The 340B program presents covered entities with very important financial support to assist with the extension of care to the most vulnerable populations.
However, the program is under scrutiny from multiple sources including the pharmaceutical and biotech industry, community oncology groups and elements of congress. For organizations with a 340B program, the best defense against these critics is a high functioning compliance program that clearly demonstrates that all required program elements are being met and that the savings from the program are going to the intended purpose.
Convincing critics that savings are properly incurred and put toward extending care to more patients presents some significant compliance challenges. The program is a bit of a “moving target” and while rules and requirements are in place through HRSA and the Office of Pharmacy Affairs there are still numerous gray areas and a variety of opinions on the degree of risk associated with those areas. Also, HRSA requires an annual attestation letter from each covered entity’s authorizing official who must be certain that their program is in full compliance.
While the vast majority of covered entities have formal 340B Compliance Programs in place the key question remains – How Effective Is Your Compliance Program? In order to ensure attestations are valid and all 340B program requirements are being met, all covered entities must regularly evaluate the effectiveness of their compliance programs.
The US Department of Justice in their publication “Evaluation of Corporate Compliance Programs” suggests a number of questions for organizational consideration in evaluating compliance programs.1 Looking at these questions and relating them to the 340B program, organizations may consider the following as a potential framework to help answer this question:
Senior and Middle Management
• How engaged is senior and middle management in the oversight of the program in terms of understanding program requirements and discouraging program misconduct? Far too often in our work we find the perspective among senior leadership that 340B is “a pharmacy program” and senior leaders do not understand the degree of effort and resources required to maintain a fully compliant program. 340B is definitely not just a pharmacy endeavor. It is an organizational program that requires a strong working relationship between pharmacy, finance, government affairs and others, and that must include a knowledgeable and engaged senior management group to support optimal compliance.
• What types of information does senior management regularly review in their exercise of program oversight? Too frequently there is no regular review of program oversight and risk status by senior leadership. We believe that a summary report of compliance and risk should be at least a quarterly element of senior leadership program oversight.
Autonomy and Resources
• What has been the turnover rate for 340B program personnel? A common problem among 340B programs is having only one or two people that hold all of the institutional knowledge and memory regarding the program. If those people leave the program, the expertise and knowledge leaves with them. Programs should have a system in place that supports continuity of compliance functions and institutional program history even if there is personnel turnover.
• Does your program have any dedicated oversight? 340B programs, particularly in larger hospitals, are very complicated. It is important that staff responsible for oversight and day-to-day operations not be spread too thin with other responsibility. A dedicated position that is focused on performance of the program is important.
Policies and Procedures
• How has the organization assessed whether applicable 340B policies and procedures have been effectively implemented? It is certainly one thing to have the appropriate policies and procedures but that is only part of the compliance equation. Organizations must regularly evaluate that the P&Ps have actually been implemented and are being followed as detailed.
• How does the organization evaluate the usefulness of these policies and procedures? Following up on the previous point, organizations should regularly assess the usefulness of their P&Ps as well. Are the 340B P&Ps actually supporting a robust compliance program?
Risk Assessment
• What methodology has the organization used to identify and analyze program risk points? Far too often this is all done manually using “home grown” spreadsheets or programs rely on a once a year external audit. Compliance should be a regular function with the appropriate tools to support it. This assessment should use changes to program elements (such as addition of contract pharmacies or changes to the Medicare cost reports) as sentinel events to re-evaluate risk as well as a defined and organized process to complete daily, weekly, monthly, quarterly and annual compliance functions.
• What information or metrics has the organization collected and used to help detect program misconduct? As noted previously, too often the metrics to detect non-compliance are not clearly established or regularly reviewed. This becomes even more problematic for hospital systems with multiple covered entities in the system. They do not have an effective mechanism to monitor and guide compliance for the system from a central location. Along with metrics it is also important to make sure that all relevant program documentation to support compliance is readily available and retrievable. Ideally this would all reside in once central digital repository.
Training and Communication
• How has the organization assessed the effectiveness of training and the competency of 340B program personnel? What are the program elements that are most likely to result in serious consequences if there is evidence of non-compliance? Too often organizations treat their 340B training with a “one size fits all” approach when in reality there are key aspects that pose a much higher degree of risk than others and may require more focused education. Also as noted previously 340B is not a “static program” it is always evolving so a regular investment in keeping 340B staff current with program directions is a key element to support compliance.
• How has the organization assessed whether its 340B personnel know when to seek expert advice? The 340B program is very fluid with numerous gray areas as previously noted. Often external opinions on complex program issues are a good idea but organizations should have a clear process in place for when and where they go for accurate compliance advice. There are a multitude of 340B consultants with a variety of backgrounds and expertise and it is important to properly validate consultant expertise before selecting and following any advice.
