Headlines

• Understanding the DEA Exempted Product List

  • Monday, May 12, 2025

  When working directly with prescription medications in the pharmacy, it is generally easy to tell which drugs are controlled substances and which aren't. Controlled medications are typically packaged and shipped separately from non-controlled medications and the manufacturer bottles contain a required Symbol1 (i.e., C-II, C-III, C-IV or C-V). However, Title 21 of the Code of Federal Regulations, Part §1308.31 Application for exemption of a nonnarcotic prescription product2, provides exemptions for certain drug products from the Controlled Substance Act (CSA). Exemptions are given when the products meet specific criteria, including the presence of active ingredients believed to reduce the potential for abuse. The DEA publishes a list of Exempted Prescription Products3 which details the NDCs that are not considered a controlled substance. A manufacturer must apply for the exemption to receive the designation. Therefore, you may see two different manufacturers of the same drug product not linked in your pharmacy software system because one is flagged as a controlled substance, another as a non-controlled. An example of a drug that is on the list is butalbital/APAP/caffeine capsules. The NDC manufactured by Dr. Reddy (NDC 75907-0009-01) is not on the exempted list (it's a Schedule III), but the one made by Aurobindo (NDC 13107-0075-01) is on the list.  If the manufacturer has received an exemption, it will be listed in the above-mentioned table. This table is updated periodically by the DEA (last update was February 2025). PAAS Tips: Check drugs containing controlled substances against the DEA Table of Exempted Drug Products (and look for the required Symbol if the product is in stock) to determine which rules to follow If the NDC is not on the list, consider this product a controlled substance Check your software system to see if it flags products as a controlled substance down to the NDC level. There is a risk of refilling a controlled substance (that you thought was non-controlled) beyond the prescription expiration date or allowed refills PAAS National® recommends proceeding cautiously when medications have controlled and non-controlled versions to avoid any controlled substance law violations   By Trenton Thiede, PharmD, MBA, President at PAAS National®, expert third party audit assistance, FWA/HIPAA and USP 800 compliance.   References: https://www.ecfr.gov/current/title-21/chapter-II/part-1302 https://www.ecfr.gov/current/title-21/chapter-II/part-1308/subject-group-ECFR4b1bd9cfc7cf95f/section-1308.31 https://www.deadiversion.usdoj.gov/schedules/exempt/exempt_rx_list.pdf Copyright © 2025 PAAS National, LLC. Unauthorized use or distribution prohibited. All use subject to terms at https://paasnational.com/terms-of-use/.

  Read More

• Attorney General Coleman Urges Kentuckians to Check Eligibility for Compensation for Inflated Generic Drug Prices

  • Wednesday, April 2, 2025

  Attorney General Russell Coleman has announced that Kentucky is part of a multistate settlement with generic drug manufacturer Apotex over allegations of price inflation and anti-competitive practices. The $39.1 million settlement follows a similar $10 million agreement with Heritage Pharmaceuticals.   Patients who purchased certain generic prescription drugs between 2010 and 2018 may be eligible for compensation. As pharmacists, you may receive questions from patients about this settlement. Please direct them to the following resources to check their eligibility:   Call 1-866-290-0182 (Toll-Free) Email info@AGGenericDrugs.com Visit www.AGGenericDrugs.com   For more details, you can read the full press release here: https://www.kentucky.gov/Pages/Activity-stream.aspx?n=AttorneyGeneral&prId=1736.   If you or your patients have additional questions, they can contact Kevin Grout at kevin.grout@ky.gov or 502-545-0690.

  Read More

• Anticipating a Surge in HIPAA Compliance Audits

  • Thursday, March 13, 2025

  The Next Big Wave: Anticipating a Surge in HIPAA Compliance Audits  Desk audits, onsite audits, invoice audits…and HIPAA compliance audits?! Unfortunately every community pharmacy has some familiarity with third party payor audits, and PAAS National® audit analysts bring their expertise to guide members through the entire audit process, ensuring everything goes as smoothly as possible. But what about HIPAA compliance audits? With a potential surge in these audits on the horizon, it is important for covered entities (i.e., pharmacies) to evaluate their HIPAA compliance policies and procedures to fortify their program. You may ask, “Why are these audits being performed?” The Health Information Technology for Economic and Clinical Health (HITECH) Act requires that the Department of Health and Human Services (HHS) conduct periodic HIPAA audits, submit an annual report to Congress on HIPAA compliance, and provide annual guidance on the most effective technical safeguards for meeting Security Rule requirements. The Office for Civil Rights (OCR), within HHS, is tasked with overseeing these responsibilities. To verify OCR was performing their respective duties, the Office of Inspector General (OIG) performed a review of OCR's HIPAA compliance audit process. According to the OIG November 2024 brief, “OCR fulfilled its requirement under the HITECH Act to perform periodic HIPAA audits. However: OCR's HIPAA audit implementation was too narrowly scoped to effectively assess ePHI protections and demonstrate a reduction of risks within the health care sector. Specifically: OCR's audits consisted of assessing only 8 of 180 HIPAA Rules requirements; and Only 2 of those 8 requirements were related to Security Rule administrative safeguards and none were related to physical and technical security safeguards. OCR oversight of its HIPAA audit program was not effective at improving cybersecurity protections at covered entities and business associates.”   OIG recommended OCR increase the volume and breadth of their audits to raise their assurance that covered entities (like pharmacies) and business associates have complied with the Security Rule. OIG stated these audits will also help OCR provide covered entities with more opportunities to strengthen their security over ePHI. Additionally, on December 27, 2024, OCR issued a Notice of Proposed Rule Making (NPRM) to modify the HIPAA Security Rule to strengthen cybersecurity protections for ePHI. This is the first time since 2013 that OCR seeks to update the Security Rule. With the dramatic increase in cybersecurity threats, both malicious and unintentional, it seems that updates are more important now than ever. A fact sheet on the NPRM is available online. Since HIPAA compliance audits may be in your future (along with Security Rule updates), now is a great time to evaluate your HIPAA compliance program to get a good handle on where your vulnerabilities are, what threats you have and the risk of those threats. If you're not sure where to start, check out the PAAS FWA/HIPAA Compliance Program! PAAS Tips: Understand the components and importance of a HIPAA Security Risk Analysis Perform an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the pharmacy's ePHI Identify and implement reasonable and appropriate physical, technical, and administrative safeguards as required by the HIPAA Security Rule Know the terms Vulnerability – a flaw or weakness in system security procedures, design, implementation or internal controls Threat – the potential for a person or thing to exercise a specific vulnerability (natural, human, and environmental) Risk – a function of the probability that a threat will attack a vulnerability and the resulting impact to the organization PAAS' FWA/HIPAA Compliance Program members have access to: Update their HIPAA Risk Analysis Complete annual Cybersecurity training on the Member Portal Policies and procedures to comply with HIPAA Privacy, Security and Breach Notification rules which include customized administrative, physical and technical safeguards Contingency Planning and Preparedness Pharmacist experts to support you in FWA/HIPAA Compliance   By Trenton Thiede, PharmD, MBA, President at PAAS National®, expert third party audit assistance, FWA/HIPAA and USP 800 compliance.

  Read More