The Ins and Outs of PBM Audit

A white paper on pharmacy audit & investigations

Understanding your audit and investigative program – is it working for you?

In many cases, we see our audit and investigative reports and check a box that our vendors are managing the network and preventing Fraud, Waste, and Abuse (FWA). Running a tight network audit and investigative program should also mean reducing the need for such programs through a benefit design change and aggressive credentialing, which supports the prevention of FWA. Let’s do a short recap on what audit & investigative programs should have, what trends have been seen, and how you can ask questions to keep your program working to prevent undue costs and mitigate future FWA.


In 2019, a large case of pharmacy fraud in which the founder and former CEO of Insys Therapeutics, John Kapoor, was prosecuted and found guilty for his role in a scheme to bribe prescribers to write for the company’s highly addictive opioid painkiller, Subsys, which was approved only for cancer related pain treatment. Mr. Kapoor was sentenced to five and a half years for his role in the scheme. Other key executives were also convicted for involvement in the fraud.

The case focused on charging the executives and employees and was fueled by investigations and data from several pharmacies. This included the Medicine Shoppe pharmacy, in which the owner, pharmacist, and pharmacy technician had received kickbacks from Insys Therapeutics. Another pharmacy in Michigan, Spartan Pharmacy, was accused of filling fraudulent prescriptions, and the owner and pharmacist were charged with conspiracy to commit healthcare fraud. There were several other pharmacies that were also a part of the overall scheme.

How does PBM (Pharmacy Benefit Manager) audit and investigations play a role in this and other cases? In many cases, it is the PBM or vendor investigation that is the starting point. The concerns of FWA reported to state and federal investigative agencies is typically what gets the ball rolling for these types of cases.

This case had its start in the interworkings of a PBM that was auditing for a government funded plan, and as a result of the audit, there were findings around inappropriate documentation associated with prior authorizations. The PBM investigative audits, referrals, and engagement with law enforcement led to this formal investigation and prosecution, which is now a hallmark case that represents the reason for PBM and vendor audits.

Audit and Investigative Types

There are several types of audits and investigations by either PBMs or third-party audit vendors. Each of these audits and investigations has important aspects that are essential to understand when evaluating the process used by the PBM or vendor. Understanding helps clients to ask the right questions to ensure that the program offered is robust and that the value from the program is given back to the client (e.g. not used as a revenue source beyond reasonable administrative fees by the PBM or vendor). Here are the common types:

Daily Audit

When thinking about the lifecycle of a pharmacy benefit claim, the first opportunity to audit the accuracy of the claim is in a ‘real-time’ or daily audit. Some audit programs conduct an immediate review or ‘real-time’ audit of the claim transaction, whereas others audit the day after a claim is submitted. When thinking about the operations of most pharmacies, the claim is submitted to the PBM as it is received at the pharmacy, however, it may be several minutes or even hours before it is checked by pharmacy personnel and ultimately prepared for dispensing. There are, therefore, positives and negatives to ‘real-time’ audits where the pharmacy has not yet had an opportunity to complete the process in which the technicians and pharmacist could naturally find and correct any issues. As an example, let’s say a pharmacy incorrectly keys the quantity on a claim and receives an immediate call from an auditor to correct the claim, however, during the filling or pharmacist verification process, the error may have been caught and corrected in the normal course of business. It can be a positive that the claim gets corrected with the help of external auditors timely and before dispensing, however, it can be a negative if the PBM or vendor is charging for this service and the client is being charged for corrections that the pharmacy would have corrected in the normal course of pharmacy operations. Daily audits, similarly, are meant to identify and correct errors in near real-time, however, is usually done the day after the claim was processed allowing for the pharmacy personnel to have course and correct any errors made on the initial claim. With both real-time and daily audits, they are essential in correcting errors, which could be perpetuated over the lifetime of the claim to help keep costs lower and inappropriate claims from being dispensed. Notably, this is also important from a clinical perspective in catching potential medication errors. In some cases, the auditor’s call may not only find a financial error, but also the submission of the wrong product that was alerted in the system by the quantity and medication mismatch.

