UPDATE ON PHARMACY AUDITS AND COMPLIANCE … · Do NOT pay sales reps by IRS 1099s,(consultants are...
Transcript of UPDATE ON PHARMACY AUDITS AND COMPLIANCE … · Do NOT pay sales reps by IRS 1099s,(consultants are...
UPDATE ON PHARMACY AUDITS AND COMPLIANCE FOR THE
PHARMACIST/PHARMACY OWNER
(INCLUDING A REVIEW OF MEDICARE – MEDICAID RX PROGRAMS)
PHARMACISTS SOCIETY OF THE STATE OF NEW YORK
JUNE 24, 2015VIA THE WEB
JAMES R. SCHIFFER, R.PHI, ESQ.
JAMES R. SCHIFFER, RPHI, ESQ.ALLEGAERT BERGER & VOGEL LLP
(212) 571-0550
TODAY’S PRESENTATION IS A ONE CREDIT CE PROGRAM
PLEASE NOTE: THIS PRESENTATION IS NOT INTENDED TO PROVIDE LEGAL
ADVICE BUT IS INTENDED TO INFORM THE ATTENDEES OF CURRENT ISSUES
AFFECTING THE PRACTICE OF PHARMACY REGARDING COMPLIANCE WITH
FEDERAL, STATE AND COMMERCIAL PRESCRIPTION PROGRAMS INCLUDING
MEDICARE, MEDICAID AND HIPAA RULES AND REGULATIONS.
LEARNING OBJECTIVES:
#1. KNOW THE CHANGES TO THE NEW FRAUD WASTE ABUSE AND COMPLIANCE
INITIATIVES REGARDING NEW YORK MEDICAID, MEDICARE PART B AND MEDICARE PART D
SPECIFICALLY WITH REGARD TO ENROLLMENT, AUDIT AND RECOVERY ISSUES.
# 2. DESCRIBE THE EFFECT OF THE AFFORDABLE CARE ACT ON PHARMACY COMPLIANCE
WITH DISPENSING OF MEDICATIONS AND SUPPLIES IN FEDERALLY AND STATE FUNDED
PRESCRIPTION PROGRAMS.
# 3. KNOW THE ANNUAL COMPLIANCE REQUIREMENTS FOR PARTICIPATION IN THE NEW
YORK STATE MEDICAID PRESCRIPTION PROGRAM WHICH COVERS BOTH THE STATE
OPERATED "FEE FOR SERVICE" AND THE MANAGED CARE ORGANIZATIONS MEDICAID
MANAGED CARE PROGRAMS.
# 4. KNOW WHAT PHARMACISTS ARE RESPONSIBLE FOR IN COMPLIANCE WITH THE
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TO PROTECT
PATIENT PRIVACY. AND THE RELATED ENFORCEMENT ACTIVITY REGARDING HIPAA
COMPLIANCE.
# 5. KNOW WHERE TO CHECK FOR EXCLUDED AND DISQUALIFIED PRESCRIBERS AS WELL
AS EMPLOYEES DUE TO VARIOUS VIOLATIONS OF HEALTH CARE LAWS AND REGULATIONS.
#6. KNOW HOW TO PREPARE FOR A UNANNOUNCED MEDICAID CREDENTIALING
VALIDATION REVIEW (CVR) AUDIT AND INSPECTION OF YOUR PHARMACY AND THE
SIGNIFICANT REPERCUSSIONS AN ADVERSE CVR AUDIT/INSPECTION CAN HAVE ON YOUR
PRACTICE.
GENERAL THEME OF TODAY’S
CE
The shift to commercial insurers and pharmacy benefit managers is a significant change in the management of government funded prescription plans. With that shift there remains a responsibility to conform to federal and state oversight issues. Additionally HIPAA appears to be that sleeping giant that occasionally wakes up and causes havoc. My purpose today is to alert all attending of the issues of FWA/Compliance as well as Commercial Insurance pharmacy oversight and fallout for failure to adhere to these principals.
