Transcript Pharmacy Compliance w Federal State and Commercial Insurance

Managing Your Pharmacy’s Fraud Waste and Abuse Program &
Maintaining Your Pharmacy’s DEA Compliance
(Including a review of Medicare – Medicaid Rx Programs)
PART I
Independent Pharmacy Alliance of America Inc.
(IPA)
Wednesday Evening
June 24, 2015
Hilton Garden Hotel
50 Raritan Center
Edison, New Jersey 08837
James R. Schiffer, RPhI, Esq.
Allegaert Berger & Vogel LLP
[email protected]
(212) 571-0550
Tonight’s program is a three credit presentation, this portion is the
first half of the CE presentation.
NOTE: This presentation is not intended to provide legal advice but is
intended to inform the attendees of current issues affecting the practice
of pharmacy regarding compliance with Federal, State and Commercial
Prescription programs including Medicare, Medicaid and HIPAA rules
and regulations.
LEARNING OBJECTIVES
For Part I include:
- Explain the new initiatives regarding Medicaid, Medicare Part B &
Parts C/D enrollment, audit & recovery efforts.
- Describe the effect of the Affordable Care Act on pharmacy
compliance with integrity initiatives.
- Explain the new federal audit initiatives regarding HIPAA.
- Know where to check for excluded and disqualified prescribers, as
well as for your staff employees due to various violations of criminal
and health care laws, rules and regulations.
- Know the increased involvement of the commercial Pharmacy
Benefit Managers in the review and enforcement of fraud Waste and
Abuse activity by pharmacists, patients and prescribers.
-
General Theme of Today’s CE
• There is a requirement by Medicare Part D to have an effective Fraud
Waste and Abuse program - - reviewed and updated annually - - at every
participant of the Part C and D prescription program from the top of the
food chain, the Prescription Drug Plan (PDP) down to the Pharmacy (with
all participants in between included) As the government is shifting many
responsibilities of prescription services to commercial insurers and
pharmacy benefit managers is a significant change in the management of
government funded prescription plans. With that shift there remains a
responsibility to conform to federal and state oversight issues. Additionally
HIPAA appears to be that sleeping giant that occasionally wakes up and
causes havoc. My purpose today is to alert all attending of the issues of
FWA/Compliance as well as Commercial Insurance pharmacy oversight
and fallout for failure to adhere to these principals.
FEDERAL OIG INITIATIVES
- Every year the Health & Human Services Office of
Inspector General (OIG) issues a game plan for the projects
which will be undertaken to route out Fraud, Waste and
Abuse in the federally funded health care programs
(Medicare A,B,C,D & Medicaid, Child Health Plus, & 340
B program.)
For the 2015 year specific Pharmacy issues which the OIG
will be checking on include: Part B billings for transplant
medications for proper coding; and for Part C & D drug
programs OIG will be examining billings for expensive
drugs such as HIV medications for patients who have
expired.
Understanding the requirements for
participation Medicare Part B, C, D
and State Medicaid Programs
Pursuant to the Affordable Care Act certain changes to Part B, C, D
and State Medicaid programs have occurred. For instance , finger
printing of all owners is required for new providers in Part B in high
fraud areas. (Metropolitan areas such as New York, New Jersey have
such designations).
Fees for enrollment in these programs and also reenrollment are now
mandated (The fee for 2015 is $553).
All providers billing or creating billing must be enrolled in Medicare
Part B and Medicaid in order for their Rx’s to be processed.
Confirmation of legitimacy of the providers, staff of the providers, all
prescribers must be checked on line.
Pharmacies’ Medicare Part C & D Training
Obligations and Medicare Training Resources:
- Your obligation - CMS regulations require that all
pharmacies contracted with Medicare Part D Plan
Sponsors, such as the various Part C Medicare
Advantage Prescription Drug Plans (MA-PDs) or the
Part D Prescription Drug Plans (PDPs), participate in
annual compliance training and provide this training to
new employees as part of orientation.
- Monitoring and audit – The MA PDs and PDPs will
monitor and ask for you to confirm compliance;
pharmacies may be required to provide attendance
logs and training attestations.
