Pharmacy Compliance Guide

Ransomware is a major threat to any and all computer networks. All companies large, small, healthcare, nonhealthcare can be impacted by it. Ransomware is a cyber-attack where the user cannot obtain access to their system. They are criminal acts that much be treated as one, swift action must be taken to protect your system and your patients PHI.  Join Jeff Hedges from the Pharmacy Compliance Guide and Becky Templeton from R.J. Hedges & Associates, as they discuss Ransomware, how to determine a HIPAA breach, what to do if you are a victim of Ransomware, how to report cyber-attacks, how to report a breach due to ransomware attack, how cyber insurance may help, what kind of fines may be associated with a cyber-attack, and the real steps to prepare for an OCR inspection. Learn more about how to protect your pharmacy from Ransomware threats: https://www.rjhedges.com/blog/topic/podcasts Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware; being held hostage from your own information and your own data. It’s in the news every day, generally large businesses, and banks, but it happens to every type and size of business every day. With complex schemes, malicious deception, various access points, complex research, and impersonation- ransomware is a worldwide threat that often funds nefarious dealings like terrorism, oppressive government and even the development of more ransomware. Today Jeff Hedges, the Pharmacy Compliance Guide and owner of R.J. Hedges & Associates and Nick Dorazio, Present of LVTech and technology expert are going to talk about what ransomware is and how it happens, put some context around the shear cost of this type of event happening to your business, we’ll go over some terminology and solutions for your business and even how you can prevent this from happening to your system.  https://www.rjhedges.com/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Today's guest on the Pharmacy Compliance Guide is Greg Wozniak. Greg is the President of Healthcare Group at Excellis Health Solutions from New Hope, PA. Excellis Health Solutionsprovide end-to-end consulting and project management services for a wide range of organizations — from established Fortune 500 companies to start-ups. In each case, we help them create value at every stage of their supply chain and ensure their business is fully compliant with new and changing legislation. Becky Templeton, CDME, ABI Director of Business Development Office:  724-357-8380   Website:  www.rjhedges.com See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

Feeling overwhelmed by changing rules and regulations?  Are audits, attestations and credentialing driving you crazy?  Not sure how to keep up? We realize every facility is unique and has different compliance needs.   If you are struggling in today's healthcare market, we can help with the following compliance programs: Pharmacy (Part D Compliance) Compounding (non-Sterile including USP ) HIPAA Diabetic Shoes DMEPOS (Medicare) FWA Prevention (including OIG/SAM verification) Immunizations (including Travel Vaccines and 30+ Standing Orders) USP for Retail/LTC locations DEA and Pseudoephedrine Custom Solutions- Such as Cultural Awareness to satisfy CVS/Caremark and Humana See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today's Pharmacy Compliance Guide is the second part of our series on preparing for USP Hazardous Drugs (HD). In our last podcast, titled: “How will USP Impact My Retail and LTC Pharmacy?” we addressed what each pharmacy must do to prepare for implementation of these guidelines. We covered these topics: How to identify hazardous drugs through the NIOSH List Segregating hazardous drugs from regular stock Proper handling of hazardous drugs When pill scanners and robots are permitted to be used Special handing of hazardous drugs that require alterations Determining Personal Protective Equipment by using Safety Data Sheets Which agencies will enforce these guidelines? CONTACT:  https://www.rjhedges.com/contact  See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

How will USP 800 Impact My Retail and LTC Pharmacy? USP-800 was designed to address the proper handling of hazardous drugs (HDs) in a pharmacy setting. Its guidelines are plainly aimed at promoting patient and worker safety in and around non- sterile and sterile compounding. The first section clearly covers compounding in its purest form. However, when you move into section two, you quickly realize the dispensing of pills, capsules, liquids and manufactured packaged items are also covered by USP-800 Different types of terms are being used to describe types of hazardous drugs, such as: antineoplastic, non-antineoplastic, reproductive risk only; dosage form, risk of exposure, packaging and manipulation. This may sound like a whole lot of mumbo jumbo, but it is the new language of hazardous drugs. Email us: [email protected] Call Us: 724-357-8380  See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

The R.J. Hedges Team delivers another "heads up" discussion on the Suspension of Competitive Bid and what this means to your pharmacy business.  Listen to Becky & Jeff on the latest:  Pharmacy Compliance Guide, part of the Pharmacy Podcast Network.  CONTACT:   Becky Templeton, CDME, ABI Director of Business Development R.J. Hedges & Associates Office:  724-357-8380     Website:  www.rjhedges.com  See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