FEDERAL OIG INITIATIVES- EVERY YEAR THE HEALTH & HUMAN SERVICES OFFICE OF INSPECTOR GENERAL (OIG) ISSUES A GAME PLAN FOR THE PROJECTS WHICH WILL BE UNDERTAKEN TO ROUTE OUT FRAUD, WASTE AND ABUSE IN THE FEDERALLY FUNDED HEALTH CARE PROGRAMS (MEDICARE A,B,C,D & MEDICAID, CHILD HEALTH PLUS, & 340 B PROGRAM.) FOR THE 2015 YEAR SPECIFIC PHARMACY ISSUES WHICH THE OIG WILL BE CHECKING ON INCLUDE: PART B BILLINGS FOR TRANSPLANT MEDICATIONS FOR PROPER CODING; AND FOR PART C & D DRUG PROGRAMS OIG WILL BE EXAMINING BILLINGS FOR EXPENSIVE DRUGS SUCH AS HIV MEDICATIONS FOR PATIENTS WHO HAVE EXPIRED.
UNDERSTANDING THE REQUIREMENTS FOR PARTICIPATION MEDICARE PART B, C, D AND STATE MEDICAID PROGRAMSPURSUANT TO THE AFFORDABLE CARE ACT CERTAIN CHANGES TO PART B, C, D AND STATE MEDICAID PROGRAMS HAVE OCCURRED. FOR INSTANCE , FINGER PRINTING OF ALL OWNERS IS REQUIRED FOR NEW PROVIDERS IN PART B IN HIGH FRAUD AREAS. (METROPOLITAN AREAS SUCH AS NEW YORK, NEW JERSEY HAVE SUCH DESIGNATIONS). FEES FOR ENROLLMENT IN THESE PROGRAMS AND ALSO REENROLLMENT ARE NOW MANDATED (THE FEE FOR 2015 IS $553).ALL PROVIDERS BILLING OR CREATING BILLING MUST BE ENROLLED IN MEDICARE PART B AND MEDICAID IN ORDER FOR THEIR RX’S TO BE PROCESSED.CONFIRMATION OF LEGITIMACY OF THE PROVIDERS, STAFF OF THE PROVIDERS, ALL PRESCRIBERS MUST BE CHECKED ON LINE.
PHARMACIES’ MEDICARE PART C & D TRAINING
OBLIGATIONS AND MEDICARE TRAINING RESOURCES:
- YOUR OBLIGATION - CMS REGULATIONS REQUIRE THAT
ALL PHARMACIES CONTRACTED WITH MEDICARE PART D
PLAN SPONSORS, SUCH AS THE VARIOUS PART C
MEDICARE ADVANTAGE PRESCRIPTION DRUG PLANS
(MA-PD) OR THE PART D PRESCRIPTION DRUG PLANS
(PDP), PARTICIPATE IN ANNUAL COMPLIANCE TRAINING
AND PROVIDE THIS TRAINING TO NEW EMPLOYEES AS
PART OF ORIENTATION.
- MONITORING AND AUDIT – THE MA PD AND PDP WILL
MONITOR AND ASK FOR YOU TO CONFIRM
COMPLIANCE; PHARMACIES MAY BE REQUIRED TO
PROVIDE ATTENDANCE LOGS AND TRAINING
ATTESTATIONS.
Some examples of acceptable FWA training are the
following:
- The CMS Medicare Part C and D Fraud, Waste and
Abuse module available at
http://www.cms.gov/MLNProducts/45_ProviderComplian
ce.asp. or;
- A training module provided by a training organization or
industry association that covers CMS-required topics.
Additionally there are various commercial program
available through your Pharmacy Service Administrative
Organizations (PSAOs) and other commercial health
care related entities. or;
- You may be able to obtain private (class room) training
for your staff by a bona fide FWA trainer in which your
staff can confirm their understanding at the conclusion of
the training by answering some fundamental questions.
The False Claims ActMedicare Part C & D prescription claims are subject to
the False Claims Act.
--There are harsh penalties for false claims:
It is a violation of the False Claims Act to knowingly present, or cause to be presented, a” false or
fraudulent claim” to the federal government.
“Knowingly” includes deliberate ignorance or reckless
disregard of the truth. Note that fines of up to $11,000
per claim are possible.