Some examples of acceptable FWA training are
the following:
- The CMS Medicare Part C and D Fraud, Waste
and Abuse module available at
http://www.cms.gov/MLNProducts/45_ProviderCo
mpliance.asp. or;
- A training module provided by a training
organization or industry association that covers
CMS-required topics. Additionally there are various
commercial program available through your
Pharmacy Service Administrative Organizations
(PSAOs) and other commercial health care related
entities. or;
- You may be able to obtain private (class room)
training for your staff by a bona fide FWA trainer in
which your staff can confirm their understanding at
the conclusion of the training by answering some
fundamental questions.
The False Claims Act
Medicare Part C & D prescription claims are subject
to the False Claims Act.
--There are harsh penalties for false claims:
It is a violation of the False Claims Act to knowingly
present, or cause to be presented, a” false or
fraudulent claim” to the federal government.
“Knowingly” includes deliberate ignorance or reckless
disregard of the truth. Note that fines of up to $11,000
per claim are possible.
Statutory authority grants treble damages (i.e., three
times the amount of the false claim)
--Many states have comparable statutes, leading to
possible dual state and federal liability for the
submission of false or fraudulent claims under the
Medicare Part C& D Plans.
Turning to Compliance…
Focus on Compliance in the Pharmacy
Commercial PBM Requirements
HIPAA Compliance
General Medicaid Requirements
Issues with Medicare Part B DME Billing
CMS Medicare Parts C & D Requirements
As government sponsored pharmacy services (both in the Medicaid
arena and the Medicare Parts C and D arena) have shifted to
commercial insurance carriers for patient coverage, the role of
Pharmacy Benefit Managers oversight on your dispensings has grown
to be a important compliance issue. I will highlight the key areas of
importance.
Do not get caught up in billing for the best reimbursed product and
then just dispense what you have on the shelf. Both federal and state
laws require accurate billing for Medicare and Medicaid Rx claims as
the supplies and drug manufacturers are responsible for “back end”
rebates of earned discounts to the various prescription plan sponsors
including your state Medicaid programs.
Some current investigative
activities
• Medicare Part D has found value in auditing
pharmacies retroactively for dispensings
(predominantly HIV meds) to “Dead Patients”.
• Cross checking to confirm your pharmacy has an
active Medicare Part B billing number.
• Conducting “walk in” inspections for confirmation
your pharmacy is following all basic NY Medicaid
guidelines, (including a reversal policy, no auto
refills, adequate inventory, satisfactory sanitary and
pharmacy operation, no evidence of prescription
steering or shifting of billing to other pharmacies.
Attention NY Medicaid Pharmacy Providers-NYS OMIG Requires Annual Compliance
Certification every December with a written
policy and procedure manual on your premises
For Medicare Parts C/D - CMS Requires Fraud
Waste & Abuse Certification every year and
written policies and procedures required
(Note: If you manage your OMIG and CMS requirements
efficiently you can satisfy both with a proper consulting
company for your pharmacy)
also HIPPA Compliance is an ongoing requirement
Note: if your pharmacy provides
over $5 million in billings to
Medicaid (including Managed Care
billing activity), you are required to
have a much more robust
Compliance program (as compared
to the NY Medicaid Compliance
program) pursuant to the Federal
Deficit Reduction Act of 2005
Example of basic Compliance /FWA
requirement:
Check the federal (www.oig.hhs.gov) ; and the
NYS OMIG website (www.omig.ny.gov) for
EXCLUDED/DISQUALIFIED/DEBARRED
INDIVIDUALS/PRACTITIONERS/BUSINESS ENTITIES
to ensure that you do not have employed nor do
you honor prescription orders from such
prohibited providers. Violations of such can
trigger treble damage recover by the
State/Federal Agencies.
Make certain you maintain proper procedure for proper billings
of all pharmaceuticals and supplies to all Medicaid and Medicare
(including Managed Care Plans) patients.
