Headlines

• Attorney General Coleman Urges Kentuckians to Check Eligibility for Compensation for Inflated Generic Drug Prices

  • Wednesday, April 2, 2025

  Attorney General Russell Coleman has announced that Kentucky is part of a multistate settlement with generic drug manufacturer Apotex over allegations of price inflation and anti-competitive practices. The $39.1 million settlement follows a similar $10 million agreement with Heritage Pharmaceuticals.   Patients who purchased certain generic prescription drugs between 2010 and 2018 may be eligible for compensation. As pharmacists, you may receive questions from patients about this settlement. Please direct them to the following resources to check their eligibility:   Call 1-866-290-0182 (Toll-Free) Email info@AGGenericDrugs.com Visit www.AGGenericDrugs.com   For more details, you can read the full press release here: https://www.kentucky.gov/Pages/Activity-stream.aspx?n=AttorneyGeneral&prId=1736.   If you or your patients have additional questions, they can contact Kevin Grout at kevin.grout@ky.gov or 502-545-0690.

  Read More

• Anticipating a Surge in HIPAA Compliance Audits

  • Thursday, March 13, 2025

  The Next Big Wave: Anticipating a Surge in HIPAA Compliance Audits  Desk audits, onsite audits, invoice audits…and HIPAA compliance audits?! Unfortunately every community pharmacy has some familiarity with third party payor audits, and PAAS National® audit analysts bring their expertise to guide members through the entire audit process, ensuring everything goes as smoothly as possible. But what about HIPAA compliance audits? With a potential surge in these audits on the horizon, it is important for covered entities (i.e., pharmacies) to evaluate their HIPAA compliance policies and procedures to fortify their program. You may ask, “Why are these audits being performed?” The Health Information Technology for Economic and Clinical Health (HITECH) Act requires that the Department of Health and Human Services (HHS) conduct periodic HIPAA audits, submit an annual report to Congress on HIPAA compliance, and provide annual guidance on the most effective technical safeguards for meeting Security Rule requirements. The Office for Civil Rights (OCR), within HHS, is tasked with overseeing these responsibilities. To verify OCR was performing their respective duties, the Office of Inspector General (OIG) performed a review of OCR's HIPAA compliance audit process. According to the OIG November 2024 brief, “OCR fulfilled its requirement under the HITECH Act to perform periodic HIPAA audits. However: OCR's HIPAA audit implementation was too narrowly scoped to effectively assess ePHI protections and demonstrate a reduction of risks within the health care sector. Specifically: OCR's audits consisted of assessing only 8 of 180 HIPAA Rules requirements; and Only 2 of those 8 requirements were related to Security Rule administrative safeguards and none were related to physical and technical security safeguards. OCR oversight of its HIPAA audit program was not effective at improving cybersecurity protections at covered entities and business associates.”   OIG recommended OCR increase the volume and breadth of their audits to raise their assurance that covered entities (like pharmacies) and business associates have complied with the Security Rule. OIG stated these audits will also help OCR provide covered entities with more opportunities to strengthen their security over ePHI. Additionally, on December 27, 2024, OCR issued a Notice of Proposed Rule Making (NPRM) to modify the HIPAA Security Rule to strengthen cybersecurity protections for ePHI. This is the first time since 2013 that OCR seeks to update the Security Rule. With the dramatic increase in cybersecurity threats, both malicious and unintentional, it seems that updates are more important now than ever. A fact sheet on the NPRM is available online. Since HIPAA compliance audits may be in your future (along with Security Rule updates), now is a great time to evaluate your HIPAA compliance program to get a good handle on where your vulnerabilities are, what threats you have and the risk of those threats. If you're not sure where to start, check out the PAAS FWA/HIPAA Compliance Program! PAAS Tips: Understand the components and importance of a HIPAA Security Risk Analysis Perform an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the pharmacy's ePHI Identify and implement reasonable and appropriate physical, technical, and administrative safeguards as required by the HIPAA Security Rule Know the terms Vulnerability – a flaw or weakness in system security procedures, design, implementation or internal controls Threat – the potential for a person or thing to exercise a specific vulnerability (natural, human, and environmental) Risk – a function of the probability that a threat will attack a vulnerability and the resulting impact to the organization PAAS' FWA/HIPAA Compliance Program members have access to: Update their HIPAA Risk Analysis Complete annual Cybersecurity training on the Member Portal Policies and procedures to comply with HIPAA Privacy, Security and Breach Notification rules which include customized administrative, physical and technical safeguards Contingency Planning and Preparedness Pharmacist experts to support you in FWA/HIPAA Compliance   By Trenton Thiede, PharmD, MBA, President at PAAS National®, expert third party audit assistance, FWA/HIPAA and USP 800 compliance.

  Read More

• KY Confirms Measles Case

  • Friday, February 28, 2025

  The Kentucky Department for Public Health (KDPH) has identified a confirmed case of measles in an adult who recently traveled internationally to an area with ongoing measles transmission. This is the first confirmed case of measles in a Kentucky resident since February 2023. KDPH is working with local health departments to identify and contact individuals who may have been exposed. This case comes amidst a rise in cases of measles globally and domestically, including a large ongoing outbreak in Texas and New Mexico. On February 26, the Texas Department of State Health Services announced the first death associated with the outbreak in an unimmunized school-aged child. This is the first measles related death in the United States since 2015. Be alert for signs and symptoms of measles, particularly among people who have not received two doses of measles-containing vaccine. Healthcare providers should also consider outreach to patients who are eligible for MMR vaccination to encourage routine immunization. Collect detailed travel history for patients with febrile rash illness and consider measles in patients who report any international travel, as well as travel to areas in the U.S with ongoing outbreaks. Measles is a reportable disease requiring urgent notification. If measles is suspected, healthcare facilities should implement appropriate infection prevention and control measures and report any case, suspected case, or positive laboratory result immediately via telephone to the local public health department jurisdiction in which the patient resides within 24 hours. Do not wait for a positive result to initiate contact with public health. Measles virus testing is available at the KDPH Division of Laboratory Services (DLS) for eligible clinical specimens upon approval. KDPH requests that providers send specimens for PCR testing of all suspect measles cases to DLS rather than to commercial labs, to avoid significant delays in public health response measures. Measles resources for healthcare providers and the public can be found on the KDPH measles website.

  Read More