Statutory authority grants treble damages (i.e., three
times the amount of the false claim)
--Many states have comparable statutes, leading to
possible dual state and federal liability for the
submission of false or fraudulent claims under the
Medicare Part C& D Plans.
TURNING TO COMPLIANCE…
FOCUS ON COMPLIANCE IN THE PHARMACY
COMMERCIAL PBM REQUIREMENTS
HIPAA COMPLIANCE
MEDICAID REQUIREMENTS
ISSUES WITH MEDICARE PART B DME
BILLING
CMS MEDICARE PARTS C & D
REQUIREMENTS
AS GOVERNMENT SPONSORED PHARMACY SERVICES (BOTH IN THE MEDICAID ARENA AND THE MEDICARE PARTS C AND D ARENA) HAVE SHIFTED TO COMMERCIAL INSURANCE CARRIERS FOR PATIENT COVERAGE, THE ROLE OF PHARMACY BENEFIT MANAGERS OVERSIGHT ON YOUR DISPENSINGS HAS GROWN TO BE A IMPORTANT COMPLIANCE ISSUE. I WILL HIGHLIGHT THE KEY AREAS OF IMPORTANCE.
DO NOT GET CAUGHT UP IN BILLING FOR THE BEST REIMBURSED PRODUCT AND THEN JUST DISPENSE WHAT YOU HAVE ON THE SHELF. BOTH FEDERAL AND STATE LAWS REQUIRE ACCURATE BILLING FOR MEDICARE AND MEDICAID RX CLAIMS AS THE SUPPLIES AND DRUG MANUFACTURERS ARE RESPONSIBLE FOR “BACK END” REBATES OF EARNED DISCOUNTS TO THE VARIOUS PRESCRIPTION PLAN SPONSORSINCLUDING YOUR STATE MEDICAID PROGRAMS.
SOME ONGOING NYS OMIG AUDIT
TECHNIQUES: Audit pharmacies up to 6 years
retroactive for dispensings to “Dead
Patients”.
Cross checking to confirm your
pharmacy has an active Medicare
Part B billing number.
Conducting “walk in” inspections for
confirmation your pharmacy is
following all basic NY Medicaid
guidelines, including a reversal policy,
no auto refills, adequate inventory,
satisfactory sanitary and pharmacy
operation, no evidence of
prescription steering or shifting of
billing to other pharmacies.
ATTENTION NY MEDICAID - -NYS OMIG
REQUIRES ANNUAL COMPLIANCE
CERTIFICATION EVERY DECEMBER WITH A
WRITTEN POLICY AND PROCEDURE MANUAL
ON YOUR PREMISES
FOR MEDICARE PARTS C/D - CMS REQUIRES
FRAUD WASTE & ABUSE CERTIFICATION
EVERY YEAR AND WRITTEN POLICIES AND
PROCEDURES ALSO REQUIRED
(NOTE: IF YOU MANAGE YOUR OMIG AND CMS
REQUIREMENTS EFFICIENTLY YOU CAN SATISFY BOTH WITH
A PROPER CONSULTING COMPANY FOR YOUR PHARMACY)
ALSO HIPPA COMPLIANCE IS AN ONGOING REQUIREMENT
NOTE: IF YOUR PHARMACY PROVIDES
OVER $5 MILLION IN BILLINGS TO
MEDICAID (INCLUDING MANAGED CARE
BILLING ACTIVITY), YOU ARE REQUIRED
TO HAVE A MUCH MORE ROBUST
COMPLIANCE PROGRAM (AS COMPARED
TO THE NY MEDICAID COMPLIANCE
PROGRAM) PURSUANT TO THE FEDERAL
DEFICIT REDUCTION ACT OF 2005
EXAMPLE OF BASIC COMPLIANCE/FWA
REQUIREMENT:CHECK THE FEDERAL (WWW.OIG.HHS.GOV) ;
AND THE NYS OMIG WEBSITE
(WWW.OMIG.NY.GOV) FOR
EXCLUDED/DISQUALIFIED/DEBARRED
INDIVIDUALS/PRACTITIONERS/BUSINESS ENTITIES
TO ENSURE THAT YOU DO NOT HAVE
EMPLOYED NOR DO YOU HONOR
PRESCRIPTION ORDERS FROM SUCH
PROHIBITED PROVIDERS. VIOLATIONS OF
SUCH CAN TRIGGER TREBLE DAMAGE
RECOVER BY THE STATE/FEDERAL AGENCIES.
