After more than four years of HRSA audits and published findings, requirements for 340B program compliance are pretty clear. All covered entities know they need to have good internal audit controls and procedures and active management of their 340B-related vendors. They also should have comprehensive oversight and governance policies. And, they should hire an experienced, qualified independent auditor to help them find and fill compliance gaps.
So, why are covered entities still failing audits?
Our experience shows that many organizations struggle with fundamental compliance management, including:
- Truly understanding what to review and what the review steps should be
- Storing and maintaining all required documents (P&Ps, contracts, invoices, eligibility documentation, etc.)
- Managing simple things like charge master tables, NDC lists, provider lists, HRSA database entries and Medicaid exclusion file data
- Controlling the actions of the split-billing system and contract pharmacy vendors, and really knowing how those systems qualify and include drug transactions or prescriptions
The problem is made worse by the fact that senior leaders or key stakeholders within the covered entity may have little to no awareness as to how the 340B program is managed. In some covered entities, the Authorizing Official is totally blind to day-to-day management of the program, relying entirely on his/her staff to identify and announce compliance gaps or other problems.
Ideally, covered entities would have a comprehensive checklist that covers all of these areas and more. A checklist would give them clear instructions on what to do and when to do it, and serve as documentation that the work is being done. All supporting documents could be stored along with the checklist for future reference or independent review. And, Authorizing Officials could quickly spot compliance gaps in order to ensure timely corrective actions. HRSA and Apexus, via 340B University, offer tools to guide users for some of these items, but the processes are all manual and not broken down into actions.
To fill the gap, Visante recently created Compliance Tool: 340B, a web-based, self-directed compliance review application. The tool is designed to create a minimum standard of compliance, and to help covered entities identify and correct compliance gaps. CT:340B includes 17 tasks covering all aspects of 340B programs, including governance, prescription or drug usage qualification, provider and entity eligibility, and required program exclusions. Users are presented with clear directions on what to measure and how often to perform reviews. Once an assessment is completed, the user answers simple “Yes or No” questions regarding important risk-defining items. Based on these answers, a risk score is calculated and presented on a dashboard that can be easily viewed by the Authorizing Officer, program manager, and other key stakeholders. Corrective action plans can then be implemented according to the risk scores and compliance gaps.
Yes, compliance requirements are getting less murky. But it doesn’t mean they’re simpler. Spending a small portion of 340B program savings on compliance management should be considered an investment in the long-term sustainability of the program. It’s also a cheap way to buy peace of mind.