You must bill for the exact product /supply which is being
dispensed (check for accurate generic product NDC numbers,
check for accurate product codes billed for blood glucose strips)
You must have documentation of the purchase of the
pharmaceuticals /supplies from legitimate suppliers with
availability of payment information if so requested by an auditor.
Have a procedure for reversing all medications/supplies that have
not been picked up within a reasonable amount of time. Some
PBMs require a two week limit on waiting to “return to stock” of
your waiting prescriptions supplies.
Have a procedure for the dispensing of all balances owed on
partially dispensed prescriptions when the full amount of
medication/supplies are not available at initial dispensing.
Medicare/Medicaid Application &
Re-Validation Fee
• Section 6401(a) of the Affordable Care Act (ACA) requires the
Secretary to impose a fee on each "institutional provider of medical
or other items or services and suppliers." The fee is to be used by
the Secretary to cover the cost of program integrity efforts including
the cost of screening associated with provider enrollment processes,
including those under section 1866(j) and section 1128J of the
Social Security Act. Based upon provisions of the ACA this fee will
vary from year-to-year based on adjustments made pursuant to the
Consumer Price Index for Urban Areas (CPI-U). The application fee
is to be imposed on providers that are newly-enrolling, reenrolling/re-validating, or adding a new practice location - for
applications received on and after March 25, 2011. The application
fee for CY 2015 is $553.
Commercial Pharmacy Benefit Managers
Audit Techniques
• As all Medicare Part D plans are processed through a PBM and most of
the NYS Medicaid claims are now through a Managed Care
Organization, the Commercial Pharmacy Benefit Managers are acting as
an extension of the State and Federal Governments in conducting audits
of your pharmacy billings. Part of the selection process to become a
Targeted Pharmacy for audit if your pharmacy practice includes:
• Compounding Pharmacies billing for excessively expensive compounds
(some prices exceed $100,000)
• Pharmacies that bill for drugs and supplies which surpass predetermined
norms established by the PBM, also known as “Outliers”. Could be excess
Biotech or oncology drugs billed, excessive early refill patterns, evidence
of no reversals, or high incidence of expensive drugs across the board.
• Such pharmacies may be requested to supply copies of prescriptions and
supporting documentation along with a full blown audit of all dispensings
and documented purchases for a 6 month to 13 month period.
Are you Compounding Sterile or Non Sterile
Preparations?
• The costs of such compounds (particularly
the non sterile compounds) has gone
through the roof. Note that the Tricare Rx
Program ( US Dept. of Defense) in 2005
spent $5 million on compounds. Today
some ten years later, the monthly costs
exceed $217 million) That converts to an
annual cost of over $2.5 billion in annual
compounding costs alone.
What do we do as pharmacists?
• We need to self police before the
compounding scenario becomes a black
eye on our public perception.
• Be reasonable in your marketing
approach. Do NOT pay sales reps by
1099s, that is a violation of Stark federal
anti kickback regulations. Also remember
to insert a real meaningful Usual and
Customary price prior to completing your
dispensing procedure.
A REVIEW…
The following Eight slides review basic
issues dealing with pharmacy audit
concerns for both the Commercial
Insurance plans as well as Government
(State or Federal) Sponsored
Prescription Plans…….
1) Make sure you bill for the actual
drug product (NDC) or medical
supply (as in blood glucose strips,
etc.) code. Do not get caught up in
billing for the best reimbursed
product & then just dispense what
you have on the shelf. Both federal
.
& state laws require accurate billing
for Medicare and Medicaid Rx
claims as the supplies & drug
manufacturers are responsible for
“back end” rebates of earned
discounts to the various prescription
plan sponsors.
2) Do not do auto-refilling of any
prescriptions covered by a
government rx program. By autorefilling, you may feel you are
assisting patient compliance by
doing so, but many if not all PBMs
prohibit auto refilling programs.
3) Do not dispense medications or supplies (via common carrier
or USPS) to patients who reside in states where your pharmacy is
not registered to do business. (That does not mean if a person
from Texas walks in to your pharmacy for medication, you turn
them down, but if a patient or prescriber from Texas calls you for
medication to be mailed to the prescriber or patient, then you
better have a Texas pharmacy registration as an out of state
pharmacy.) Note that Insurance plans and PBMs are auditing
your dispensing patterns and seeking out such violations which
result in your PBM contract termination!