MAKE CERTAIN YOU MAINTAIN PROPER PROCEDURE FOR
PROPER BILLINGS OF ALL PHARMACEUTICALS AND
SUPPLIES TO ALL MEDICAID AND MEDICARE (INCLUDING
MANAGED CARE PLANS) PATIENTS.
YOU MUST BILL FOR THE EXACT PRODUCT /SUPPLY WHICH IS BEING
DISPENSED (CHECK FOR ACCURATE GENERIC PRODUCT NDC
NUMBERS, CHECK FOR ACCURATE PRODUCT CODES BILLED FOR
BLOOD GLUCOSE STRIPS)
YOU MUST HAVE DOCUMENTATION OF THE PURCHASE OF THE
PHARMACEUTICALS /SUPPLIES FROM LEGITIMATE SUPPLIERS WITH
AVAILABILITY OF PAYMENT INFORMATION IF SO REQUESTED BY AN
AUDITOR.
HAVE A PROCEDURE FOR REVERSING ALL MEDICATIONS/SUPPLIES
THAT HAVE NOT BEEN PICKED UP WITHIN A REASONABLE AMOUNT OF
TIME. SOME PBMS REQUIRE A TWO WEEK LIMIT ON WAITING TO
“RETURN TO STOCK” OF YOUR WAITING PRESCRIPTIONS SUPPLIES.
HAVE A PROCEDURE FOR THE DISPENSING OF ALL BALANCES OWED
ON PARTIALLY DISPENSED PRESCRIPTIONS WHEN THE FULL AMOUNT
OF MEDICATION/SUPPLIES ARE NOT AVAILABLE AT INITIAL
DISPENSING.
MEDICARE/MEDICAID APPLICATION &
RE-VALIDATION FEE
Section 6401(a) of the Affordable Care Act (ACA) requires the Secretary to impose a fee on each "institutional provider of medical or other items or services and suppliers." The fee is to be used by the Secretary to cover the cost of program integrity efforts including the cost of screening associated with provider enrollment processes, including those under section 1866(j) and section 1128J of the Social Security Act. Based upon provisions of the ACA this fee will vary from year-to-year based on adjustments made pursuant to the Consumer Price Index for Urban Areas (CPI-U). The application fee is to be imposed on providers that are newly-enrolling, re-enrolling/re-validating, or adding a new practice location - for applications received on and after March 25, 2011. The application fee for Calendar
Year 2015 is $553.
THE COSTS OF SUCH COMPOUNDS (PARTICULARLY
THE NON STERILE COMPOUNDS) HAS GONE
THROUGH THE ROOF. NOTE THAT THE TRICARE RX
PROGRAM ( US DEPT. OF DEFENSE) IN 2005 SPENT $5
MILLION ON COMPOUNDS. TODAY SOME TEN
YEARS LATER, THE MONTHLY COSTS EXCEED $217
MILLION) THAT CONVERTS TO AN ANNUAL COST
OF OVER $2.5 BILLION IN ANNUAL COMPOUNDING
COSTS ALONE.
Are you Compounding
Sterile or Non Sterile
Preparations?
WHAT DO WE DO AS
PHARMACISTS?
We need to self police before the compounding scenario
becomes a black eye on our public perception. The CBS
Evening News is doing an expose on the exorbitant cost of
compounds which at times contain over the counter and
herbal therapies.
Be reasonable in your marketing approach. Do NOT pay sales reps by IRS 1099s,(consultants are improper in the pharmacy
arena) that is a violation of Stark federal anti kickback
regulations. Also remember to insert a real meaningful “Usual
and Customary” price prior to completing your dispensing
procedure.
