As part of its expanded authority resulting from the Patient Protection and Affordable Care Act (PPACA), the Health Resources and Services Administration (HRSA) is continuing its efforts to ensure compliance with 340B Drug Pricing Program (340B program) requirements through annual recertifications of compliance and audits of covered entities. Participating 340B program covered entities may access significant discounts on the purchasing cost of outpatient prescription drugs, and are required to meet certain program requirements, including the prohibition on diversion of 340B program discounted drugs to individuals who are not patients of the covered entity and on the purchase of a discounted drug that is also subject to a rebate under the Medicaid Drug Rebate program. In 2012, HRSA began requiring covered entities to certify compliance with 340B program requirements, and began conducting both random and targeted audits of covered entities.

Hospital Recertifications of Compliance

HRSA’s second annual recertification process for all hospitals participating in the 340B program begins August 19, 2013. Hospitals have four weeks to complete their recertification, and failure to recertify may be grounds for removal from the 340B program. An authorized official for a participating hospital must review information in HRSA’s 340B-covered entity database to ensure that the listing for the hospital is correct, including the listings for all contract pharmacies, outpatient hospital sites that utilize 340B program drugs, and any child sites that receive 340B program drugs through the parent’s 340B-covered entity status. In addition, the authorized official must certify compliance with 340B program requirements.

This year, HRSA’s hospital recertification language requires the hospital to certify that, if applicable, the hospital complies with the 340B program statutory prohibition on Group Purchasing Organization (GPO) participation and HRSA’s Policy Release 2013-1 that specify that applicable covered entities not obtain covered outpatient drugs through a GPO. The GPO prohibition applies to disproportionate share hospitals (DSH), children’s hospitals, and free-standing cancer hospitals. The deadline for complying with the HRSA Policy Release was August 7, 2013.

Specifically, the upcoming hospital recertifications will require the authorizing official to certify on behalf of the covered entity that:

  1. All information listed in the 340B program database for that covered entity is complete, accurate, and correct
  2. The covered entity meets all 340B program eligibility requirements, including (if applicable) the statutory prohibition and HRSA Policy Release guidance on GPO purchasing
  3. The covered entity is complying with all requirements and restrictions of the 340B program statute and any accompanying regulations or guidelines including, but not limited to, the prohibition against duplicate discounts/rebates under Medicaid, and the prohibition against transferring drugs purchased under the 340B program to anyone other than a patient of the entity
  4. The covered entity maintains auditable records demonstrating compliance with 340B program requirements
  5. The covered entity has systems/mechanisms in place to reasonably ensure ongoing compliance with 340B program requirements
  6. If the covered entity uses contract pharmacy services, that the contract pharmacy arrangement is performed in accordance with the HRSA Office of Pharmacy Affairs (OPA) requirements and guidelines including, but not limited to, that the hospital obtains sufficient information from the contractor to ensure compliance with applicable policy and legal requirements, and the hospital has utilized an appropriate methodology to ensure compliance (e.g., through an independent audit or other mechanism)
  7. The covered entity acknowledges its responsibility to contact OPA as soon as reasonably possible if there is any material change in 340B program eligibility and/or a material breach by the covered entity of any of the foregoing
  8. The covered entity acknowledges that if there is a breach of 340B program requirements, the covered entity may be liable to the manufacturer of the applicable covered outpatient drug and, depending on the circumstances, may be subject to the payment of interest and/or removal from the list of eligible 340B entities

340B Program Audits

During the 2012 fiscal year, HRSA conducted audits of 51 covered entities to determine their compliance with 340B program rules. The audits were conducted randomly, with a focus on covered entities that posed a higher risk of non-compliance based on several factors, including program type, volume of 340B program purchases, complexity of program administration, and use of contract pharmacies, as well as on a targeted basis, such as through responses to specific complaints, self-reports, or whistleblowers. During the 2013 fiscal year, HRSA has expanded the audit program, and has audited or is currently auditing more than 100 covered entities.

The results of completed 2012 audits have been made publicly available.1 Examples of violations include the diversion of 340B program drugs to ineligible patients, inaccurate records in the 340B program database, use of contract pharmacies without compliant written contracts, and the claiming of duplicate discounts. Many of the covered entities found to be in violation have been required to submit corrective action plans and are awaiting sanctions from HRSA.

In addition to audits conducted by HRSA, many drug manufacturers also have begun conducting audits of covered entities. Manufacturer audits may focus on issues such as the diversion of 340B program drugs to individuals who are not patients, duplicate discounts claimed under the 340B program and the Medicaid Drug Rebate Program, or lack of documentation to support billing to the manufacturer. Adverse findings from a drug manufacturer audit can be resolved between the parties, or submitted to HRSA for dispute resolution.

Conclusion

The recertification requirements and audit activity are the result of an ongoing emphasis on improving oversight of 340B program compliance. Participating covered entities should take the opportunity provided by the recertification effort to review their programs so they can complete their recertifications and demonstrate compliance to HRSA in the event of an audit. While HRSA has not expressly required covered entities to conduct self-audits, the certification language expressly requires confirmation that the covered entity has auditable records available that demonstrate compliance, and internal audits have been highly recommended by HRSA. Covered entities should also have policies and procedures in place that document their procedures for ensuring 340B program compliance. HRSA also expects that covered entities exercise oversight of the activities conducted on their behalf by contract pharmacies, through actions such as periodic independent audits and review of the contract pharmacy’s policies and procedures.