Developing a Transparent 340B Audit Strategy

March 2021 - Vol.18 No. 3 - Page #24
Category: 340B Software

With the 340B Drug Pricing Program, covered entities can provide significant support to efforts focused on serving vulnerable patient populations. While not all health care organizations qualify to participate in the 340B program, it is important for those that do qualify under Section 340B(a)(4) of the Public Health Service Act, and are registered with the Health Resources and Services Administration (HRSA), to ensure program integrity.

As part of the annual recertification process, the authorizing official must attest that the covered entity is fully compliant with the 340B program. Under the 340B statute, a covered entity must maintain auditable records and is subject to approved manufacturer and HRSA audits. HRSA launched its auditing program in 2012 and has completed approximately 200 covered entity audits each year for the past 5 years.1 HRSA will continue to audit covered entities moving forward and could increase audit capacity in response to the growth of the 340B program. Failure to comply with program requirements has serious consequences, ranging from required repayments to the manufacturer to removal from the program. As such, developing and maintaining an internal audit infrastructure will help prepare covered entities to handle such audits and ultimately maintain program compliance.

Establishing an Audit Program

The infrastructure for an internal audit program will vary based on the covered entity’s 340B footprint and available resources. For example, the internal audit infrastructure for a Title X Family Planning Program will likely be vastly different than the internal audit infrastructure at a disproportionate share hospital (DSH) with several child sites, in-house outpatient pharmacies, and contract pharmacies.

It is not uncommon for covered entities with a smaller 340B footprint to assign these auditing tasks as only a portion of an employee’s job responsibilities. Conversely, larger health systems are more likely to have staff members dedicated solely to 340B auditing. At University of Kentucky (UK) HealthCare, two dedicated 340B compliance coordinators are employed to conduct regular internal audits of the DSH 340B program. These two employees report to the director of pharmacy supply chain and 340B operations. In addition, all 340B-related activities are then discussed with the 340B Steering Committee, which includes representation from major stakeholders throughout the health system.

Quality Measures

Regardless of the size of the program, maintaining 340B expertise and staying abreast of related developments is extremely important to ensure program integrity and quality. There are a variety of resources available in the marketplace that provide 340B-related updates to stay informed of current events. The 340B statute designates a Prime Vendor Program (PVP) to support covered entities. Apexus LLC, the PVP designated by HRSA through a competitive bid process, offers free resources through tool kits, on demand web-based training modules, live training sessions, and advanced training programs. These resources serve as an excellent starting point for establishing a compliant foundation within a covered entity. Additionally, the PVP can serve as a resource to answer questions as they arise during daily operations.

Furthermore, it is important to establish mechanisms to educate frontline staff members, outside of the 340B audit team, regarding compliance elements. Particularly for organizations with larger 340B footprints, maintaining a standard level of knowledge among pharmacists, pharmacy technicians, and other staff members whose daily tasks and actions impact 340B compliance, is best practice. This requires educating staff on institution-specific 340B policies and procedures, as well as establishing which staff members within the organization serve as resources for answering 340B-related questions. Incorporating these elements into annual trainings is a feasible approach to document compliance.

Designing Internal Audits

Internal auditing is critical to ensuring program integrity, and allows the covered entity to identify potential issues and work toward their resolution in a timely manner. A lack of formal internal auditing could make the covered entity more vulnerable to audit findings, resulting in a corrective action plan when audited by HRSA. Similar to the infrastructure of a 340B audit program, each internal audit plan will vary based upon the complexity of the covered entity’s operations. While there are multiple strategies to auditing the various elements of the 340B program, foundational aspects must be addressed by all covered entities. This includes who will conduct the audits, what will be audited, how frequently audits will occur, how the results will be shared, and who will be responsible for following up on any internal audit findings.

UK HealthCare has a structured internal audit plan that was developed in coordination with the UK Office of Corporate Compliance. The audit plan is broken down into annual, quarterly, monthly, and weekly audits. Examples of the audited components include:

  • Annual Audits. The Medicare Cost Report and the calculated DSH percentage are monitored and audited on an annual basis. The audit results serve to document that the DSH percentage is greater than 11.75%. Furthermore, this audit ensures that the appropriate DSH percentage is entered during the annual HRSA recertification process for UK HealthCare.
  • Quarterly Audits. The HRSA Office of Pharmacy Affairs Information System (OPAIS) is monitored and audited for accurate covered entity information on a quarterly basis. The audit includes, but is not limited to, a review of the authorizing official and primary contact information, covered entity and child site addresses, shipping addresses, contract pharmacy information, and Medicaid information. This ensures frequent review of items that are commonly found on HRSA audits and allows for quick corrections by the covered entity should discrepancies be found.
  • Monthly and Weekly Audits. The monthly and weekly audits encompass the day-to-day operational items of the 340B program. These include, but are not limited to, outpatient prescription transactions from both entity-owned outpatient pharmacies and contract pharmacies, mixed-use setting replenishment, split-billing accumulator audits, and clinic-administered medication audits.