As all Medicare Part D plans are processed through a PBM and most of the NYS
Medicaid claims are now through a Managed Care Organization, the Commercial
Pharmacy Benefit Managers are acting as an extension of the State and Federal
Governments in conducting audits of your pharmacy billings. Part of the selection
process to become a Targeted Pharmacy for audit if your pharmacy practice includes:
Compounding Pharmacies billing for excessively expensive compounds (some prices
exceed $100,000)
Pharmacies that bill for drugs and supplies which surpass predetermined norms
established by the PBM, also known as “Outliers”. Could be excess Biotech or
oncology drugs billed, excessive early refill patterns, evidence of no reversals, or high
incidence of expensive drugs across the board.
Such pharmacies may be requested to supply copies of prescriptions and supporting
documentation along with a full blown audit of all dispensings and documented
purchases for a 6 month to 13 month period.
A REVIEW…
The following Eight slides
review basic issues dealing
with pharmacy audit
concerns for both the
Commercial Insurance
plans as well as Government
(State or Federal)
Sponsored Prescription
Plans…….
.
1) Make sure you bill for the actual
drug product (NDC) or medical
supply (as in blood glucose strips,
etc. code. Do not get caught up in
billing for the best reimbursed
product & then just dispense what
you have on the shelf. Both federal
& state laws require accurate billing
for Medicare and Medicaid Rx claims
as the supplies & drug
manufacturers are responsible for
“back end” rebates of earned
discounts to the various prescription
plan sponsors.
2) Do not do auto-refilling of any
prescriptions covered by a government Rx
program. By auto-refilling, you may feel
you are assisting patient compliance by
doing so, but many if not all PBM’s prohibit
auto refilling programs.
3) DO NOT DISPENSE MEDICATIONS OR SUPPLIES (VIA COMMON CARRIER
OR USPS) TO PATIENTS WHO RESIDE IN STATES WHERE YOUR PHARMACY ISNOT REGISTERED TO DO BUSINESS. (THAT DOES NOT MEAN IF A PERSON
FROM TEXAS WALKS IN TO YOUR PHARMACY FOR MEDICATION, YOU TURN
THEM DOWN, BUT IF A PATIENT OR PRESCRIBER FROM TEXAS CALLS YOU
FOR MEDICATION TO BE MAILED TO THE PRESCRIBER OR PATIENT, THEN
YOU BETTER HAVE A TEXAS PHARMACY REGISTRATION AS AN OUT OF STATE
PHARMACY.) NOTE THAT INSURANCE PLANS AND PBMS ARE AUDITING
YOUR DISPENSING PATTERNS AND SEEKING OUT SUCH VIOLATIONS WHICH
RESULT IN YOUR PBM CONTRACT TERMINATION!
IF YOU ARE REGISTERED AS AN OUT OF STATE PHARMACY MAKE SURE YOU
ARE ALSO ENROLLED TO SUBMIT DATA TO THEIR PATIENT MONITORING
PROGRAM (PMP) IF SO REQUIRED AS RULES VARY BY STATE.
(SOME STATES EVEN REQUIRE PMP NOTICE OF ZERO CONTROLLED DRUG
DISPENSINGS).
4) Make sure you have a policy of reviewing
all prescriptions and supplies which have
been billed to Medicare, Medicaid or other
insurance companies. CVS Caremark
demands a 14 day window for reversals for
prescriptions not picked up.
5) Follow all HIPAA policies and procedures
and in the event you have a on site audit,
make sure the auditor notices your use of a
shredder and your staff observes patient’s
right to have their PHI protected.
6) Make sure your pharmacy can show sufficient pharmaceuticals
and supplies purchased from legitimate wholesalers and
distributors licensed in your state to justify your billings. If you
rely on KOW’s to survive, then make sure you have a written
invoice from your KOW pharmacy friend, and you pay for such
KOW by Check and ask your KOW pharmacy friend for a copy of
their invoice from their legitimate supplier for the product you have
purchased. Make sure your KOW purchases are small in
comparison to your overall operation. This advice comes directly
from a CVS Caremark audit manager.
