The 340B Drug Program plays a crucial role in providing medication to underserved populations. Given its importance in vulnerable communities, covered entities work diligently to maintain compliance and certification. However, this is not an easy task, and recertification or facing a Health Resources and Services Administration (HRSA) audit can be daunting. One of the best ways to ensure the success of a facility’s program is by taking steps to toward 340B compliance throughout the program’s lifespan rather than just at the time of these milestone processes.
Maintaining organized and accurate documentation is one of the first steps to ensuring that a covered entity is prepared for recertification and for audits. This starts with confirming that all information in the Office of Pharmacy Affairs Information System (OPAIS) system is up-to-date, as overlooked changes can have a large impact on the program. Information about the recertification process and notification of audits is sent via email to primary contacts and authorizing officials at each facility, and information in the OPAIS system is used in turn for these processes, so it is important that this information is updated as soon as personnel or other changes take place.
Similar efforts at maintaining up-to-date documentation should be applied to the following processes:
Policies and Procedures
During a 340B audit, policies and procedures (P&Ps), and how they are operationalized, are reviewed. P&Ps should be well documented and maintained, as well as enforced by pharmacy leadership to ensure compliance year-round. They should be clear and concise so that both pharmacy staff and other departments involved with the program can easily understand expectations and protocols. To that end, all staff involved with the 340B process should undergo training on the P&Ps so that they become a standard level of knowledge. By training staff to take ownership of the program and encouraging them to come forward with any issues, a system of checks and balances is developed, and it may be easier to quickly identify areas of noncompliance.
Some P&Ps to include are:
Once internal P&Ps are created and documented, they should be updated and reviewed regularly. Additionally, new staff onboarding should include a review of these P&Ps and current staff should undergo annual refresher training.
A Multidisciplinary Approach
340B compliance is not the responsibility of the pharmacy alone. Consider instituting a multidisciplinary committee to ensure that the entire hospital is committed to meeting the necessary requirements. The committee may include the legal, compliance, financial, IT, and business services departments. A relationship with these disciplines will be useful when conducting audits, purchasing and implementing software, and addressing any issues that may arise. The committee should also be involved as needed in the development of P&Ps.
Aside from the committee, at least one individual from pharmacy should take leadership of overall compliance. This individual should have a firm understanding of the P&Ps, hospital and patient eligibility, and the rules and regulations surrounding 340B as they evolve. The designated manager will be tasked with ensuring that the committee and members of pharmacy are properly trained and kept abreast of any changes. They may also oversee internal audits that are conducted and take responsibility for sharing subsequent results.
It is not necessary to wait for an HRSA-official audit to vet a hospital’s program. Internal audits are a useful way to analyze a facility’s 340B program integrity and quickly identify any issues. Large-scale audits should be completed on an annual basis. These yearly reviews should mimic the conditions of an HRSA audit, including requiring the same documentation, checking for diversion and cost duplication, and monitoring that all P&Ps are being followed accurately. Quarterly audits should monitor authorizing officials and general hospital information as well as pricing updates. Day-to-day tasks may be monitored on a monthly or weekly basis, and can include vetting prescription transactions, split-billing adjustments, and package size verification. Random patient samples may also be reviewed to verify eligibility of patients, providers, and orphan drug status.
Audits should be led by the pharmacy director and the 340B program manager. Private, third-party vendors may also be utilized to conduct these internal audits. These companies are experts in compliance and HRSA expectations and can provide a different perspective on issues that may be overlooked. These vendors are also knowledgeable on changing policies and legislation and continually fine tune their processes based on trends seen in the HRSA audit process. There are also tools available at the HRSA website and through vendors to support facilities in the completion of their own self-audits.
No matter the approach taken, audits should be completed consistently and thoroughly. Results may be shared with the internal multidisciplinary committee or a vendor to help identify any issues and subsequent solutions. Certain breaches in compliance must be shared with the HRSA as well. The maintenance of proper documentation throughout the lifespan of the program will help to ensure that breaches identified during audits are quickly addressed.
Investing in Software Solutions
Given the multitude of requirements, a strong set of P&Ps and a regular internal auditing schedule alone are not always sufficient to ensure that a facility is 340B compliant. However, there are many vendors who will work with a hospital to find a solution for items commonly identified during audits. Existing software performs the following functions:
There are several considerations when choosing a software program. These may include training, reporting and troubleshooting assistance, account management, and multiple contacts, be it onsite or remote, to provide support during an audit. Ease of use and interface types are additional considerations. As these systems will be used daily, it is important to determine if software is compatible with existing workflows and systems, and if metrics required for the success of the program are offered. Vetting all options prior to committing to a solution will help ensure a seamless transition and allow facilities to make the most of what each software has to offer.
In addition to compliance software, formal 340B training and certification programs are also available for staff. These programs are tailored to each role’s level of involvement in the 340B program, and refresher courses may be completed annually.
Over the past few years, the introduction of new legislation by HRSA regarding the 340B program has increased. These changes have included updates to the OPAIS registration process and requirements for covered outpatient drugs purchased on a GPO account. Audits performed by HRSA have also shifted focus, with an emphasis on avoiding diversion and duplicate discounts. Staying informed about HRSA updates can help guide compliance and ensure that entities are not caught unaware by any changes. The dedicated 340B compliance individual should make a point to stay informed of these changes, educate staff when they occur, and to take the lead on updating P&Ps as needed. Staying informed will also guide the internal audit process and help facilities keep on top of compliance.
340B certified facilities are key to health care in the communities that they serve. However, there are many components to the 340B program, including managing medication and patient information, HRSA audits, and annual recertification. It can be difficult to keep track of all the pieces needed to ensure compliance, especially when faced with changing staff, requirements, and legislation. Fortunately, there are many internal steps and external resources available to help navigate these challenges. Implementing a proactive, organized approach throughout the lifespan of a 340B program will help ensure its success.
Amber Wozniak is the senior editor at Pharmacy Purchasing & Products. She can be reached at firstname.lastname@example.org.