The 340B Drug Pricing Program is essential for the financial sustainability of covered entities providing care to vulnerable populations. Savings realized through the program allow covered entities to expand access to necessary services and medications. However, the 340B participation requirements outlined by the Health Resources Services Administration (HRSA) necessitate the implementation and maintenance of processes that protect the best interest of all stakeholders in the program. Conducting consistent and thorough auditing is the best strategy to demonstrate compliance and prevent financial liability.

At Eskenazi Health, auditing is a key part of 340B compliance. Savings seen through the 340B program help Eskenazi Health spread scarce resources to better teach, serve, advocate, and care for the vulnerable population of Marion County, Indiana. Regardless of their ability to pay, no patient leaves an Eskenazi Health facility without their needed medication. The Eskenazi Health 340B program spans several locations, including a 327-bed disproportionate share hospital (DSH), along with the following additional sites: three DSH clinic sites, 13 federally qualified health centers, nine retail pharmacies, and two family planning clinics. Strong program leadership, oversight, and engagement are critical for a 340B program to operate efficiently and compliantly.

A Multidisciplinary Approach

Currently, the 340B program faces several challenges from manufacturers and legislation that may diminish overall program benefits or require significant changes to hospital operations. Thus, a multidisciplinary team well versed in program compliance is crucial for adapting to the rapidly changing 340B landscape. Build an understanding of the importance of the 340B program within your organization by creating engagement through a 340B oversight committee. The committee should meet regularly to update policies and procedures (P&Ps), discuss program challenges, and evaluate the overall performance in order to create a collaborative sense of involvement in the success of the program. This committee may be comprised of individuals from each of the following areas:

• Hospital Administration
• Director of Pharmacy
• 340B Program Coordinator
• Pharmacy Inventory
• Legal/Compliance
• Information System/Information Technology (IS/IT)
• Finance
• Internal Auditing

A designee, typically the 340B program coordinator, should facilitate committee meetings and inform the other members of any 340B program updates and operations. Furthermore, this individual should maintain the responsibilities of overseeing the audit process, conducting staff education, and advocating for the program’s sustainability. All individuals involved with the program should be encouraged to complete formal 340B training or annual competencies to remain current.

Internal Auditing

There are a variety of factors that influence different aspects of the 340B program, which can make compliance seem like a moving target. We saw this during the COVID-19 pandemic when updates to HRSA guidance, drug shortages, and fluctuations in hospital operations forced eligible entities to make rapid updates to adapt to institutional needs. Given these various factors, internal auditing is a dynamic and necessary process to evaluate all areas of the entity’s program to assess ongoing compliance with requirements for participation.

Under best practice, an entity’s P&Ps should outline current methods of compliance with the 340B statute, guidance, and policy requirements, as well as provide a template for standard operations. The 340B compliance committee should regularly review P&Ps to determine if the methodologies for routine self-auditing and internal corrective action align with operations and program changes. If applicable, state and third-party contract requirements should also be evaluated and documented.

The complexity of the 340B program can make approaching the audit process daunting. A simple first step is ensuring that all of the information contained within the Office of Pharmacy Affairs Information System (OPAIS) database is up to date. Eligibility and program documentation should be reviewed and updated at least quarterly, not simply during enrollment and recertification. Organized records validating the accuracy of the OPAIS information should be routinely verified for accuracy and should be made readily available for all recertification and audit purposes. Inaccuracies in the database, such as duplicate discount Medicaid Exclusion File information, can result in serious compliance consequences for an entity.

Auditing with Data Analytics

Group Purchasing Organization prohibition and diversion requirements demand audit teams engage with administration and purchasing data to assess compliance. Covered entities are often responsible for monitoring thousands of daily transactions involving eligible medications. Leveraging data analytics, whether insourced or outsourced, to create a global view of all transactions involving eligible medications helps to maximize program savings in addition to managing compliance.

Data Gathering

While many 340B third-party administration (TPA) split-billing software and compliance management systems have evolved to include robust amounts of data, leveraging internal reporting from multiple systems allows auditors to discover potential gaps and improve operations. Start by listing databases and teams within your institution that have access to drug transaction information (see TABLE 1).

Click here to view a larger version of this TABLE.

Including data analytics in audits involves the 340B auditing team collecting reports from systems that have data relevant to medication 340B eligibility, pricing, purchase quantities, purchase accounts, returns, utilization, charges, accumulations, inventory transactions, and waste. Many systems containing this information may not feed into the TPA split-billing software but can supplement TPA data to explain anomalies.

For example, Eskenazi Health’s TPA split-billing software data revealed increased wholesaler acquisition cost (WAC) spending on a certain medication because the accumulations were not being generated at the rate of purchases. In this case, automated dispensing cabinet transaction data demonstrated heavy utilization in a clinic area despite the TPA software not receiving this administration data. Upon further investigation, it was revealed that the clinic staff had issues scanning the medication, and subsequently, the data was not being discreetly captured in the EHR or TPA software. In this case, utilizing supplemental data from non-TPA sources helped to identify the root cause of the issue and resulted in additional savings once corrected.

Data Validation

High quality data establishes the foundation for understanding limitations, inaccuracies, and inconsistencies in system data. Validating each data set for errors is imperative to generating useful auditing results and creating high-quality reports. Some data validation methods include:

• Identifying duplicate data lines
• Filtering data for any outliers (ie, large dispenses or purchases)
• Examining data labels for consistency (ie, insulin dispense data in units versus purchase data in vials)

The 340B audit team should engage with members of IS/IT and analytics teams to build and validate reports. Through training and experience, auditors will learn to independently complete the validation process and triage issues. Competencies related to data management should be integrated into the onboarding process in conjunction with audit processes. Specifically, Microsoft Excel training on the VLOOKUP and pivot table functions lay the foundation for data validation, merging, and navigation from multiple sources.