Desktop Audit

The retrospective review, which includes past year or two of claim transactions, completed through back-and-forth communication and pharmacy record documentation submission to an auditor for evaluation is a common practice known as a desktop audit. These are important for the pharmacy audit program to allow a retrospective look-back and validation of documents in compliance with contractual and regulatory terms such as prescriptions and signature/delivery logs. Having these done remotely allows for the audit team to complete more audits of claim records. In some cases, these audits yield questionable results, which results in the pharmacy being referred to a more extensive onsite or investigative audit. Unlike the daily audit, which is usually just a verbal confirmation of a single prescription, these are typically several claims with a review of all of the elements of a valid prescription (drug name, quantity, days’ supply, directions for use, prescriber signature and authorization of brand or generic, date of prescription, and the number of refills authorized). Typically, errors found in these audits result in a financial chargeback to the pharmacy, however, they rarely result in a reversal and reprocessing of the claim unless there are regulatory requirements to do so. Common errors are for a quantity, which exceeds the days’ supply dispensed due to a lack of clarifying directions on an ambiguous direction for use; for example, a quantity of 90 for a 30 days’ supply without directions that would support using the product three times each day of the month.

On-Site Audit

A retrospective review of the claim transactions over the prior year and other key operations of the pharmacy that is completed at the location of the pharmacy is called an on-site audit. These audits were a staple to most pharmacy audit programs prior to COVID; they allowed for an on-site review of prescriptions that were directly pulled from the files while onsite, no pre-notification, and also allowed for verification of compliance with contractual and regulatory requirements such as, but not limited to, presence of licensed personnel, open during posted or required hours of operations, and confirm removal of expired products.

Investigative Audit

Another type of audit follows the process of a desktop audit, yet, is meant to investigate potential fraud or abuse. These investigative audits perform the same review of claim transactions that are seen in desktop audits, yet, in many cases also conduct member reviews, prescriber reviews, and inventory reviews. They will request copies of original prescriptions and proof of delivery, which is common in a desktop review. Additionally, they may mail requests to members or prescribers to validate the authenticity of the prescription. In a member review, the member may be sent a notification with a list of medications dispensed from the pharmacy with the opportunity to refute having received or requested the medication. Similarly, prescribers are sent requests with member and prescription information to validate they prescribed the medication for the member. Finally, the wholesalers used by the pharmacy are requested to provide information on the quantities and timeline of medications supplied to the pharmacy. In most cases, these intense reviews are only done on a pharmacy suspected of nefarious behavior.


Trends in Pharmacy FWA (Fraud, Waste, and Abuse)

There are several trending schemes that the audit and investigative teams managing pharmacy benefits should be focused on. These schemes include things like auto-refill of medications without patient consent or continued use, submission of false claims or claims not requested by the member, submission of claims not ordered by a prescriber, telemarketing ploys, submission of a different medication than what was dispensed, focusing on dispensing only high-cost NDCs, or inventory issues involving inventory purchases from unlicensed or unaccredited wholesalers.

The scheme of abusing the use of auto-refill is common: the pharmacy creates refills to maximize the patient’s healthcare benefits without validation of the need for the medication. In some cases, they deliver or mail these products to the patient, which creates a stock pile of unused and unnecessary products for the patient. In many cases, copayments for these are waived by the pharmacy as they use the scheme to increase utilization and prescription volume, which increases payments to their pharmacy from the PBM.

For medications that were not requested by the member, these are usually found during patient verifications that had a high volume of high-cost no prior authorization (PA) required medications. Members are mailed letters to request that they validate the prescriptions billed for them and dispensed by the pharmacy being audited or investigated. In some cases, patients return the letter with a selected check-box or written notes indicating that they received medication they never requested. On the flip-side, the audit and investigations often also validate with prescribers the authenticity of prescriptions. These letters to prescribers are often patient-specific, allow the provider to confirm the validity of the prescribed medications, and in some cases, find submitted claims that are not ordered by the prescriber.

