Below, we outline HRSA's recent updates and their implications for covered entities.
HRSA Audits and Corrective Action Plans
HRSA updated its program integrity page in May 2018 to reflect its latest expectations regarding audits of 340B covered entities. That same month, HRSA issued an update regarding audit findings and corrective action plans (CAPs). HRSA now expects 340B covered entities to address "areas for improvement" when submitting a CAP in response to a HRSA audit report. Previously, HRSA only required covered entities to outline in CAPs their plans to address audit findings, not areas for improvement. In addition, full CAP implementation is expected within six months of the CAP approval date, "unless otherwise approved by HRSA."
HRSA also makes clear that covered entities with a re-audit that identifies the same exact finding of noncompliance may be subject to additional audits. A finding of noncompliance in two or more audits, depending on the type of violation, may be considered systematic and egregious, as well as knowing and intentional, which may result in the entity being removed from the program.
Self-Disclosures and Manufacturer Repayments
In August 2018, HRSA updated its guidance to 340B covered entities regarding their obligation to self-disclose to HRSA when a material breach of a program requirement occurs. HRSA continues to recommend that covered entities establish criteria to determine what constitutes a material breach. Covered entities often establish monetary or drug volume-based thresholds that a technical violation of a program rule must exceed to be considered a material breach. If a covered entity determines a breach of a program requirement is material, HRSA expects the covered entity to submit a letter to the agency describing the violation and how the entity plans to work with manufacturers to make repayments, if necessary. In addition, covered entities should include a CAP to address the problem that caused the violation and how the entity will prevent it from happening again.
New language in the guidance describes CAP implementation as part of a self-disclosure, which closely mirrors HRSA's expectations for CAP implementation under the audit process. HRSA expects that full CAP implementation, including repayments to manufacturers, should be completed within six months of the initial self-disclosure made to HRSA. Covered entities "unable to meet this expectation may be subject to a HRSA audit." Further, HRSA expects covered entities to "submit progress reports as specified by HRSA and a final report at the end of the six-month period."
Contract Pharmacy Compliance
In its June 2018 update, HRSA discussed contract pharmacy compliance issues and reminded covered entities that, if a program violation occurs in a contract pharmacy, the covered entity "must notify impacted manufacturers and attempt in good faith to resolve issues directly with manufacturers and wholesalers." HRSA also expressed concerns regarding a "resolution practice" whereby a contract pharmacy and/or a third-party administrator (TPA) provides repayment directly to a manufacturer on a covered entity's behalf, sometimes without the entity's knowledge. HRSA suggested that such arrangements may not comply with program rules, particularly with respect to the requirement that covered entities retain responsibility for full compliance with 340B program requirements. HRSA recommended that covered entities review their contracts with pharmacies.
Registration and Program Eligibility Reviews
HRSA's July 2018 update focused on HRSA's efforts to maintain program integrity through continued analysis of its processes, including the registration of covered entities. While HRSA routinely reviews registrations for compliance with statutory requirements, the agency has announced it will request additional documentation from randomly selected hospitals to ensure they are meeting their eligibility requirements and from randomly selected covered entities of all types to ensure they are meeting the contract pharmacy eligibility requirements.
340B Covered Entity Implications
Collectively, HRSA's recent 340B program guidance updates reflect an increased attention to 340B covered entity compliance expectations, particularly related to audits, CAPs, and repayments to manufacturers. In addition, HRSA and the Administration have communicated in recent months a willingness to implement changes in 340B program oversight that could potentially result in restricted access to 340B savings by certain entities. In light of this climate and a renewed commitment to 340B covered entity oversight, hospitals and other providers in the 340B program should review their 340B policies and procedures to ensure they are consistent with HRSA's latest expectations. In particular, 340B covered entities should consider the following:
Covered entities that have been recently audited by HRSA should familiarize themselves with HRSA's latest CAP expectations to ensure their submissions will meet HRSA's standards. Covered entities that were previously audited by HRSA and received findings should anticipate a future re-audit and should review their policies and procedures to confirm they are consistent with HRSA's latest guidance.
Review policies and procedures for the determination of when a material breach has occurred as well as self-disclosing material breaches to HRSA and making repayments to manufacturers in a manner consistent with HRSA's latest program guidance.
Review contracts with pharmacies and TPAs to ensure they are consistent with HRSA's expectations.
Hospitals should confirm they are able to provide documentation to support their eligibility status, either as a hospital owned or operated by state or local government, a private non-profit hospital under contract with state or local government, or a public or private non-profit hospital formally granted governmental powers.
All 340B covered entity types should make sure their contract pharmacy arrangements are dated prior to the registration period, list all covered entity locations and all pharmacies with addresses, and include signatures from both the entity and the pharmacy.