Becky Templeton and Jeff Hedges review the sensitve employer's issue and topic about Terminating Employees.    Despite all of your efforts, you still may not see the type or quality of improvement needed, and the only option left is to sever the relationship. However, by now, you should have clearly documented what you did to help the under-performing employee improve. Performance-based terminations should never come as a surprise to your employees. Prior to terminating your employee, be sure to review all associated documentation. Also, contact your legal counsel or HR representative to ensure your case is supported, justified and sound. Confirm that you’re following all state-specific wage and hour regulations. And if you use employment contracts or non-compete/non-solicitation agreements, you should ask your legal counsel to provide you with validity and enforcement guidance. Contact the R.J. Hedges Team today:  Becky Templeton, CDME, ABI Director of Business Development R.J. Hedges & Associates Office:  724-357-8380   www.rjhedges.com See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

Becky Templeton Director of Business Development at R.J.Hedges & Associates talks with Jeff Hedges about With the increasing need for businesses to save on costs, many companies are utilizing offshore companies to help with customer service, tech support, billing processes, etc.  Is it possible one of your contracted companies whom you have a Business Associate Agreement, is utilizing an offshore workforce?  Not only should you be concerned with this because of possible breaches which the US government won’t have any legal recourse, but PBM’s and NCPDP will be asking for attestations in the future.  The time to prepare is now.  Our latest episode with the Pharmacy Compliance Guide will discuss the impacts of Offshore businesses accessing PHI, why PBM’s are concerned,  and what pharmacies should do now.   The covered entity is solely responsible for issuing the Business Associate Agreement, so if you sign someone else’s agreement, you are stuck with it.  The Business Associate Agreement is a contract.  Remember that!   Develop a document similar to the one the PBMs are asking you to sign and ask Business Associate to check a box with one of the two options and send it back to you.  Now you can truthfully answer the questions posed to you by the PBMs and NCPDP.   To ensure we are in compliance with these federal mandates, please check the appropriate box below and return this signed attestation to us.  Your failure to provide this attestation, as specified herein, constitutes a material breach of your agreement with us.  An inaccurate response may constitute a violation of federal law for which penalties may apply.   Choose the appropriate statement by checking one of the boxes below:   As your HIPAA Business Associate, our organization and our downstream and related entities DO NOT utilize Off-Shore subcontractors to perform activities that involve receiving, processing, transferring, handling, and storing or accessing PHI at an Off-Shore location(s).   As your HIPAA Business Associate, our organization and our downstream and related entities DO utilize Off-Shore subcontractors to perform activities that involve receiving, processing, transferring, handling, and storing or accessing PHI at an Off-Shore location.   CONTACT:   Becky Templeton, CDME, ABI Director of Business Development R.J. Hedges & Associates Office:  724-357-8380    Website:  www.rjhedges.com Follow us on Facebook!  Learn more on our Blog See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

The NEW Segment part of the 'Pharmacy Compliance Guide' is hosted by Jenny Schell, CDME Sr. Compliance Strategist with R. J. Hedges & Associates.  Podcast on Medicare Applications by the Numbers   A lot of people ask me about Medicare. There is a lot of confusion on who needs what number.   Immunizations Really easy process to get a number. The pharmacy would complete the 855 B application. Applications have a fast turnaround-usually a month YOU DO NOT NEED ACCREDIATED   Medicare Number –This division (NSC) takes about 3 months to issue a number. This application requires you to carry a surety bond and have a certificate of liability with NSC as the certificate holder as well as your AO (if you have one). New applications as well as re-validations will require owners and authorized officials to be fingerprinted.   Two ways to complete For non-accredited drugs only o   Benefits For DMEPOS accredited items o   Benefits o   Accreditation o   Exemption o   Revalidation Revalidation happens every 3 – 5 years  What that means You  “update” your Medicare application and pay Medicare $$. Every year they change the Medicare application fee. For 2018 it is $569 per application. Contact Jenny: Website:  www.rjhedges.com  See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