Telehealth during the COVID-19 pandemic became a commonly used and understood mechanism of care, however, telemarketing schemes commonly uncovered in pharmacy audits and investigative activity are very different than the patient seeking care for a health concern. In these ploys, there are pharmacies that are paying telemarketing companies to call patients to solicit the use of prescription medications. These telemarketing companies have providers that are willing to then write prescriptions for the purported health care need, which are then fulfilled by the pharmacy using the telemarketing service. Common calls from these telemarketers focus on asking the patient if they have dry skin, diabetes, pain, or headaches. They then use the information to provide a telehealth directed prescription for high-cost vitamins, topical creams/ointments, or migraine treatments; all of which are directed at increasing the pharmacy prescription volume to create additional cash flow. Prescribers are typically unaware of the patient's overall health history and prescribe only the medications the pharmacy has selected for profitability.

When pharmacies find reimbursement to be better with two competitive medication products, they will submit the claim for the more expensive different product and dispense a less priced alternative. An example would be a topical cream with a low reimbursement that is dispensed with a claim transmitted for a higher reimbursement cost medication. Another example, is the use of an NDC (national drug code) for Medicare Part B-only test strips being purchased, dispensed (because it was purchased as a medical contract), and submitted to PBMs using the retail product NDC.

There are several pharmacies that have focused on soliciting business to dispense only high-cost NDCs. One major example seen is concierge pharmacy services that focus on working with a prescriber or group of prescribers to gain access to a large volume of prescriptions, such as dermatology groups using several topical products for every patient. The scheme isn’t just to gain a high volume of prescriptions, but then to carry only the NDC, which gives the best overall reimbursement to the pharmacy (usually a very high-cost NDC within a category). Topical acne and anti-inflammatory preparations are commonly included in this scheme. There may also be inappropriate relationships between the prescribers, the wholesaler, the manufacturers, and the pharmacies that is typically further investigated.

One of the largest issues in FWA for pharmacies is the mismanagement of inventory. During investigative audits, there are findings in which the pharmacy cannot provide sufficient evidence that they purchased medication in comparison to the volume of medication they dispensed. This could indicate false billings for medications not dispensed or medications being acquired from sources not compliant with contractual or regulatory requirements. This is a primary reason pharmacies are deemed to be engaged in fraud or abuse and subject to termination from PBM networks. Pharmacies either cannot provide evidence of legitimate purchases or provide documentation of purchases from illegitimate entities who are contractually forbidden (e.g. do not have accreditation as a Verified Accredited Wholesaler Distributor – VAWD).

Investigating your Investigations

Knowing what types of audits and investigations should be happening in a comprehensive review of the pharmacy benefit and the trends that are being seen in the reviews is only part of the battle in finding ways to ensure that these programs maintain a focus on removing inappropriate medication costs from the system. Beyond understanding the role of audit and investigations, payers need to (1) audit the pharmacy audit program to ensure funds are credited appropriately, (2) review audit findings routinely for changes in plan benefits, and (3) evaluate the payment structure for audit and investigative services.

Audit the Pharmacy Audit Program

In our white paper titled “The Ins and Outs of PBM Audit”, you will find details about the overall auditing of the PBM, a portion of which is auditing the audit program. The audit of the audit programs helps to confirm the payer is appropriately being compensated based on the adjustment needed from the audit or investigation, and if necessary, ensuring the adjustments were reported. For example, the Centers for Medicare and Medicaid Services (CMS) requires Prescription Drug Events (PDEs) to be submitted for every Medicare Part D prescription that the beneficiary fills, and any adjustments from the audit or investigation must also be reported on the PDE records.

Another aspect of the audit is to review the types of audits being performed and evaluate if there are areas of the network which remain vulnerable to fraud, waste, and abuse. In part, this evaluation looks at each type of audit being performed and compares it to those characterized above to confirm that pharmacies are being appropriately scrutinized for inappropriate claims activity. Finally, there is an aspect of the audit program to confirm trends being seen by other PBMs/vendors are being fully investigated by the audit program (they should be using other trends and findings to guide their program). Another important component is to verify a pharmacy audit program's analytics and monitoring capabilities are creating any weak points in the audit program (their daily analytics look for spikes in pharmacy, drug activity, monitor pharmacies for changes in activity, etc.). This overall assessment of the pharmacy audit program is very important with the high volume of fraud, waste, and abuse in pharmacy claims.

