On February 11, 2020, the U.S. Department of Health and Human Services’ Office of Inspector General (OIG) released its findings of a recent audit into Medicare Part D eligibility verification transactions (E1 transactions).  Because E1 transactions contain beneficiary protected health information, E1 transactions may only be used for limited purposes. According to the report, the OIG found that the majority of providers audited used E1 transactions for purposes other than to bill for a prescription or determine drug coverage billing order.

As part of the Part D program, pharmacies must determine eligibility for enrollees in real time at the point of sale.  As a result, CMS developed the E1 transaction, which is a method that allows pharmacies to determine whether a person is enrolled and covered by Part D.  E1 transactions require the submission of certain protected health information (PHI) and therefore, must remain confidential. Providers may only use E1 transactions for their intended purpose – determining a beneficiary’s Part D coverage to bill for a prescription. 

CMS flagged a particular mail-order pharmacy that had submitted a large volume of E1 transactions relative to the number of prescriptions processed, which prompted the OIG to conduct an audit of 30 different providers. The providers selected by the OIG collectively submitted over 3.9 million E1 transactions, including the mail order pharmacy identified by CMS. 

The audit discovered that over 2.6 million of the E1 transactions could not be matched with a corresponding prescription, raising the question why these E1 transactions were submitted if not to fill a prescription.  The OIG found that providers obtained coverage information for beneficiaries who did not have prescriptions, evaluated marketing leads, and allowed marketing companies to submit E1 transactions under the providers’ NPI for marketing purposes.  One provider who had contracts with various marketing companies claimed that over 100,000 E1 transactions were submitted by the marketing companies without authorization. The OIG noted that this “practice of granting telemarketers access to E1 transactions or using E1 transactions for marketing purposes puts the privacy of the beneficiaries’ PHI at risk.”

Based on its findings, the OIG made several recommendations to CMS: 

  • Continue to monitor providers who submit a high number of E1 transactions relative to prescriptions processed; 
  • Issue guidance clearly stating E1 transactions should not be used for marketing purposes; 
  • Ensure that only pharmacies and other authorized entities submit E1 transactions; and 
  • Take appropriate enforcement action when abuse is identified. 

CMS largely agreed with the OIG’s recommendations and stated that it is working to develop additional guidance pertaining to E1 transactions. CMS has the ability to revoke E1 access if it detects misuse and is looking into additional ways to take enforcement action against providers that inappropriately use E1 access.  The entire OIG report can be read here.