7) Copays and Compound issues: Make sure you have a
written policy of collecting all copayments and deductibles for
prescription and supplies billed. Additionally if you are a
pharmacy that does sophisticated compounding, make sure
that the prices submitted to PBMs and Insurance Companies
for such compounded Rxs, actually reflect your U&C (what
you would charge) for a “Cash Paying” Patient. The PBMs
and Insurance Companies are well aware of the huge spread
between AWP and acquisition cost on compounding
ingredients. An Rx for compounding may have an AWP of
$45,000 with a net cost of only $1,900, so ask yourself, what
would you charge a cash paying patient? Reflect that price
on your transmission or you are looking for trouble
8) The HHS Office of Inspector General (OIG) is focusing part
of their attention on auditing and reviewing Medicare Part D
claims for Patients that have expired. Especially important is
to confirm that you are aware of the life or death status of your
HIV patients. Millions of Dollars are being spent by our
government for HIV medication for Dead Patients on Medicare
Part D. The D in Medicare is not intended to mean DEAD!!
Copays and Compound issues: Make sure you have a written
pharmacy policy of collecting all copayments and deductibles
for prescription and supplies billed and maintain records of
such.
RESULTS OF COMMERCIAL AUDIT
SHORTFALLS CVS & Catamaran Rx are the two largest auditing PBMs
Catamaran will terminate your contract for shortages of inventory for as little as $900 after an audit and inventory review. Many pharmacists ignore the faxed notice of Catamaran Rx auditor referral to Catamaran Pharmacy Membership Evaluations Committee (PMEC) thus missing an opportunity to appeal the initial findings.
CVS Caremark will withhold double the anticipated audit recovery while you continue to participate as a provider (without getting paid). CVS Caremark may initiate a second audit when there is evidence of fraudulent practices at the pharmacy such as:
Lack of prescriber confirmation of prescriptions billed as not ordered by the prescriber;
Lack of sufficient invoices to justify billings ( KOWs, incorrect NDC for brands and generics, incorrect UPCs for supplies, Significant shortages of legitimate inventory to justify billings of products as just some ways to have shortages which are not acceptable to CVS Caremark).
After the audit, there may be a referral to the Pharmacy Membership Review Committee (PMRC) for potential expulsion from participation in all CVS Caremark plans. Upon completion of the CVS Caremark audit process any excess funds withheld by CVS Caremark will be returned to the pharmacy provider less a 15% surcharge calculated on the recovery amount (if the recovery exceeds $7,500) for the audit handling fee
COMMON HIPAA LINGO: PHI, NOPP, CE, BAA, YOU MUST PROTECT THE PRIVACY OF YOUR PATIENT’S PROTECTED HEALTH INFORMATION (PHI) AT ALL TIMES. PHARMACIES ARE HIPAA COVERED ENTITIES CE NOPP - NOTICE OF PRIVACY PRACTICES – WRITTEN DOCUMENT WHICH MUST BE GIVEN TO ALL NEW PATIENTS ON FIRST VISIT, AND MUST BE SIGNED FOR BY PATIENT OR CAREGIVER.BUSINESS ASSOCIATE AGREEMENT – BAA A CONTRACT BETWEEN THE CE AND A NON HIPAA ENTITY AS A VENDOR.IF YOU LEAVE A LAPTOP ON A BUS OR TRAIN WITHOUT ANY PASSWORD PROTECTION, THAT IS CONSIDERED A PRIVACY AND SECURITY BREACH, EVEN IF NOBODY SEES THE DATA ON THE LAPTOP.
HIPAA REQUIREMENTS
EVERY NEW PATIENT / CAREGIVER MUST RECEIVE A WRITTEN NOTICE OF PRIVACY PRACTICES
(NOPP) IN THEIR FIRST VISIT TO THE PHARMACY – THE PATIENT/CAREGIVER MUST BE
REQUESTED TO SIGN AN ACKNOWLEDGEMENT THAT THE NOPP HAS BEEN RECEIVED.
PHARMACY STAFF MUST BE TRAINED IN POLICIES AND PROCEDURES THAT ENSURE THAT THE
PRIVACY OF ALL PATIENTS WILL BE RESPECTED AND PROTECTED. MANAGE THE PHARMACY IN
A WAY THAT PROTECTS THE PATIENTS PHI, SUCH AS THE WAY RX BAGS ARE POSTED FOR PICK
UP, YOU SHOULD PROTECT THE PRIVACY CONCERNS OF THE PATIENTS. WILL CALL
PRESCRIPTIONS MUST BE DISCRETELY HANDLED. COUNSELING REQUIREMENTS MUST BE
PERFORMED IN A LOCATION WITHIN THE PHARMACY THAT WILL ENSURE THAT THE PATIENT ‘S
PRIVACY IS PROTECTED, AND THE REST OF THE PATIENTS AROUND WILL NOT HEAR THE
CONVERSATION.
