The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
Health Resources and Services Administration
Health Resources and Services Administration

A-Z Index  |  Questions? 

  • Print this
  • Email this

Audit Results

Office of Pharmacy Affairs Update

As the 340B stakeholder community is aware, the Health Resources and Services Administration (HRSA) invests significant resources – from staff time to financial contributions – to ensuring that 340B covered entities and manufacturers are in compliance with all program requirements. This month, we wanted to give you a sense of some of the lessons we have learned in the early years of our investments, and how we plan to apply these lessons in our efforts moving forward.

In Fiscal Year 2012 (FY12), HRSA began auditing 340B enrolled covered entities.  The “sentinel effect” of these audits has been remarkable – we have seen many more covered entities prioritizing compliance, seeking technical assistance, and taking steps to rectify violations.  These audits have allowed HRSA and 340B stakeholders opportunities to improve oversight, monitor for potential violations, prevent and detect diversion and duplicate discounts and, importantly, share information gained to increase compliance across all entities.

In order to better understand the issues covered entities are facing, we conducted an in-depth analysis of the findings from the FY12 audits.  HRSA audited 51 covered entities during FY12, encompassing over 410 outpatient facilities/sub-grantees and over 860 contract pharmacy locations.  

There are several recurring critical areas of non-compliance for hospitals and non-hospitals. For non-hospitals, the three major non-compliance areas were the covered entity’s inability to maintain accurate database information, billing contrary to the Medicaid Exclusion File which may have resulted in duplicate discounts, and dispensing drugs to ineligible individuals (diversion). Diversion occurred both at the covered entity and contract pharmacies. The main diversion findings involved ineligible prescribers, ineligible outpatient sites, and the lack of records to demonstrate responsibility of care was maintained by the covered entity.  

Audit Results for Non-Hospitals - FY 12

The major area of non-compliance for hospitals was obtaining covered outpatient drugs through a Group Purchasing Organization (GPO). The GPO prohibition is a statutory requirement that applies to disproportionate share hospitals (DSH), children’s hospitals (PED), and free-standing cancer hospitals (CAN).  Upon registration for the 340B Program, these covered entity types must acknowledge that they understand the restriction with using a GPO for covered outpatient drugs, and during the 340B annual recertification process, they must attest to compliance with the GPO prohibition.

In 2013, HRSA issued a policy release regarding GPO and replenishment models, which are commonly used in the hospital setting.  That release set a deadline for compliance with the policy of August 7, 2013. Therefore, during an audit, if a hospital is found to have violated the GPO prohibition and that violation occurred before August 7, 2013, that non-compliance will be identified as an area for improvement for the covered entity.  Violation of the GPO prohibition will be deemed as a finding and be grounds for removal from the 340B Program if the sample period of the audit is after August 7, 2013.  All violations of the GPO Prohibition that were found in the FY 12 audits occurred before the August 7 deadline for compliance.  The 42% percent below is reflective of the total number of hospitals in violation of the GPO prohibition versus the number of hospitals audited subject to the prohibition.

Audit Results for Hospitals - FY 12

340B participants must remember that compliance is the responsibility of the covered entity.  It is therefore essential to exercise constant oversight over a well-designed and well-managed compliant program.

There are best practices that we have gleaned from the audits that should assist every covered entity with minimizing the risks of non-compliance and negative audit findings.  These practices include, but are not limited to:

  • Development and documentation of comprehensive 340B Program policies and procedures.
  • Development of concrete methodologies for routine self-auditing.
  • Routine processes for internal corrective action.
  • Verification that contract pharmacy arrangements comply with the 340B requirements and are properly listed in the OPA database. 
  • Strong partnerships with State Medicaid agencies to meet state-specific requirements and to ensure prevention of duplicate discounts.  

There are many tools and resources available to 340B stakeholders to ensure compliance with 340B Program requirements. "Resources" at the top of this page outlines some of those resources to assist covered entities in running a compliant program.

05/09/2014