Review Audit Findings

Although we spoke about reviewing the audit findings for appropriate return of compensation due to the payer in the audit of the audit program, a review of the findings should go beyond financial compensation for the errors discovered and should include the use of the data (e.g. to determine what new areas should be included in the plan benefit design for the future.

For example, when audit findings show inappropriate quantities for a medication and it is routinely occurring, there should be a recommendation to create quantity edits to prevent this from re-occurring. Another example would be limiting the formulary coverage through exclusionary drug lists when high-cost products are routinely used. Pharmacies are typically audited specific to their practice type – for example, a compounding pharmacy should have a more extensive audit in which the compounding formulations are reviewed for accuracy against the prescribed order and the submitted claim. A final example would be when an audit uncovers inappropriate compounding, there should be a recommendation to limit the compounding of certain products or place limits for compounds above a dollar threshold without a prior authorization.

Audit and investigative departments may focus on finding errors and returning inappropriate claims financially to payers, however, finding ways to prevent errors may not be their area of focus and may also not allow them to continue to charge for these services if they begin to educate and remove errors. The focus on the audit program should not be to increase recoveries, but find ways to minimize the need for recoveries.

Evaluate the Payment Structure

Payers should also pay close attention to how they are compensating the PBM or vendor for the auditing and investigative process. Typically, there are three ways we see PBMs compensated including (1) no charge or included in their administrative fee for network management, (2) a flat fee per audit type, or (3) a percentage of recoveries.

For audit types that have no charge or have their fees built into an administrative charge, the biggest concern should be surrounding the lack of a robust audit program and the money which could be left on the table as there is no direct incentive to the PBM, unless there are performance penalties tied to the administration of the pharmacy audit program. In some cases, only some types of audit or investigative work fall under this no charge model, or in reality, for most payers, none of their pharmacy audit services fall under this type of model.

The audit programs or types of audits with a flat fee can charge a per audit or case fee based on the operational support that is necessary to conduct the audits. This may seem to be the most appropriate way to pay for the service offered by these audits and would allow for nearly all of the recoveries to go back to the payer, however, this is the least used model.

Finally, the most common type of fee is a percentage of recoveries or shared savings. This can be augmented with parameters to help control overall costs. For example, there may be a maximum to the amount the shared value can reach. In a case where a desktop audit finds a $10,000 error, and the client is sharing 25% back with the PBM or vendor, the steep fee of $2,500 for that quick phone call can be a big hit to the ability for the plan to recover an inappropriate payment, therefore, a maximum may be set at a specific dollar threshold by audit type. Furthermore, if the audit was a ‘real-time’ audit that happened before the pharmacy had time to fix the error on its own, the payer could have been way better off having had the claim never audited.


For many, this is a refresh of content already integrated as a staple of monitoring the overall medication cost management strategy, however, it can also be a much-needed reminder of how the pharmacy program should be constantly evaluated to ensure it is working to drive down costs. While our focus has been on the high costs of specialty or the looming costs of gene and cellular therapies, it is imperative to have an end-to- end management strategy that also focuses on the basics of pharmacy costs – the network of pharmacies, the dispensing of medications, and the auditing and investigating of that component of the pharmacy practice.


Evaluation of the pharmacy audit program should be a routine and integral part of the pharmacy benefit management strategy, and having dedicated staff or consultants to conduct this work makes the entire system work more like a well-oiled machine – finding mistakes, removing costs, and preventing future inappropriate spend.

Want to receive a copy of this white paper?

Please complete the form below and we will send it to you

About PayerAlly

PayerAlly’s mission is to provide cutting-edge support for our clients as they look to better manage prescription medication costs. We offer best-in-class consulting around the areas of PBM vendor management, clinical, financial, and strategic consulting to help clients better manage costs and improve the performance of their pharmacy benefit.