Audits are performed to ensure providers—and claims for drugs, medical supplies, and services paid by PharmaCare to a provider—are in compliance with the terms of relevant Acts, regulations, bylaws, policies and procedures.
Application of policy
This policy applies to all providers enrolled in PharmaCare by way of:
Issues subject to audit
The Pharmaceutical Services Act and Provider Regulation establishes the following with regard to audit:
An inspector may audit or inspect in respect of:
Claims subject to audit
All PharmaCare claims are subject to audit to confirm compliance with the provisions of the following:
Note: The above list includes College of Pharmacists of BC bylaws, PharmaCare policies and procedures, and policy and procedural updates communicated in PharmaCare Newsletters which the above Acts, enactments, regulations or limiting conditions require providers to follow.
Audit inspectors
Audits are performed by PharmaCare Audit and Audit Intelligence and Operations, Audit and Investigations Branch, Financial and Corporate Services Division, Ministry of Health.
PharmaCare auditors are appointed as inspectors by the Minister of Health pursuant to the Pharmaceutical Services Act for the purposes of conducting audits.
Under the Pharmaceutical Services Act, a person who is subject to an audit must do all of the following on the request of the audit team:
If records that are required are not located on the premises, the person who has possession of those records must produce and permit inspection of those records if requested by the audit team.
If the audit team is not provided with sufficient information to conduct the audit, an adverse inference may be drawn. The result may be a denial of claims for which the audit team has not been provided sufficient information.
In addition, knowingly providing false or misleading information to the audit team, or willfully interfering or obstructing the audit team constitutes an offence under the PSA. A person who commits such an offence is liable on conviction to a fine up to $200,000 or to imprisonment for a term up to six months, or to both.
PharmaCare auditors will complete a Temporary Removal of Documents form with the manager of the provider site being audited when records are removed.
In the event that PharmaCare auditors remove any records from a provider site or the location where the records are kept, the records will be returned within 20 business days.
For electronic records to be deemed accessible, inspectors must be able to sort and filter the records based on one or more of the following data elements:
The point of sale (POS) system must support export of a record or collection of records (a set of images) usable for subsequent reference. The collection of records must be able to be transferred off-site via secure file transfer processes or via encrypted email for small files. The transfer of encrypted emails must be confirmed before the data transfer. Both transfer methods must be compliant with all relevant legislation.
The export images must be PDF. The file name must include the following, separated by dashes (-):
Providers must abide by the record-keeping requirements as specified in the Pharmaceutical Services Act and Regulations, including Section 12, 13 and 14 of the Provider Regulation.
For the purposes of calculating non-compliant claims amounts, information a provider obtains from a prescriber/other provider after an onsite audit cannot be used to support a disallowed prescription claim.
The PharmaCare program allows electronic recordkeeping if the provider meets the standards set out in this policy.
Electronic recordkeeping does not diminish the responsibility to maintain records or comply with obligations under the Pharmaceutical Services Act (PSA). The following standards apply to all electronic records supporting PharmaCare claims, including prescriptions, PharmaCare forms and certain CPBC forms (listed at the end of this section). Any claims based on digital-only records that do not meet these standards will be subject to full recovery.
Please note that in this policy, the terms "electronic record” and “digital record” are used interchangeably since both terms are used in related documents (Pharmacy Operations and Drug Scheduling Act (PODSA); Health Professions Act (HPA); and PharmaNet conformance standards).
Where applicable, PharmaCare’s requirements are supported by technical requirements defined in the Ministry of Health Conformance Standards, Volume 4C– Application Enforced Rules for PharmaNet. This volume of the conformance standards defines the application rules that must be enforced by POS systems when accessing PharmaNet.
New rules were added on September 30, 2021 to Volume 4C, section 3.6.1 (version 3.3) of the conformance standards to support electronic recordkeeping, although as of the writing of this policy the conformance testing of these rules had not been completed and a deadline for conformance testing had not been established. Further, the conformance standards and associated rules are subject to change.
Provision and retention of original records
The PharmaCare program’s requirement for providers to retain original records in digital form is satisfied if there exists reliable assurance as to the integrity, legibility and accessibility of the record.
Records must be maintained for the longest applicable period stipulated by the PODSA bylaws or the Provider Regulation (under the PSA) at a minimum. In effect, this is 4 years for 1-year prescriptions, 5 years for 2-year prescriptions (i.e., birth control), and 4 years for PharmaCare forms, or until an audit or inspection is complete, whichever is longer.
