March 2023 - Newsletter

Included in this newsletter


Cyber Security

Jeff and Becky attended an FBI cyber security training in February. Cybersecurity insurance is becoming hard to obtain. Every pharmacy and DMEPOS facility needs to have a cyber security policy. If your systems do not prompt all users to change the password every 90 days, then you must implement this. You never know you have been hacked until a ransom is demanded or your patients contact you stating that their personal information has been stolen.

Billing Medicare Part B for Insulin with New Limits on Patient Monthly Coinsurance

Starting July 1, 2023, Part B coinsurance for a month's supply of insulin used in an insulin pump covered under the DME benefit can't exceed $35. Read more

CMS Fact Sheet for the Post Pandemic; Vaccines, Testing, & Access

As part of the Centers for Medicare & Medicaid Services (CMS) ongoing efforts to provide up-to-date information to prepare for the end of the Public Health Emergency (PHE) for COVID-19, which is expected on May 11, 2023, an overview fact sheet has been provided: CMS Waivers, Flexibilities, and the Transition Forward from the COVID-19 Public Health Emergency. 

401k Plan Options and Changes

The federal government is trying to increase company participation in 401K plans for their employees. All fees for the first three years are available for full tax credits. We started the R.J. Hedges Multiple Employer Plan (MEP) a couple of years ago and we are t fully set up now. There are three options available for our clients:

  1. Start a new 401K under the MEP. Documentation and plan development has never been easier.
  2. If you already have a 401K plan, you can transfer your plan into our MEP. In a group plan, the annual fees will be lower because of the power of the overall assets.
  3. If you have a SimpleIRA, you cannot enter into a 401K plan until January 1, 2024. However, you can start planning now for the transition. There are a couple of items that would need to be completed before January 1st. One of the perks is that owners can put a lot more into a 401K than a SimpleIRA.

Contact your Project Manager for more information and the 401K team will begin a discussion with you.

Compliance Reviews

We have been reviewing the way we complete Compliance Reviews with our clients. The number one complaint is that there is too much information presented in the three hour period.

Our solution is to record the Compliance Review information one program at a time and post them recordings on the Optional Training section in the new eLearning Center. We will do these with a live audience in a webinar format. You will receive a Zoom meeting notification via email if you would like to attend. The schedule will start in a few weeks beginning with the DEA program and moving left to right as indicated in the table below:


Diabetic Shoes




Hazardous Drugs

Human Resources



Non-Sterile Compounding


Compliance Tools

Employee Retention Credit (ERC)

The ERC was established to provide a refundable employment tax credit to businesses that were impacted by the COVID-19 pandemic. The IRS has modified the rules concerning the ERC Program. At first, any business that received a PPP loan could not also apply for the ERC but the Consolidated Appropriations Act of 2021 has made it possible to receive the ERC retroactively back to 2020. If you had to alter your pharmacy or DMEPOS operations because of COVID-19, your facility may qualify for these tax credits. Your tax returns must be amended if the ERC application is finally submitted to the IRS.

Look for attorneys in your area who are providing these services, check references, and apply. If you cannot find a reputable law firm, RJ Hedges & Associates is using a law firm from Erie, PA, called Rust Belt Business Law.

Pharmacy Benefits Manager (PBM) requestng Medication Error Reporting

PBMs are requesting that pharmacies provide Medication Error Reports. We are advising that you reply with the following statement:

  • "Our pharmacy contracted with Alliance for Patient Medication Safety (APMS), a Patient Safety Organization (PSO), last year and we are reporting to them. Error reporting to a PSO is authorized under the Patient Safety Act and any adverse events or medication errors reported to the PSO is considered Patient Safety Work Product and is privileged."

If the pharmacy is NOT contracted with and is not updating its weekly prescription numbers to a PSO, such as APMS, the pharmacy is not protected under the Patient Safety Act and must follow the contract requirements of the PBM. Most importantly, the pharmacy has no protection from any subpoenas for records requests and from legal inquiries.