DEA Documentation Requirements  Special Guest: Carlos Aquino from PharmaDiversion LLC™ In early 2017, we saw DEA changing their focus on pharmacy compliance. DEA increased their enforcement from the verification of the Combat Methamphetamine Certificate to a more formal on-site inspection. Now with the emphasis on the opioid epidemic, DEA is under increase pressure to look for abusers of the system. Naturally, the first place any inspector will start is the pharmacy. We have been spending more time updating our clients on this trend and providing as much information as we can find. Then I attended a conference last September and one of the presentations was on “Maintaining Your Pharmacy in DEA Compliance”. Carlos Aquino is the President of PharmaDiversion and he is based out of Philadelphia. Carlos is a retired DEA diversion investigator and a great supporter of independent pharmacies. If you ever have an issue with the DEA, Carlos is the first person you should call.  CSOS user names and passwords Power of Attorneys for DEA forms 222 and Electronic Orders Receiving C-II orders from the wholesaler and completing the DEA documentation First, every person who uses the CSOS system must have their own user name and password. No person may share another person’s user name. Having a single user name for a pharmacy only works if the user never takes a day off, ever; and we know that won’t happen occur so you are opening yourself for criticism with the DEA as soon as they start asking questions. Setting up additional user names is not hard, you work with your wholesaler software system to establish a new user name. Each system has their own variation and perimeters, so if you have questions, go to their IT department. When the drug order is received: a. CSOS is accessed by an authorized individual with a Power of Attorney for DEA Forms 222 and Electronic Orders with an individual user name and password that is not shared with another person b. The order of Controlled Substances is checked against the packing slip/invoice c. DEA 222 is completed through CSOS d. Print the DEA 222. Most systems will state on the document, “This is not a DEA issued Form 222. This form is available for convenience.”  If this document does not print, check your Pop-up Blocker  The Pop-up Blocker may also prevent a completed DEA 222 from being printed (Carlos picks up) • This document acts as the DEA 222 for DEA on-site inspection purposes • In most cases, this document prints with the fields empty. Manually complete this document by entering the following information: o Packages Received o Date Received o DEA requires the persons initials:  Remember this person must have a Power of Attorney  Recommend a signature over an initial e. Attach the packing slip/invoice to the acting DEA 222 f. Keep on file for two (2) years: • DEA requires the pharmacy to produce the completed DEA 222 and invoice upon demand o DEA regulations require you to have this record to be “readily retrievable” and separate from other records o Reference: DEA Pharmacist’s Manual, Section VI – Record Keeping o You cannot print and complete the document when a DEA inspector is on-site. Carlos, I have been working with other organizations on the opioid crisis, this process is straight forward, but as Jeff stated at the beginning, DEA is enforcing the documentation requirements. Can you give us specific examples of pharmacy who have recently received DEA fines or you are aware of the DEA fines. Example 1: CSOS user names and passwords Example 2: Power of Attorneys for DEA forms 222 and Electronic Orders Example 3: Receiving C-II orders from the wholesaler and completing the DEA documentation If time permits, one more example Jeffrey Hedges, CDME President & CEO P.O. Box H, New Florence, PA 15944 Direct:  724-357-8380    Fax:  814-446-6336    Website:  www.rjhedges.com See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Fit Pharmacist partner & Pharmacy Podcast Network co-host Dr. Christina Tarantola joins Jeff Hedges president of RJ Hedges & Associates & Pharmacy Compliance Guide podcast host with Tara Modisett, Executive Director of Alliance for Patient Medication Safety - recorded live at the NCPA Annual Conference 2017 in Orlando FL.  To help improve Patient Safety and reduce mistakes, everyone in the pharmacy must be involved in quality control; helping to identify mis-steps and errors, being aware of sound-alike/look-a-like drug fills are ways to ensure you are taking proactive measures. Errors found behind the counter are quality control, errors going out the door are medication errors. Errors do happen and it is important to understand what you need to protect yourself, as well as your patients. The Patient Safety and Quality Improvement Act1 requires a Continuous Quality Improvement (CQI) Program be implemented. A CQI program is designed for detecting, documenting, analyzing and preventing quality-related events (QREs) with the intent of preventing medication errors and improving patient safety. A Continuous Quality Improvement (CQI) program creates an environment that makes quality the top priority and allows pharmacy staff to learn from past mistakes, while focusing on improving patient safety by decreasing errors and increasing quality. Pharmacy staff must be willing and open when discussing all failures of quality. Reporting errors should not lead to blame or punishment but instead needs to be seen as an opportunity to learn and improve. When an error occurs your first question should be “what in our system allowed this error to occur?” A PSO will most likely assist you in designing your Patient Safety Evaluation System (PSES), which is a system of procedures and policies for collecting, managing, and analyzing information for reporting to the PSO. A PSO provides the framework for safety data to be protected as Patient Safety Work Product (PSWP). PSWP is defined as any quality data and analysis and/or oral statement, assembled or developed by a provider, for reporting to a PSO which constitutes the deliberation or analysis of a Patient Safety Evaluation System (PSES). PSWP is not subject to subpoena, discovery or admission into evidence. According to the Patient Safety and Quality Improvement Act1 , federal privilege preempts state tort law, but not state reporting laws. However, federal privilege does not preempt state laws that are more stringent. The collected and reported quality and patient safety data that you report to a PSO are shielded by federal confidentiality and privilege protections. The protected information can include event reports, Root Cause/Systems Analyses, minutes of quality/safety meetings, related graphs, spreadsheets, reports, communications to/from the PSO, and related information listed in the Act. In order to maximize the legal protections afforded by the Act, pharmacies must enter into an agreement to join a PSO, develop and maintain a PSES, conduct all quality and safety activities within the PSES, maintain PSWP as confidential and protect PSWP from disclosure outside the PSES. In turn, the PSO must remain in good standing with the Agency for Health Research and Quality and must meet operational and security requirements set forth by the Patient Safety Act Regulations. Special Guest:  Tara Modisett Executive Director Alliance for Patient Medication Safety™ PSO 2530 Professional Road  Richmond VA 23235 Phone (866) 365-7472   www.medicationsafety.org     See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