If storing digital records for paper/fax prescriptions and/or PharmaCare record types in the point of service (POS) system, each of the requirements described in the PharmaNet conformance standards (3.6.1 PNetTx8.2 and PNetTx9.1) must be met. Should these requirements be amended in the future, the amended requirements must be met.
Custody and control of information in digital records
When a pharmacy collects personal information and records it on a PharmaCare form, the pharmacy is creating its own record, over which it has custody and control. However, once the data in the record is submitted to the Ministry of Health (the Ministry), the Ministry will have custody and control of the submitted record. The pharmacy still has custody and control of any record remaining on its local system.
Record preservation and back-up
Digital records must be preserved and backed up at least once daily and stored in a location resistant to environmental perils including, but not limited to, fires and floods. They must be secure from unauthorized access, use, modification, destruction, and disclosure. The backed-up records, once restored, must also be compliant with applicable legislation, regulations, policies and bylaws.
Amendments to records
Once an electronic version of a record is created, the original electronic record must remain verifiably complete and unaltered and its integrity must be maintained. In the event a record is amended to correct an error or omission, the new record must be created as a separate document, with the original document and full evidentiary trail of changes maintained and accessible.
Recordkeeping policy and confidentiality undertakings
Documentation regarding the filing system adopted by the provider must be maintained by the provider and must be made available to the Ministry upon request. The documentation must include a description of the process for preservation, storage and back-up of electronic records, how they can be accessed by authorized individuals, and the effective date the provider adopted electronic recordkeeping.
The electronic records collected, used and retained on the pharmacy’s local POS system, contain personal and other information that can be easily disclosed when in an electronic format. The registrant must maintain confidentiality by disclosing the electronic record only for the purposes listed in the HPA Bylaws, s. 72. The CPBC requires the pharmacy manager, the registrant, the pharmacy support staff and the vendor to sign confidentiality undertakings to protect the confidentiality of both PharmaNet and pharmacy POS system records, including prescription and non-prescription records. In addition, the legislation, including the PSA, and bylaws are very clear that there may be no disclosure for market research.
Change in recordkeeping systems
In the event of a change in the recordkeeping system, the provider maintains responsibility for retention of and access to all records prior to the change. Any claims made based on records that cannot be produced will be subject to full recovery.
Transfer of records between providers
In the event of a change in provider ownership, the new owner is responsible for the retention of and access to the transferred records and the integrity of the records received from the previous owner.
Any claims based on invalid records or records that cannot be produced will be subject to full recovery.
Pharmacy closures
The policy remains in effect in the event of a pharmacy closure. If a pharmacy closes permanently, it is required to either transfer its records to another pharmacy or to a secure storage site. The owner of the closing pharmacy remains responsible for all records in storage for their retention time as required by applicable legislation, regulations and bylaws. The owner of the closing pharmacy is also required to produce records to support claims and is liable for full recovery. Transferred records become the responsibility of the owner(s) of the receiving pharmacy.
Any claims made based on invalid records or records that cannot be produced will be subject to full recovery.
Definition of signature
For prescriptions, the requirements for signatures are defined by the CPBC.
For PharmaCare and CPBC forms that support PharmaCare claims and require prescriber, provider or patient signatures, there must be safeguards against repudiation, and the signature and process for obtaining the signature must definitively verify the identity of the signing party. The signature must be unique and applied by a human hand and must be an integral part of the original content. Records containing a stock electronic signature that is not unique or is not under control at all times of the individual whose signature it is are not acceptable. An image of a signature subsequently attached to the document is also not acceptable. Records with invalid signatures are subject to full recovery.
When paper originals are scanned for electronic storage, the “wet” signature of the prescriber, provider or patient is scanned as part of the document scanning process. This is a valid representation of the signature.
Image quality
Records stored electronically must include an image file that accurately reflects the prescription, form or other document, including the colour composition of that document; therefore, any physical records that are converted to an electronic record must be scanned in colour. The requirement for colour scanning ensures image quality requirements are met. If the record is not scanned as a colour image, it is not considered a valid record for audit purposes and will be subject to full recovery. The PharmaCare program’s colour requirement matches that of the HPA Bylaws s. 65.1(5) and PODSA Bylaws s. 23.1(5) and extends to any record supporting PharmaCare claims.
