February 5, 2023

Volume XIII, Number 36

Error message

  • Warning: Undefined variable $settings in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).
  • Warning: Trying to access array offset on value of type null in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).

February 03, 2023

Subscribe to Latest Legal News and Analysis

Pharmacy Compliance: What Do You Need to Know?

Pharmacies in the United States face substantial compliance burdens. From the Centers for Medicare and Medicaid Services (CMS) to the Drug Enforcement Administration (DEA), multiple federal agencies have oversight of pharmacies, and they diligently enforce pharmacies’ compliance obligations.

As a result, pharmacies need to make compliance a priority. This should be a top-down effort, and compliance policies and procedures should address all aspects of a pharmacy’s operations—from drug ordering to insurance billing, and from receiving prescriptions to dispensing prescription medications. Oversights in any facet can lead to compliance violations, and these violations can in turn lead to federal law enforcement investigations.

Of course, all of this begs the question: What does it take for a pharmacy to be “compliant”? This is not an easy question to answer, as pharmacies face a multitude of statutory and regulatory requirements, and pharmacies’ compliance obligations are dependent upon their size, geographic location, and various other factors. To begin, pharmacies can assess their compliance obligations in seven main areas; and then, with a clear understanding of the scope of the pertinent requirements, they can work to implement custom-tailored compliance programs that address the unique aspects of their practices.

7 Key Areas of Compliance for Pharmacies in the United States

When it comes to pharmacy compliance, an effective compliance program will cover the entire lifecycle of a prescription, from the moment the drug and the script enter the pharmacy to the moment the patient leaves the counter. To a certain extent, pharmacy compliance must address risks arising outside of the pharmacy as well (i.e. the risk of a physician writing a fraudulent prescription or a “patient” unlawfully distributing dispensed opioid medications). With this in mind, for most pharmacies, the key areas of compliance are as follows:

1. DEA Compliance

All pharmacies in the U.S. are subject to the oversight of the DEA. The DEA enforces pharmacies’ obligations under the Controlled Substances Act (CSA) as well as various other federal laws and regulations—including the electronic prescription regulations discussed below. Of course, pharmacies are also subject to DEA registration, and adhering to the terms and conditions of DEA registration is a key component of pharmacy compliance as well.

Some of the key areas of DEA oversight for pharmacies are: (i) prescription drug ordering and inventory management; (ii) packaging, transfer, and disposal of prescription drugs; (iii) loss and theft prevention; (iv) prescription fraud monitoring; and, (v) prescription drug dispensing and diversion prevention. However, within each of these broad areas, pharmacies can face numerous nuanced and complex requirements, and each of these areas requires its own independent focus during the development and implementation of a pharmacy compliance program. Effective recordkeeping is a fundamental aspect of DEA compliance for pharmacies as well; and, when faced with a DEA audit or inspection, having comprehensive records on hand to demonstrate compliance can be essential to avoiding undesirable and unwarranted consequences.

2. Electronic Prescription Compliance

Electronic prescriptions are increasingly playing a more-central role in pharmacies’ day-to-day operations. This, of course, means that electronic prescription compliance is taking on heightened importance for many pharmacies as well.

Electronic prescriptions are subject to extensive federal regulations. These regulations largely appear in Subpart C of 21 C.F.R. 1311 (entitled, “Requirements for Electronic Orders and Prescriptions”), which lists out 21 separate areas of compliance. Subpart C addresses everything from the selection of appropriate electronic prescription management software applications to recordkeeping requirements (when an electronic prescription is received, “all records related to that prescription must be retained electronically”). In order to avoid costly miscues, pharmacies must proactively address their compliance obligations prior to accepting any electronic prescriptions.

3. Prescription Drug Ordering, Inventory, and Recordkeeping

In addition to addressing legal and regulatory compliance obligations with regard to prescriptions, pharmacies are of course subject to extensive requirements that pertain to prescription medications themselves. These requirements apply to drug ordering, inventory, and recordkeeping, as well as labeling, transfers, and the various other areas of DEA oversight discussed above.

One statute that is of particular importance in this area is the federal Drug Supply Chain Security Act (DSCSA). While the DSCSA was enacted in 2013 in order to address what were, at the time, widespread concerns regarding the introduction of counterfeit prescription medications into the U.S. market, today the statute is used to enforce a variety of different operational obligations. For example, among numerous other requirements, the DSCSA requires pharmacies to ensure that all orders received, “are accompanied by three pieces of product tracing documentation – transaction information, transaction history, and transaction statement.” Under the DSCSA, pharmacies must also ensure that all “trading partners” are appropriately licensed and registered, and they must maintain all required documentation for inspection by the DEA.

4. Prescription Drug Dispensing and Diversion Prevention

When it comes to dispensing prescription medications, pharmacies must do much more than simply review and fill prescriptions with which they are presented. Pharmacies have certain affirmative obligations to ensure the validity of prescriptions—obligations which will require the second-guessing of physicians’ recommendations in some cases. Pharmacies must also carefully review refill requests for potential signs of fraud, and they must of course have policies and procedures in place to ensure that all valid prescriptions are filled and labeled appropriately.

