Pharmacy Compliance Glossary

The state agency that licenses pharmacies and pharmacists and inspects them for compliance with state pharmacy law. Requirements vary by state.

The HIPAA rule requiring covered entities to notify affected individuals, HHS, and sometimes the media after a breach of unsecured protected health information. Codified at 45 CFR §§164.400-414.

A single, continuously updated measure of how inspection-ready a pharmacy is across its compliance areas - tasks complete, training current, screenings logged, and documents on file.

The five federal schedules (I-V) that classify controlled substances by abuse potential and accepted medical use under the Controlled Substances Act (21 USC 812).

The DEA application a retail pharmacy uses to register to dispense controlled substances. The resulting registration must be renewed every three years.

Price concessions and incentive payments in Medicare Part D that adjust a pharmacy’s final reimbursement after the point of sale. Reforms moved these concessions to the point of sale beginning January 1, 2024.

A 2013 federal law (Title II of the Drug Quality and Security Act) that builds an electronic, interoperable system to trace prescription drugs through the U.S. supply chain.

A category of compliance training and controls required of pharmacies that participate in Medicare Part D, aimed at preventing improper billing, kickbacks, and misuse of program funds.

A 1996 federal law that, among other things, sets national standards for protecting individuals’ health information. For pharmacies it drives privacy, security, and breach-notification obligations around protected health information (PHI).

The HIPAA regulation that governs how protected health information (PHI) may be used and disclosed, and gives patients rights over their records. Codified at 45 CFR Part 160 and Part 164 (Subparts A and E).

The HIPAA regulation that requires administrative, physical, and technical safeguards for electronic protected health information (ePHI). Codified at 45 CFR Part 164 Subpart C.

The OIG’s public database of individuals and entities barred from participating in federal health-care programs. Pharmacies screen staff and vendors against it.

The Medicare prescription drug benefit, delivered through private plans. Pharmacies that serve Part D patients must meet the compliance-program expectations CMS places on plan networks.

A practice run of a regulatory inspection in which a consultant evaluates a pharmacy the way a board or PBM auditor would, then delivers findings and a remediation plan before the real inspection.

The HHS Office of Inspector General - the federal office that investigates fraud in HHS programs and maintains the list of individuals and entities excluded from federal health-care programs.

The process of checking employees, contractors, and vendors against the OIG LEIE (and often SAM.gov) to confirm none are excluded from federal health-care programs.

The process of completing and maintaining the applications, documents, and verifications a Pharmacy Benefit Manager requires for a pharmacy to join and stay in its network.

A third-party company that administers prescription drug benefits for health plans - processing claims, setting reimbursement, and contracting with pharmacies through their networks.

The pharmacy’s written set of policies and standard operating procedures covering how it meets federal and state requirements. Inspectors routinely ask to see it.

A state-run electronic database that tracks dispensing of controlled substances. Most states require pharmacies to report dispensing data and many require prescribers or pharmacists to check it.

The exclusion records in the federal System for Award Management (SAM.gov), covering parties debarred or excluded from federal contracts and programs - a complement to the OIG LEIE.

The documented analysis of risks to electronic protected health information required by the HIPAA Security Rule, together with the measures taken to reduce them.

The United States Pharmacopeia general chapter that sets standards for compounding nonsterile preparations (creams, capsules, oral liquids, and similar).

The USP general chapter governing sterile compounding, including environmental controls, beyond-use dating, and personnel training to prevent contamination.

The USP general chapter on safe handling of hazardous drugs in health-care settings, protecting workers, patients, and the environment across receipt, storage, compounding, and disposal.