Readability
All necessary details available on a hardcopy document must be available and clearly legible on the electronic version of the record. Determination that a record does not meet the standard of readability will be made by the Ministry, in its sole discretion, at the point of review. If any elements of the record that are required for an audit or inspection are determined to be unreadable, the record will not be valid and any claim associated with the record will be subject to full recovery.
Access to electronic records for audits and inspections
Per ss. 36, 38 and 39 of the PSA, electronic records must be accessible by inspectors upon request.
For a record to be deemed accessible, the application must be able to search and export digital records as described in the PharmaNet conformance standards (3.6.1, PNetTx9.2 and PNetTx9.4). If the POS system allows users to sort and/or filter digital records of paper/fax prescriptions and/or PharmaCare record types, the application must meet PharmaNet conformance standards PNetTx9.3. Should these requirements be amended in the future, the amended requirements must be met.
Failure to produce electronic records
If a claim is based on electronic records only and those records cannot be produced, the claim will be subject to full recovery.
The Ministry cannot require a pharmacy’s POS system to have the functionality outlined in the standards before conformance testing is completed. The standards were released on September 30, 2021, but the conformance testing deadline is not yet established.
However, some vendors have developed some related capacities in response to the College’s 2018 changes to its bylaws under the HPA and PODSA permitting an electronic-only option for storage of prescriptions and other records. If that functionality can be used to manage digital records before the conformance testing, and the pharmacy can meet the other requirements of this policy, the pharmacy is not required to keep hardcopy records.
If the system cannot meet the requirements of this policy, a paper copy of the records in scope for this policy must be retained and available for the purposes of inspection or audit.
This policy and its stipulations for electronic recordkeeping will only apply to pharmacy records from the policy’s implementation date (March 1, 2022). Records entered prior to implementation must meet previous standards; the new policy will not apply retrospectively.
List of records subject to the electronic recordkeeping policy
Note: Inspectors may review any form related to a PharmaCare claim; this list is only a sample.
Note that the CPBC OAT Part-Fill Accountability Log is not included in the electronic recordkeeping policy at this time, as the hardcopy records of a prescription for drugs included in the controlled prescription program are also excluded from electronic recordkeeping.
Recovery of non-entitled amounts
The Pharmaceutical Services Act establishes the following with regard to recoveries:
Once a recovery amount is 30 days overdue it becomes subject to interest pursuant to the Financial Administration Act, Section 20: Interest on Overdue Accounts.
Selection for audit
Selection of a provider for audit may be made by statistical analysis and comparison of claims data, random selection, direct selection, or other means.
The method of selection will be identified in the Audit Reports.
Audit notification
Providers are informed by formal notice of an audit, including a letter—by fax, hand delivery or courier—confirming the auditors as duly authorized inspectors pursuant to the Pharmaceutical Services Act.
Audit sampling
An inspector when conducting an audit, may determine the results of an audit under the Pharmaceutical Services Act, in accordance with Ministerial Order number M066 dated March 11, 2015, including
Draft audit report
The PharmaCare Audit inspectors prepare a Draft Audit Report for all audits they perform.
The Draft Audit Report identifies the
Providers have 60 days to respond to Draft Audit Reports by providing any further records, information or documentation that can confirm the audited claims were in compliance with the Pharmaceutical Services Act.
Provider responses to Draft Audit Reports are reviewed by the PharmaCare Audit inspectors and are considered prior to preparing the Audit Report.
Audit report
The results of the audit set out in the Audit Report are provided to the person subject to the Audit.
In the event of a recovery of non-entitled amounts, the covering letter of the Audit Report outlines the repayment options.
Repayment is pursued in the manner established in the Pharmaceutical Services Act.
Results of audits may be referred to the College of Pharmacists of BC or other regulatory bodies, if appropriate.
Confirmation Letter Program
The Confirmation Letter Program is used to randomly or selectively confirm PharmaCare claims information with patients or physicians.
PharmaCare Audit mails a confirmation letter to a random sample of patients selected from a random sample of pharmacies.
The letter requests confirmation that the patient has received the medications or services that PharmaCare claims data identifies as having been dispensed to the patient in the previous months (refer to the sample confirmation letter below).
Results from returned confirmation letters are compiled and anomalies reported by patients (e.g., medications a patient indicates were not received) are investigated.
Select confirmation letters may be used to support provider audits at the discretion of PharmaCare Audit.
Letters may be mailed to physicians or patients to verify PharmaCare claims information.
Results from returned confirmation letters are compiled and included in the audit file.