Drug Supply Chain Act (DSCSA) or Track and Trace

Several companies have started a mass marketing campaign regarding the DSCSA rules that go into effect on November 23rd. A couple of key components of the DSCSA system still need to be completed. You don't need any additional software other than your pharmacy software. Our policy and procedure for the Drug Supply Chain Security (Track and Trace) is current for today and will be updated with any new requirements as necessary. All federal and PBM requirements are in place and meet or exceed the respective standards (this is dependent on which programs you are enrolled in with R.J. Hedges & Associates.)

The pharmacy industry hopes this rule will be delayed but the Food and Drug Administration (FDA) is firm that there will be no delay. Of course, this could change by November.

The two leading pharmacy software companies are working on this process. At this time, there is only one company that has a successfully tested program.

DSCSA will change your workflow and terms such as credentialing, storage requirements, data matrix, and Global Trade Item Number (GTIN) will become part of your vocabulary. The state pharmacy boards will be responsible for enforcement but the Pharmacy Benefits Managers (PBM) could pull back the reimbursement if a National Drug Code (NDC), lot number, expiration date, or serial number is incorrect, or if the invoice and GTIN do not match.

We will have a podcast soon with more information.

Non-Sterile Compounding Compliance Program Update

The policies and procedures for the Non-Sterile Compounding program are about 75% complete. Jeff just returned from a USP conference on preparing for November 1, 2023 and the final items will be completed soon. ACHC accreditation standards are also being incorporated and will we seek ACHC approval of our policies and procedures.

We are also looking for anyone who would like to be a peer reviewer. If you are interested, please get in touch with your Project Manager.

TikTok - Cyber Security Threat

TikTok presents a severe security issue and a cyber security threat. If you are using TikTok on any device, especially in the healthcare arena, you should be aware that the software tracks every device and the information. Aynne Kokas, an author and the director of the University of Virginia East Asia Center, broke down some concerns during an interview with CBS News on Dec 12, 2022. "The first is the type of data that TikTok, as an app, can gather about our usage of the technologies," Kokas said. That includes our contacts, voice, images, and things we like on the app or preferences. Then there's the aspect of what the app can gather on our phones outside that app," she said.

That could include your fingerprint you use to unlock the phone. The worry is that China's government can audit data from ByteDance for security reasons, potentially influencing users with what does or does not appear in their TikTok feed. Would that be a concern if China's government could access information on your phone? Kokas says not necessarily. Read the full CBS News article here.

If 30 states have banned TikTok on government issued devices and networks, should your business do the same? Click here for the 30 states and their reasons behind the ban.

We strongly advise all pharmacies and healthcare facilities to ban TikTok on company-owned property. Any data collected by TikTok from a healthcare system, including email, is a Reportable HIPAA breach. The healthcare facility will need to prove actions were taken before a breach.


Updated Forms

  • Compounding <USP 785> New Version
    • Compounding Cempetency Review
    • Master Formulation Record
  • Hazadous Drugs <USP 800>
    • Annual Review of P&P and SOP


  • DEA and Pharmacy
  • Amphetamine Treatment Plan Request Form
  • Medication-Assisted Treatment (MAT) Plan Request Form
    • Opioid Treatment Plan Request Form

Updated Policies and Procedures

  • DEA and Pharmacy
    • Securing and Handling of Controlled Substances
    • Transmission Security
    • Safeguards
  • Human Resources
    • Background Investigations
    • Termination of Employment
    • New Workforce Member Hiring Process
  • OSHA
    • OSHA GHS Labeling
    • Vehicle Safety
    • Employee Information and Training
  • Pharmacy
    • Medication Adherence Program Set Up Procedure

New Policies and Procedures

    • Uses and Disclosures through Non-Public Facing Remote Communications (Telemedicine)

Updated Plans

Note: Project Managers are contacting their clients individually so the correct information can be entered or edited. On-going through April 2023)

  • HIPAA Compliance
    • Disaster Recovery Plan
    • Risk Analysis
    • Risk Management Plan
  • OSHA Compliance
    • Bloodborne Pathogen Control Plan