Confidential Reporting and Investigation
• How has the organization collected, analyzed and used the information from its reporting systems? It is common to see organizations with significant amounts of 340B program data that have not converted that data into actionable information that can be analyzed and used to support an effective compliance effort.
• How high up in the organization to 340B program compliance and risk reports go? At a minimum compliance reports should regularly reach the authorizing official but given the program impact in most organizations the CEO, COO and CFO (if not the authorizing official) should also be regularly apprised of compliance and risk status for the program.
Outcomes
• What is the organization’s record (e.g. number and types) of non-compliance outcomes? Any non-compliance discovered and corrected should be documented and tracked longitudinally to ensure that there is not a continued pattern of these issues.
• Have non-compliance deviations been addressed in a consistent manner? We see a wide variety of responses to non-compliance corrections across the country. Organizations should have a defined policy in place for how they handle any detected non-compliance including a defined threshold and process for self-reporting.
• Does the covered entity create a compelling Community Benefit document that details how they are using the 340B program savings to extend care to vulnerable patient populations? One of the key criticisms of the 340B program is that covered entities have not used the savings to foster programs that directly benefit the patients the program was intended to help. Careful accounting and documentation of community services provided are critical. And the stronger the correlation between the 340B savings and program funding, the better. While this is not a current HRSA requirement there is current debate at the congressional level for more transparency in the program and proactively working to provide this type of documentation is in the covered entities best interest.
Continuous Improvement, Periodic Testing and Review
• Has the organization had an external review and audit of its 340B compliance program including testing of relevant controls (e.g. split billing systems), collection and analysis of compliance data (e.g. audits of all claims types in sufficient quantities to provide a valid sample) and interviews with key 340B program individuals? With continued expansion of HRSA compliance audits it is no longer a question of “if” a covered entity will receive a HRSA compliance audit it is more a question of “when”. To support maximum compliance readiness there are numerous external audit resources available however entities should be careful to ensure that any external entity selected for audit support is completely independent and free of any conflicts of interest around the program. At a minimum covered entities engaged in contract pharmacy operations should have an annual external review of these activities and all covered entities would be well advised to seek an external program review at least every three years or whenever any major programs elements change.
Third-Party Management
• How have third party administrators been monitored? Third party administrators (TPA) provide the split billing and contract pharmacy management software that allows programs to effectively manage their programs but TPAs are only as good as the data that the covered entity supplies to them. We often find that TPAs are a major point of risk primarily because organizations have not done a good job of keeping the required information updated such as provider files or they have not adjusted TPA settings to match changes in their EHR system. Checks on TPA performance should be a regular element of a comprehensive compliance program assessment.
• How is external audit support activity evaluated? As noted earlier, a careful due diligence regarding any external audit support should be done in terms of auditor performance – what is their experience and history with the program? Have any organizations left them and why? Have they managed and ran their own programs? Have they attained external credentials such as the Apexus Advanced 340B Operations Certificate Program? How large is their sample size for review? Do they review all claims types? Will they come on site with you for a HRSA audit? What do their final reports entail (ask for an actual redacted report to compare)? How do they price – is their pricing transparent and does it accurately reflect the value that they offer? Just having an external audit does nothing to protect a covered entity in terms of an actual HRSA audit unless the services provided are robust enough to actually help find and proactively correct any real or potential issues.
Summary
The 340B program is a very valuable financial means for covered entities to help stretch scarce resources to extend care to more patients, including those most vulnerable and in need of financial assistance. However, like all resources the 340B program must be supported and effectively managed if it is to continue to provide the needed level of support. The best way to ensure the continued viability of the 340B program is through a robust compliance program that clearly articulates and documents the program performance and utilization. To support optimal compliance efforts, covered entities should regularly focus attention on the construct and performance of their 340B compliance programs to validate that the compliance program is performing as expected and delivering the desired results.
References
1. U.S. Department of Justice Criminal Division Fraud Section, Evaluation of Corporate Compliance Programs, https://www.justice.gov/criminal-fraud/page/file/937501/download, Accessed March 3, 2018
Author Identification
Gregory Strohs, RPh, MBA is the Corporate Director of Pharmacy for the Adventist Health System. 900 Hope Way, Altamonte Springs, FL 32714
Gregory.strohs@AHSS.org
(407) 357-2143
James Jorgenson, RPH, MS FASHP is the Chief Executive Officer for Visante Inc. 101 E. 5th Street, #2220, St Paul, MN 55101
jjorgenson@visanteinc.com
(317) 997-2004