Even the most disciplined and compliant companies dread receiving a letter or an email informing them of an impending audit. Nobody likes being put under the microscope. It doesn’t take a great deal of imagination to know what it feels like to receive an email titled “340B Pricing Program Manufacturer Audit.” It’s the U.S. Department of Health and Human Services, and they’re writing to let you know that they will be conducting a desk audit of your company. While you may be confident that your organization is fully compliant, some level of anxiety is a common emotion.
If you’ve never been through a Health Resources and Services Administration (HRSA) audit, you may start to wonder why you’re being audited, what’s involved in the audit process, how long the process is going to take, who will you need to get involved to help you through it, and of course, is it possible that HRSA auditors will find something wrong? Even an honest mistake?
Take a deep breath! The purpose of this whitepaper is to provide you with some insight on what to expect and how to prepare to make sure you’re ready for an HRSA audit.
Why are you being audited?
Certain normal business events such as major price increases or increased/decreased 340B entity purchasing are often red flags to HRSA and may result in, at least, some level of review to determine if an audit is called for. Certainly, not complying with PHS/340B reporting deadlines will open a company up to increased levels of scrutiny. It is entirely possible there’s nothing ominous behind the initiation of an audit. HRSA regularly conducts routine desk audits of manufacturers that participate in the PHS/340B program. Unfortunately, it is not a question of “will we get audited?” Rather, it is a question of when.
What’s the process for the audit?
You can expect HRSA auditors to follow a pretty disciplined process that includes:
- Initial communication of the audit: HRSA will reach out, typically via email, informing you that they will be conducting a desk audit of your company.
- HRSA will provide scheduled time(s) for an initial conference call to discuss the audit details.
- During the scheduled call, HRSA will discuss all of the documentation and data sets that they need prior to the desk audit.
- Following the call, they will email the final list of questions and data set needed for the actual audit.
- Your organization will have time to gather and submit all requested information to HRSA via a secure portal.
- Once all information has been reviewed, HRSA will conduct a desk audit via conference call to review all provided information and address any questions they have on the information submitted.
- Following the completion of the call, HRSA will conduct their internal audit. The results of the audit will not be known on the desk audit call.
- Once HRSA has completed the audit, they will send the audit results and include any necessary corrective actions and/or recommend actions for the manufacturer to take.
What will you need to provide?
Following the initial call with HRSA, you will receive a list of all information needed for the audit. Typically, this will include the following:
- Copies of policies and procedures Including:
- Pricing Calculations
- Pricing Upload Processes
- Wholesaler Notifications
- Allocations and Shortages
- Refunds and Restatements
- Distribution Channels
- Wholesaler Audit and Self-Monitoring
- Chargeback Process
- Listing of all labeler codes and products.
- Details regarding manufacturer distribution channels.
- Copies of pricing notifications, WAC pricing, AMP/URA values and sales data related to the audit timeframe.
While all of the above are important, HRSA audits will center around the policy and procedure documents. If these are incomplete, or non-existent, the audit process will not only take longer, but also will be far less forgiving when it comes to corrective actions, fines, and penalties. The lesson here is to make sure you have a solid set of Standard Operating Procedures (SOPs) that cover how you complete all necessary computations, submissions, communications and documentation related to PHS/340B requirements. Verification that you follow the SOP in a disciplined manner is paramount. In this context, discipline means that you make sure your team stays on track with every requirement and steps spelled out in your SOP and carefully documents all work. Equally important is your ability to provide all the requested material in timely and organized fashion.
Policy documents oftentimes will reside with various departments and/or third-party vendors. It is important to align all key stakeholders and involve experts of the various areas of professional discipline that own the processes.
How long will the process take?
In our experience, assuming you have a compliant infrastructure in place and are able to provide all of the requested information quickly, the audit process takes about two months from the initial notification to the time that the desk audit conference call is completed. You can expect a month of ongoing communication with auditors as they piece together requested materials to review and analyze. This will require a time commitment from your team. Auditors will ask numerous questions and have frequent requests for additional materials or SOPs for their review.
Manufacturers will engage with auditors for approximately one month to gather all necessary information following the initial call, before the actual desk audit. You should expect a final desk audit conference call as the auditors wrap up this phase of the process, to address any final questions. Following the final call, expect HRSA to take a few months to provide you with final audit results. In our experience, the final reports frequently arrive much sooner than that, but HRSA’s capacity and the complexity of a specific manufacturer’s business can influence this timeframe.
What happens following the final results?
Assuming no major issues are found, you can expect to receive a letter anywhere from two weeks to two months following the completion of the final desk audit call. This letter will provide complete detail on HRSA’s findings. HRSA will often make recommendations based upon the detailed review of your SOPs. Make sure your organization refines all documentation and processes to ensure future compliance with the 340B program. Should any major issues be found, HRSA may advise on corrective actions necessary and/or additional data need for further audit.
It is absolutely critical to be prepared by having the appropriate infrastructure in place if you are to avoid punitive actions for poorly executing on 340B requirements and the inability to support a clean audit encounter due to lack of proper SOPs, disciplined adherence and full documentation of all computations, submissions and communications.
How do you prepare for an audit?
Gather the team.
Do you know who you will need data/assistance from internally in the event of an audit? Are you using a third-party vendor for government pricing assistance? Have you been provided guidance from these internal or external resources on getting the correct infrastructure in place to ensure you are completely compliant?
Review your SOPs for accuracy and completeness. And then follow them.
Do you have robust SOPs in place for your government pricing activities? Are the SOPs current and accurate? What controls are in place to ensure that your SOPs are being followed?
Review your data.
Based upon your data, does it appear that your SOPs are being diligently followed? Have you conducted any routine checks on PHS pricing to ensure that notifications and contract pricing processed match calculated/reported pricing values? If you’ve completed an AMP restatement for Medicaid that resulted in lower AMP values, which would decrease your PHS/340B prices, did your organization offer refunds to 340B entities as is required?
Talk to the experts.
Finding out during a government audit that you needed help, but didn’t know it, is not the way that you want to learn what you may have been doing wrong. Do you know any experts in the space that you can call for guidance on government pricing issues?
Set yourself up for success
During the past decade, we have had numerous companies reach out to us after receiving notice of an audit. The outcome is usually pretty predictable. Companies that have (and follow) a well-documented and compliant SOP are always going to be ahead of the curve. If you are able to provide all of your backup information and it aligns with your SOP, we’re confident you will come out of the process just fine. Remember, auditors are looking to validate your process and documentation, and ensure you are not making exceptions intended to circumvent guidelines, rules or laws. While it is not unusual for an audit to uncover an honest mistake, that is something completely different than poor intent. There often is a straightforward path to resolve those types of issues.
Government pricing is complex. If you have questions about your situation and the PHS/340B program, call us. We regularly provide companies with preliminary guidance – without long term obligation. Call us at 262-297-3007 or email your questions to firstname.lastname@example.org.