Due to the opioid epidemic, diversion prevention is a key aspect of compliance in this area as well. With this in mind, and recognizing the very real risk of facing scrutiny from the DEA or other federal authorities, pharmacies must implement documented compliance policies and procedures that are specifically focused on preventing the diversion of opioid medications. Not only will this help to ensure compliance and prevent the pharmacy from contributing to the epidemic, but it will serve as a front-line defense in the event of an audit, inspection, or investigation as well.

5. Insurance Billing and PBM Compliance

Stepping away from the prescription side of pharmacy compliance, pharmacies must adopt policies and procedures that are designed to ensure accurate billing of private insurance companies as well. This is true whether the pharmacy bills insurers directly or works with a pharmacy benefit manager (PBM). For pharmacies that have contracts with PBMs, PBM compliance is an area of concern all on its own, and non-compliance can lead to retractions, claim denials, and even contract termination.

6. Medicare and Medicaid Billing

Just as insurance billing and PBM compliance are concerns for pharmacies, so is compliance with regard to the billing of Medicare, Medicaid, and other government healthcare benefit programs. Each of these programs has its own set of billing rules and regulations—including rules and regulations that are specific to pharmacies and prescription medications—and billing compliance needs to be a priority for any pharmacy that relies on reimbursements from one or more of these programs.

With regard to Medicare and Medicaid billing compliance, one important issue of which many pharmacy owners are unaware is that engaging a third-party billing administrator does not relieve the pharmacy of its compliance obligations. If your pharmacy’s third-party billing administrator makes a mistake, it is still your pharmacy that will face the consequences. While pharmacies can (and should) put contractual protections in place, careful due diligence and monitoring are essential in order to avoid running into issues with CMS and other agencies.

7. Specialty Compliance

Finally, many pharmacies face specialty compliance obligations as well. This applies not only to “specialty pharmacies” (which largely fall within the PBM category), but to pharmacies that dispense certain types of specialty medications as well. Some examples include:

  • CBD Compliance – While marijuana remains a Schedule I controlled substance under the CSA, states across the country are legalizing the use of CBD and other marijuana-derived products for medicinal (and recreational) purposes. When dispensing CBD medications, pharmacies must ensure that they are doing so in strict compliance with all pertinent sources of legal authority.

  • Compound Medication Compliance – Compounding pharmacies face unique compliance burdens, and they are often the subject of heavy scrutiny from state and federal authorities. For owners and pharmacists of compounding pharmacies, compliance extends beyond the areas discussed above to taking the necessary steps to avoid questions regarding the quality, composition, and medical necessity of the medications they dispense.

5 Tips for Establishing and Maintaining Pharmacy Compliance

Given pharmacies’ extensive compliance burdens, what can pharmacies do to mitigate their risk of liability (or prosecution) in the event of an audit, inspection, or investigation?

  • Tip #1: Thoroughly Assess Your Pharmacy’s Compliance Needs. Developing an effective compliance program starts with understanding your pharmacy’s compliance needs. As a result, the first step in the process is to conduct an internal assessment to determine what laws and regulations apply. 

  • Tip #2: Develop a Custom-Tailored Compliance Program. With a clear understanding of your pharmacy’s compliance burden, the next step is to develop your pharmacy’s compliance program. The policies and procedures generated should be custom-tailored to your pharmacy’s specific compliance risks and needs. As discussed above, compliance policies and procedures should also explicitly and thoroughly address specific concerns such as opioid diversion. 

  • Tip #3: Implement Your Pharmacy’s Compliance Policies and Procedures Practice-Wide. After drafting your pharmacy’s compliance policies and procedures, the next step is implementation. This requires training of all relevant personnel as well as any necessary modifications to existing pharmacy practices.

  • Tip #4: Accept and Embrace the Importance of Documentation. When it comes to avoiding liability for non-compliance, thorough documentation is critical. Rather than bemoaning the burdens of compliance recordkeeping, pharmacy owners and pharmacists should learn to embrace documentation as a means for mitigating their risk of liability.

  • Tip #5: Continue to Monitor and Reassess Your Pharmacy’s Compliance Efforts. Finally, establishing compliance is not a one-time event. Pharmacies must monitor their compliance efforts (through periodic internal audits and reviews), and they must be able to identify new developments and circumstances that trigger additional compliance obligations.

Oberheiden P.C. © 2023 National Law Review, Volume X, Number 318

About this Author

Nick Oberheiden Criminal Defense Attorney Oberheiden PC
Federal Criminal Defense Attorney

Dr. Nick Oberheiden focuses his litigation practice on white-collar criminal defense, government investigations, SEC & FCPA enforcement, and commercial litigation. He has defended clients in PPP Loan Fraud cases and COVID-19 investigations. Nick also directs internal corporate investigations and he leads defense teams in whistleblower actions, corporate defense cases, as well as cases involving national security and elected officials.

Clients from more than 45 U.S. states have hired Nick to seek effective protection against government...