounts
- 340B Program compliance at covered entity site, outpatient or associated facilities and contract pharmacies
They will also test 340B drug transaction records on a sample basis using a tracer methodology.
What if the audit uncovers something?
After an audit, HRSA’s Final Report will request a corrective action plan (CAP). If a covered entity agrees with the Final Report, a covered entity must submit a CAP to HRSA within 60 calendar days for HRSA’s approval. The full CAP implementation and settlement with manufacturers is expected to be complete within six months of the CAP approval date.
If a covered entity does not agree with HRSA’s findings in the Final Report, the entity should notify HRSA in writing within 30 calendar days, providing appropriate supporting documentation. HRSA will review this response, and if appropriate, modify the Final Report.
What are common adverse audit findings?
One common finding involves drug diversion – sometimes intentional and sometimes inadvertent. The 340B law prohibits “diversion,” which happens when covered entities resell or otherwise transfer discounted drugs purchased under the 340B Program to anyone but their own patients or use 340B drugs in an inpatient setting.
Another common audit finding is a duplicate discount. Under the provisions of the 340B law, manufacturers should not provide a drug at the 340B discount to the covered entity and provide a rebate to Medicaid on the same drug; it must be one or the other. Without proper tracking systems in place, covered entities may inadvertently have a drug listed as a 340 purchase and as applicable for Medicaid rebate.
How can you prepare for a 304B Program audit?
As a covered entity, you can’t afford to risk your 340B Program status. If you’re not prepared, you could end up paying fines, losing 340B status or dealing with a lengthy appeal process. You need a complete audit trail and the ability to provide the necessary documentation within the required timeframes. Preparation requires performing an assessment of your program applying the audit guideposts to determine whether you could pass a real manufacturer or HRSA audit before they show up at your doorstep.
What should you look for when selecting a partner to help you prepare for a 340B Program audit?
Naturally, you will want to work with people who understand your systems and have been through a HRSA audit before. Another important factor to look for is Apexus certification. Apexus is the HRSA-designated Prime Vendor for the 340B Drug Pricing Program; having Apexus certification means that you’re working with a team who has deep 340B expertise.
Senturion Services’ Audit Preparation Assessment provides unparalleled support throughout the audit process. We assess your software configurations and drug purchases for program compliance, verify patient eligibility, location eligibility and other compliance requirements, then provide you with a report detailing any findings, as well as recommendations to correct any issues and suggestions for program optimization.
Contact us to learn more today.
Special note regarding HRSA guidelines due to COVID-19
Based on the current COVID-19 pandemic, HRSA is moving towards conducting 340B Program covered entity audits remotely (virtually) for the next several months while they monitor and assess the impact on the covered entities. If a covered entity has specific questions regarding an audit once it has been engaged, please contact the Bizzell Group (the 340B audit contractor) at firstname.lastname@example.org who will coordinate with HRSA based on the specifics of the request. HRSA will continue to monitor the COVID-19 response and provide updates accordingly. HRSA is currently providing options for remote site visits (RSV) by either RSV real-time audits conducted online in a series of days or RSV paced sample audits conducted over a longer period of days. They will use Adobe Connect as their platform and ask you to upload data to an NIH secure portal. They’ll also provide an RSV checklist. For additional information, you can visit: https://www.hrsa.gov/opa/COVID-19-resources