If you are registered as an out of state pharmacy make sure you
are also enrolled to submit data to their patient monitoring
program (PMP) if so required as rules vary by state.
(some states even require PMP notice of zero controlled drug dispensings).
4) Make sure you have a policy of
reviewing all prescriptions and
supplies which have been billed to
Medicare, Medicaid or other
insurance companies. CVS
Caremark demands a 14 day
window for reversals for
prescriptions not picked up.
5) Follow all HIPAA policies and
procedures and in the event you
have an on site audit, make sure the
auditor notices your use of a
shredder and your staff observes
patient’s right to have their PHI
protected.
6) Make sure your pharmacy can show sufficient
pharmaceuticals and supplies purchased from
legitimate wholesalers and distributors licensed in
your state to justify your billings. If you rely on
KOW’s to survive, then make sure you have a
written invoice from your KOW pharmacy friend,
and you pay for such KOW by Check and ask
your KOW pharmacy friend for a copy of their
invoice from their legitimate supplier for the
product you have purchased. Make sure your
KOW purchases are small in comparison to your
overall operation. This advice comes directly
from a CVS Caremark audit manager.
7) Copays and Compound issues: Make sure you
have a written policy of collecting all copayments
and deductibles for prescription and supplies billed.
Additionally if you are a pharmacy that does
sophisticated compounding, make sure that the
prices submitted to PBMs and Insurance Companies
for such compounded Rxs, actually reflect your U&C
(what you would charge) for a “Cash Paying”
Patient. The PBMs and Insurance Companies are
well aware of the huge spread between AWP and
acquisition cost on compounding ingredients. An Rx
for compounding may have an AWP of $45,000 with
a net cost of only $1,900, so ask yourself, what
would you charge a cash paying patient? Reflect
that price on your transmission or you are looking for
trouble.
8) The HHS Office of Inspector General (OIG) is
focusing part of their attention on auditing and
reviewing Medicare Part D claims for Patients that
have expired. Especially important is to confirm
that you are aware of the life or death status of
your HIV patients. Millions of Dollars are being
spent by our government for HIV medication for
Dead Patients on Medicare Part D. The D in
Medicare is not intended to mean DEAD!! Copays
and Compound issues: Make sure you have a
written pharmacy policy of collecting all
copayments and deductibles for prescription and
supplies billed and maintain records of such.
Results of Commercial Audit Shortfalls
• CVS & Catamaran Rx are the two largest auditing PBMs
Catamaran will terminate your contract for shortages of inventory for as little as $900
after an audit and inventory review. Many pharmacists ignore the faxed notice of
Catamaran Rx auditor referral to Catamaran Pharmacy Membership Evaluations
Committee (PMEC) thus missing an opportunity to appeal the initial findings.
CVS Caremark will withhold double the anticipated audit recovery while you continue
to participate as a provider (without getting paid). CVS Caremark may initiate a
second audit when there is evidence of fraudulent practices at the pharmacy such as:
Lack of prescriber confirmation of prescriptions billed as not ordered by the prescriber;
Lack of sufficient invoices to justify billings ( KOWs, incorrect NDC for brands and
generics, incorrect UPCs for supplies, Significant shortages of legitimate inventory to
justify billings of products as just some ways to have shortages which are not
acceptable to CVS Caremark).
After the audit, there may be a referral to the Pharmacy Membership Review
Committee (PMRC) for potential expulsion from participation in all CVS Caremark
plans. Upon completion of the CVS Caremark audit process any excess funds withheld
by CVS Caremark will be returned to the pharmacy provider less a 15% surcharge
calculated on the recovery amount (if the recovery exceeds $7,500) for the audit
handling fee.
Turning our attention to
HIPAA…
Common HIPAA Lingo: PHI, NOPP, CE, BAA,
You must protect the privacy of your patient’s protected
health information (PHI) at all times. Pharmacies are
HIPAA Covered Entities CE
NOPP - Notice of Privacy Practices – written document
which must be given to all new patients on first visit, and
must be signed for by patient or caregiver.