Data Analysis

Validated data can be used to make informed decisions about 340B program compliance and financial performance through the build-out of data sets and dashboards. Report designs will depend on entity type, available data, and operations. TABLE 2 outlines reporting methods currently employed at Eskenazi Health.

Click here to view a larger version of this TABLE.

Reports generated internally can build a better understanding of where auditing resources can be best utilized. For example, an NDC with a high number of accumulations may lead to an error in TPA split-billing software package units or an erroneous quantity in EHR administration data. Potential target areas may include:

• Eligible medications that are always purchased on non-WAC accounts
• NDCs with high accumulations or negative accumulations
• High dollar and high volume medications
• Purchases not routed through split-billing software
• Newly eligible areas
• Newly purchased or dispensed NDCs
• Medicaid eligible dispenses

Achieving a comprehensive auditing program is a nuanced process that requires a strategic approach to effectively monitor all areas of the program. The data gathering and validation process force users to intimately understand all the information driving their systems. There is an unavoidable trial and error component to creating useful reports, but this process rewards significant user investment with a profound insight into current operations. Once reporting methodologies and processes are developed, users can audit with improved accuracy and efficiency.

Electronic Health Record Auditing

Even with advanced analytics, the bulk of usable EHR data is reliant on manual user inputs. Staff members responsible for prescribing and administering medications must properly record many of the items determining 340B eligibility. A manual review of medication administration and dispense data should be conducted to ensure that the data being recorded by users is complete and accurate. Selecting a mix of samples from targeted and random areas is an effective way to approach EHR auditing. The methods and the minimum number of samples should align with the institutional P&Ps. At a minimum, manual audits should review the following:

• Eligible provider
• Eligible location
• Eligible service covered by grant (ie, grantees)
• Outpatient status
• Medication and quantity dispensed

External Auditing

Given the complexity of program requirements, partnering with external auditors may improve program compliance and increase confidence in program operations. Seasoned external auditors provide the added benefit of having examined practices from a host of program participants as well as routinely providing support during HRSA audits.

Furthermore, emulating an HRSA audit on an annual basis, at a minimum, is a beneficial exercise to test audit readiness. Outside auditors can simulate timelines, conduct staff interviews, and thoroughly scrutinize each part of the entity’s performance. Participants from the entity are encouraged to treat mock audits with similar intensity to an HRSA audit, while also being transparent about questions or concerns to facilitate learning. Entity 340B staff should leverage the expertise of external auditors to further their understanding of HRSA’s expectations and develop improved internal auditing practices.

Reporting Audit Results

Upon completion of an audit, the results should be organized and prepared for presentation to the 340B oversight committee. It is the responsibility of the 340B program coordinator and audit staff to investigate any findings or areas of concern prior to presenting them to the team. An effective presentation to the committee will communicate the root cause of any findings, the extent of the issue, and a mitigation strategy. P&Ps should clearly outline areas of noncompliance and a process for self disclosure to HRSA.

Completing frequent auditing and reporting allows stakeholders to quickly identify any variances in the program operations and develop a response before a breach becomes material. Updates to TPA split-billing software and the credit and rebill process can often remedy minor audit findings and prevent problems from escalating.

If a material breach is identified, the covered entity should work with their respective 340B oversight committee to self-disclose to HRSA. HRSA advises that comprehensive self-disclosures include the following elements1:

• Letter to HRSA that includes the 340B ID
• Description of the violation that occurred
• Corrective action plan (CAP) to fix the problem moving forward
• Strategy to work with manufacturers that includes plans for financial remedy if repayment is necessary

Celebrating successes is an important part of auditing as well. The coordination and energy needed to manage day-to-day operations can be overlooked while focusing solely on program issues. Highlighting successful 340B program metrics recognizes the audit team for their diligence. Metrics for reporting may include:

• Proactive changes resulting in 340B savings
• TPA split-billing monthly updates
• Sustained or improved compliance

Lastly, organizations are encouraged to document how the 340B program positively impacts their community. Transparency is often cited by stakeholders attempting to limit access to 340B savings. Creating an impact profile is an easy way to illustrate how savings are utilized and advocate for the sustainability of the program. Profiles may include such information as2:

• An entity’s approximate annual 340B savings
• Specific programs and/or services 340B savings help support
• Programs that would have to be cut back or eliminated if they were to lose 340B savings
• Disproportionate share hospital adjustment percentage

Conclusion

The 340B program provides eligible facilities with resources to serve our most vulnerable populations. While the benefit is significant, program participants are tasked with complex regulatory requirements that require careful oversight. Well-rounded audit processes developed, conducted, and reviewed by a team of multidisciplinary stakeholders will improve program integrity and financial performance.

References

1. Entity self-disclosures. Health Resources & Services Administration. hrsa.gov/opa/self-disclosures. Published August 2018.
2. Impact Profile. 340B Coalition. 340bcoalition.org/.

Sam Lewis, PharmD, MS, 340B ACE, is the pharmacy procurement manager at Eskenazi Health in Indianapolis, Indiana. He received his PharmD from Purdue University and MS in health system pharmacy administration from The Ohio State. Sam has overseen 340B program compliance for all of Eskenazi Health’s covered entities since 2019.