PHARMACY NEEDS TO ENSURE THAT ALL WRITTEN RECORDS CONTAINING PROTECTED
HEALTH INFORMATION (PHI) ARE DESTROYED (SHREDDING OR SHREDDING SERVICES ARE
NEEDED) WHICH WILL PROTECT THE PATIENTS FROM THE RISK OF A PHI “BREACH”.
ADDITIONAL PRECAUTIONS NEED TO BE TAKEN ON ELECTRONIC RECORDS HELD AT THE
PHARMACY, INCLUDING LAPTOPS AND DESKTOP COMPUTERS TO PROTECT PATIENT PHI FROM
BEING COMPROMISED.
ANY VENDORS WHICH HAVE ACCESS TO THE PHARMACY PHI NEEDS TO BE FULLY TRAINED IN
HIPAA AND NEEDS TO SIGN A BUSINESS ASSOCIATE AGREEMENT (BAA) WITH THE PHARMACY
TO ENSURE THAT THE VENDOR IS AWARE OF THE NEED TO PROTECT PHI AND ALSO TO ENSURE
THAT THE VENDOR ACKNOWLEDGES THAT THEY ARE LEGALLY RESPONSIBLE ALONG WITH THE
PHARMACY TO PROTECT THE PRIVACY OF THE PATIENT AS WELL AS THE PATIENT’S PHI.
IN THE EVENT OF A BREACH OF PHI AT YOUR PHARMACY IT MUST BE REPORTED TO THE HHS
OFFICE OF CIVIL RIGHTS (OCR). DEPENDING UPON THE SIGNIFICANCE OF THE BREACH, THE
TIMING OF YOUR NOTIFICATION TO OCR MAY VARY AS NOTED ON NEXT SLIDE.
RULES ON HIPAA BREACH
NOTIFICATIONS Breaches Affecting 500 or More Individuals
If a breach of unsecured protected health information affects 500 or more individuals, a covered entity must notify the Secretary of the breach without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach. The covered entity must submit the notice electronically to HHS by completing all of the required fields of the breach notification form.
Breaches Affecting Fewer than 500 Individuals
If a breach of unsecured protected health information affects fewer than 500 individuals, a covered entity must notify the Secretary of the breach within 60 days of the end of the calendar year in which the breach was discovered. (A covered entity is not required to wait until the end of the calendar year to report breaches affecting fewer than 500 individuals; a covered entity may report such breaches at the time they are discovered.) The covered entity may report all of its breaches affecting fewer than 500 individuals on one date, but the covered entity must complete a separate notice for each breach incident. The covered entity must submit the notice electronically by completing all of the fields of the breach notification form.
If you have any questions, you may call HHS OCR toll-free at: 1-800-368-1019, TDD: 1-800-537-7697 or send an email to [email protected].
HHS OCR LINK for breach notifications: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html
In the event of a HIPAA Breach you must report as follows:In addition to notifying affected individuals and the media (where appropriate), covered entities must notify the Secretary of breaches of unsecured protected health information. Covered entity will notify the Secretary by visiting the HHS web site (http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html) and filling out and electronically submitting the breach report form. If a breach affects 500 or more individuals, covered entities must notify the Secretary without unreasonable delay and in no case later than 60 days following a breach. If however affects fewer than 500 individuals, the covered entity may notify the Secretary of such breaches on an annual basis. Reports of breaches affecting fewer than 500 individuals are due to the Secretary no later than 60 days after the end of the calendar year in which the breaches are discovered.
THANK YOU FOR YOUR PARTICIPATION AND
I HOPE YOU HAVE LEARNED SOME
IMPORTANT TIPS ON COMPLIANCE AND
COMMERCIAL PRESCRIPTION PLAN AUDITS
Questions?
Comments?
Concerns?
Jim Schiffer, RPHI, Esq.
Telephone 212 616 7069