Business Associate Agreement – BAA a contract between
the CE and a non HIPAA entity as a vendor.
If you leave a laptop on a bus or train without any
password protection, that is considered a Privacy and
Security Breach, even if nobody sees the data on the
laptop.
HIPAA Requirements
Every new patient / caregiver must receive a written Notice of Privacy Practices (NOPP) in their
first visit to the pharmacy – the patient/caregiver must be requested to sign an acknowledgement
that the NOPP has been received.
Pharmacy staff must be trained in policies and procedures that ensure that the privacy of all
patients will be respected and protected. Manage the pharmacy in a way that protects the patients
PHI, such as the way Rx bags are posted for pick up, you should protect the privacy concerns of
the patients. Will Call prescriptions must be discretely handled. Counseling Requirements must
be performed in a location within the pharmacy that will ensure that the patient ‘s privacy is
protected, and the rest of the patients around will not hear the conversation.
Pharmacy needs to ensure that all written records containing Protected Health Information (PHI)
are destroyed (shredding or shredding services are needed) which will protect the patients from
the risk of a PHI “Breach”. Additional precautions need to be taken on electronic records held at
the pharmacy, including laptops and desktop computers to protect patient PHI from being
compromised.
Any vendors which have access to the pharmacy PHI needs to be fully trained in HIPAA and
needs to sign a Business Associate Agreement (BAA) with the pharmacy to ensure that the vendor
is aware of the need to protect PHI and also to ensure that the vendor acknowledges that they are
legally responsible along with the pharmacy to protect the privacy of the patient as well as the
patient’s PHI.
In the event of a breach of PHI at your pharmacy it must be reported to the HHS Office of Civil
Rights (OCR). Depending upon the significance of the breach, the timing of your notification to
OCR may vary as noted on next slide.
Rules on HIPAA Breach Notifications
• Breaches Affecting 500 or More Individuals
•
•
•
•
•
If a breach of unsecured protected health information affects 500 or more
individuals, a covered entity must notify the Secretary of the breach without
unreasonable delay and in no case later than 60 calendar days from the discovery of
the breach. The covered entity must submit the notice electronically to HHS by
completing all of the required fields of the breach notification form.
Breaches Affecting Fewer than 500 Individuals
If a breach of unsecured protected health information affects fewer than 500 individuals, a
covered entity must notify the Secretary of the breach within 60 days of the end of the
calendar year in which the breach was discovered. (A covered entity is not required to wait
until the end of the calendar year to report breaches affecting fewer than 500 individuals; a
covered entity may report such breaches at the time they are discovered.) The covered entity
may report all of its breaches affecting fewer than 500 individuals on one date, but the
covered entity must complete a separate notice for each breach incident. The covered entity
must submit the notice electronically by completing all of the fields of the breach notification
form.
If you have any questions, you may call HHS OCR toll-free at: 1-800-368-1019, TDD:
1-800-537-7697 or send an email to [email protected].
HHS OCR LINK for breach notifications:
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html
In the event of a HIPAA Breach you must report as follows:
In addition to notifying affected individuals and the media
(where appropriate), covered entities must notify the Secretary
of breaches of unsecured protected health information.
Covered entities will notify the Secretary by visiting the HHS
web site
(http://www.hhs.gov/ocr/privay/hipaa/administrative/breachn
otificationrule/brinstruction.html) and filling out and
electronically submitting breach report form. If a breach affects
500 or more individuals, covered entities must notify the
Secretary without unreasonable delay and in no case later than
60 days following a breach. If however affects fewer than 500
individuals, the covered entity may notify the Secretary of such
breaches on an annual basis. Reports of breaches affecting
fewer than 500 individuals are due to the Secretary no later
than 60 days after the end of the calendar year in which the
breaches are discovered.
Thank you for your attention
• Questions?
• Comments?
• Concerns?
• Jim Schiffer, RPH, Esq.
• [email protected]
• Telephone 212 616 7069