Outpatient prescriptions are audited most frequently, with the goal of ensuring that the 340B patient definition is satisfied for each prescription. Performing retrospective tracers to document that the prescription was written by a qualified provider, prescribed to an eligible outpatient in an eligible location, and that the encounter was documented in the medical record, supports the creation of a consistent approach to each audit. Because HRSA audits also use the tracer methodology, this allows staff to develop an efficient process for retrieving necessary information in the event of an external audit.

The volume of audit samples chosen is dependent upon the capacity of the audit team. One approach is to audit a certain percentage of 340B adjudicated transactions during a specified time period, or, if staff capacity is limited, establish a specific number of prescriptions to audit. Regardless of the algorithm that the covered entity decides to use for determining the sample size, the samples should be selected at random. For outpatient prescription audits, this includes auditing both high and low dollar transactions from entity-owned pharmacies as well as contract pharmacies. Auditing prescriptions from each entity-owned pharmacy and contract pharmacy will help identify any systemic issues. An effective approach is to emulate the events a covered entity is likely to experience during an actual HRSA audit.

Sharing Audit Results

Developing a mechanism to share the audit results, and subsequently following up on audit findings, helps to maintain transparency and audit integrity. The audit results at UK HealthCare are regularly shared with members of the 340B Steering Committee. If negative findings are identified in an audit, the next step is determining if this constitutes a material breach per the covered entity’s policies and procedures. If it meets the material breach definition, then self-disclosure to HRSA and the identified manufacturers is required. Maintaining proper documentation throughout the entire self-disclosure process is a priority in the event the covered entity has difficulty resolving the material breach. Furthermore, the documentation will be invaluable should HRSA inquire about the breach during a future audit.

Note that if the negative findings do not meet the material breach definition, corrections should still occur. This may necessitate involving applicable wholesalers, manufacturers, and/or third-party administrators for resolution. Once all negative findings have been resolved, closing out the audit by reporting to the internal stakeholders facilitates closed-loop communication.

Maintenance Beyond the Audit

Outside of the standard audits, ongoing maintenance of the covered entity’s provider file and encounter file should be performed. As providers come and go from an organization, it is important to ensure that eligible start dates and end dates are maintained within the pharmacy systems that track program eligibility. Additionally, as the covered entity may have new child sites added or removed, updates of the encounter file logic should not be forgotten. Both of these files are critical to the downstream success of the 340B program and proper upkeep can help mitigate any future challenges.

If a covered entity is subject to specific 340B modifiers that need to be submitted on drug claims, regular audits of this process should also be conducted. This includes JG/TB modifier reviews for specific Medicare claims and state-specific modifiers for Medicaid claims. Since not all covered entities are subject to the same modifiers, and not all states have the same requirements, it is important to understand the specific conditions that apply to your organization.

Nurturing a positive working relationship with the organization’s information technology department, credentialing office, and finance department can prove beneficial when addressing discrepancies. Furthermore, established contacts within the covered entity’s third-party administrators, pharmacy adjudication systems, and payors can be leveraged when investigating audit findings.


Given the significant value that the 340B drug pricing program can provide to a covered entity, developing a transparent audit strategy that fits the specific needs of the covered entity is important to ensuring program integrity. As the 340B program evolves and new requirements are mandated, having a core group of individuals within the organization that can coordinate any necessary program changes, and subsequently conduct internal audits, will help the covered entity better prepare for an external audit.


  1. 340B Drug Pricing Program – Program Integrity. Health Resources and Services Administration Website. April 2020. Accessed October 20, 2020.

Jonathan A. Labuhn, PharmD, MBA, BCPS, is the director of pharmacy supply chain and 340B operations at University of Kentucky HealthCare. He received his PharmD and MBA from the University of Findlay in Findlay, Ohio, and subsequently completed a PGY1/PGY2 health system pharmacy administration residency at the University of Kentucky Chandler Medical Center.


Like what you've read? Please log in or create a free account to enjoy more of what has to offer.

Current Issue