HIPAA Breaches & Desk Audits What is a breach? In simple words, the loss of patient protected health information, either printed or electronic. How common are breaches within pharmacies? There are two types of pharmacies and pharmacy owners, The first are the ones who know they have had a breach The later are the ones who have had a breach and don’t know about it How can I have a breach and not know about it? Simple, has your pharmacy clerk ever given a patient another patient’s medication? That is a breach Can you give me examples of breaches? Pharmacy is robbed and the will call bin is stolen Pharmacy is robbed and the server is stolen Staff pharmacist has a laptop stolen Delivery driver has their vehicle stolen which is full of prescriptions to be delivered Billing manager has a jump drive with patient files for billing to work at home and loses it on the bus What do I do when a breach occurs? First, don’t panic Get the facts Complete a Potential Breach Evaluation and a Risk Assessment Determine whether the breach is reportable or non-reportable to HHS/OCR Document everything  What are OCR Desk Audits Tested in 2016 Launched on January 1, 2017 Notification via U.S. Mail and Email Also conducting no notice on-site inspections What is the OCR asking for? Notice of Privacy Practices (date must be after 07/01/2013) Risk Analysis Risk Management Plan Disaster Recovery Plan/Contingency Plan Annual Privacy and Security Assessments Random Policies and Procedures On-Site Inspections Same as above, but in person First question is to the person at your counter, normally your clerk Can I have a copy of your Notice of Privacy Practice? They have to know the answer and provide the NOPP Penalties for Non-compliance Fines up to 1.5 Million Dollars  Is there help available to pharmacies? Yes, but you get what you pay for You can buy a set of policies and procedures, but if you have breach, especially a reportable breach: Will the consultant stay with you when you need them the most? Will they charge you extra? Will they provide the correct advice? How do you know how to pick a consultant? Ask your peers Ask hard questions about how they have handled client breaches and inspections Do you get detailed answers from the consultant? Do you referrals from multiple people? CONTACT: Office:  724-357-8380  Website:  www.rjhedges.com See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices

The newest segment to the Pharmacy Podcast Network is a partnership with RJ Hedges & Associates bringing our listeners the Pharmacy Compliance Guide.  R.J. Hedges & Associates has a dedicated team, devoted to providing complete turnkey healthcare compliance programs for our clients. We offer easy-to-use Policy and Procedure Manuals and Programs that contain all requirements for the U.S. Department of Health and Human Services (HHS), Medicare Quality Standards; HIPAA Compliance with HITECH requirements; Compounding; Fraud, Waste & Abuse Prevention; OSHA Bloodborne Pathogen requirements; Human Resource Management, Immunization requirements, and business consulting services. About the co-host: Jeffrey Hedges Jeff Hedges -- President & CEO of R. J. Hedges & Associates of New Florence, PA.  After serving in the United States Air Force for 27 years, Jeff transitioned into the private sector, developing software to help independent pharmacies understand and become compliant with HIPAA.  Later, Jeff founded R. J. Hedges & Associates to support healthcare providers with compliance services and software solutions.   Today his company offers comprehensive customized healthcare compliance and consulting services for independent pharmacies, home health care facilities, medical supply companies, physicians and other small practices throughout the United States.  Jeff is a sought-after speaker at numerous seminars and national conferences, educating his audiences on healthcare compliance, especially relating to the pharmacy and Durable Medical Equipment (DME) communities.   Jeff is a board-certified DME Specialist (CDME) and serves on the Board of Directors for the Board of Certification/Accreditation (BOC); BOC is the only accreditation organization that was founded by an independent pharmacist.   In 2014, the Better Business Bureau awarded R. J. Hedges & Associates a Torch Award for Marketplace Ethics.  In 2015, O&P News named Jeff one of the Top 175 Innovators in Orthotics and Prosthetics. CONTACT  R.J. Hedges & Associates 978 Pumphouse Road   PO Box H  New Florence, PA 15944   Phone: (724) 357-8380   Email: [email protected]     See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit megaphone.fm/adchoices