Pharmacy Compliance Guide Part 1: Attestations
Part of the Medicare Part D program involves ensuring pharmacies properly train their staff. Pharmacy Benefit Managers have the ability to manage the program, enforcing Fraud, Waste & Abuse Training, OIG Exclusion Verification, and HIPAA Compliance Training. Every fall the staff must verify that they accomplished these requirements. Unfortunately, many pharmacies sign the attestations even though they did not complete the training.
Attestations
Attestations: a legally binding statement whereas an individual (either the pharmacy owner or the Pharmacist in Charge) verifies to completing federally required tasks.
An important part of the Medicare Part D program involves ensuring pharmacies properly train and monitor their staff. The US Department of Health and Human Services established Centers of Medicare and Medicaid (CMS) guidelines for pharmacies to conduct required tasks. These tasks include staff trainings as well as running the Office of Inspector General (OIG) Exclusion Verification reports. CMS has granted numerous Pharmacy Benefit Managers (PBM) the authority to oversee and enforce these guidelines. The common method PBM utilizes is an annual attestation. Every fall, a pharmacy must complete and sign an attestation form indicating all employees have received annual FWA and HIPAA trainings as well as completed a monthly OIG Exclusion Verification report.
When pharmacists have no documentation and make a false claim under Medicare Part D, the Pharmacy Benefit Manager (PBM) can recoup all Part D reimbursements from the pharmacy.
Requirements
OIG Exclusion Verification Report
This report must be run monthly. It began with using the database from the OIG but has now grown to include the General Services Administration (GSA) and the Systems for Award Management (SAM). The GSA and SAM have publicly merged into SAM. In addition, individual states are developing their own exclusion lists. R.J Hedges and Associates has developed a proprietary method combining the OIG ans SAM databases into a quick and user-friendly process. If an individual appears on an Exclusion List and works at or with a pharmacy, the penalty will result in the loss of all Part D reimbursements from the time of the infraction to the termination of employment of that individual.
A common misconception is that the OIG check is only for employees. The statute though specifically applies to: "any individual or entity that has been convicted." An individual can include 1099 employees, part-time employees and contractors. An entity can be a HIPAA Business Associate or a vendor from which you purchase products that you dispense to Medicare or Medicaid patients.
Fraud, Waste & Abuse (FWA) Training
It is easier to comply with FWA. It primarily involves establishing policies and procedures and providing proper staff training. There are ten basic policies and procedures, here are a few:
- Fraud, Waste and Abuse Prevention
- Anti-Kickback
- Conflict of Interest
- False Claims
- Whistleblower Protection
- General Compliance
CMS created on-line training modules. An employee receives a Fraud, Waste and Abuse with General Compliance certificate after completing the modules. PBMs frequently infer that pharmacies should only use these modules to meet training requirements instead of other available methods, which tend to be more cost effective for pharmacies. There are also other problems with this training.
- It is time consuming. The employee has to log on to the CMS system, create a username and password, complete the training (with testing), all using approximately an hour per employee.
- The CMS Module does not meet the statute Title 42 C.F.R. 422.504(B)(4)(iv) in the Medicare Prescription Drug Benefit Manual, Chapter 9, requiring training on policies and procedures. Essentially, the CMS training module does not meet its own requirement.
- Examinations are unnecessary because there is no requirement for testing.
HIPAA was established in 2003. It requires all healthcare providers and Business Associates to have HIPAA Privacy and Security policies and procedures in place and accessible in their facilities. Annual training and proper documentation of these policies are necessary to show how HIPAA relates to your operations.
In closing, attestations are very important and are followed by credentialing, which starts with validation by a PBM. New requirements are being added, such as Cultural Awareness Training and verification for contractors and off-shore vendors. Attestations are becoming more frequent. Therefore, it is best to designate one person to complete all attestations, who can answer questions the same way and maintain copies.
Click here to learn more about HIPAA breach and requirements.
Look for our Pharmacy Compliance Part 2: Credentialing Blog coming soon!