Protecting 340B Program Integrity in a High-Scrutiny Environment

340B Compliance Guide: What every covered entity needs to know about compliance, audit readiness, and the technology that makes it sustainable

The 340B Drug Pricing Program has never faced more pressure. Manufacturer restrictions, increased HRSA audit activity, Medicaid duplicate discount complexity, and a rapidly evolving legal landscape have created a compliance environment where the stakes are high and the margin for error is narrow.

For covered entities — disproportionate share hospitals, critical access hospitals, federally qualified health centers, and other safety-net providers — maintaining program integrity is no longer a back-office function. It’s a strategic imperative that touches pharmacy operations, finance, billing, and compliance leadership simultaneously.

This guide breaks down what 340B compliance requires today, where covered entities most commonly fall short, and how to build a compliance program that holds up under audit scrutiny — and supports the mission of serving vulnerable patients for the long term.

Key Insight: Covered entities that invest proactively in compliance infrastructure consistently demonstrate better audit outcomes and greater program sustainability than those relying on reactive, manual processes.

---

Section 01

The 340B Landscape: A Program Under Pressure

What is the 340B Program?

Created under Section 340B of the Public Health Service Act in 1992, the 340B program requires pharmaceutical manufacturers to offer discounted drug prices to qualifying covered entities that serve low-income and uninsured patients. The program has grown from a relatively modest initiative into a cornerstone financial mechanism for safety-net health systems — now representing over $44 billion in annual drug purchases.

That growth, however, has attracted scrutiny from manufacturers, policymakers, and auditors. The result is a compliance environment significantly more complex than the one covered entities navigated even five years ago.

The five pressures reshaping 340B compliance today

1. Manufacturer drug restrictions: More than 30 drug manufacturers have implemented restricted distribution policies limiting 340B access through contract pharmacy arrangements. These policies — currently subject to ongoing federal litigation — require covered entities to continuously monitor and adapt their dispensing networks.
2. HRSA audit expansion: The Health Resources and Services Administration conducts both for-cause and routine audits of covered entities. Audit findings can trigger repayment obligations, corrective action plans, and in severe cases, termination from the program.
3. Medicaid duplicate discount risk: Billing Medicaid for a drug purchased at the 340B price constitutes a duplicate discount — a violation with both regulatory and financial consequences that has received increasing enforcement attention.
4. Contract pharmacy complexity: Each contract pharmacy location introduces additional compliance obligations around patient eligibility verification, prescription attribution, and inventory management that must be actively monitored.
5. A shifting legal landscape: Federal courts and Congress continue to shape the legal boundaries of the 340B program through rulings and proposed legislation, requiring covered entities to stay current with developments that can affect operations quickly.

---

Section 02

The Four Core Pillars of 340B Compliance

Most 340B compliance failures can be traced back to gaps in one of four foundational areas. Understanding each — and what strong controls look like — is essential for every covered entity.

1. Patient eligibility verification

The foundational requirement of 340B compliance is ensuring drugs are dispensed only to eligible patients. HRSA’s patient definition requires a documented relationship between the patient and the covered entity: the patient must have received services at the covered entity and the covered entity must be responsible for that individual’s care.

Operationally, this means:

• Real-time eligibility verification at the point of dispensing
• Clear written policies defining what constitutes a qualifying patient encounter
• EMR integration between pharmacy dispensing systems and patient records
• Regular audits of dispensed prescriptions against documented eligibility criteria

Patient eligibility failures — dispensing 340B drugs to individuals who don’t meet the definition — are among the most common HRSA audit findings. Automating verification through integrated technology dramatically reduces error rates and audit exposure.

2. Duplicate discount prevention

The prohibition on duplicate discounts — billing Medicaid for a drug purchased at the 340B price — is one of the program’s most technically complex requirements. The intersection of state Medicaid programs, managed care organizations (MCOs), and 340B purchasing creates compliance risk that is difficult to manage without systematic controls.

Effective duplicate discount prevention requires:

• Accurate identification of Medicaid-insured patients at the point of dispensing
• A clearly documented and consistently applied carve-in vs. carve-out decision
• Coordination with Medicaid managed care plans on claims adjudication procedures
• State-specific billing rules addressed in written policies and operational procedures
• Ongoing claims monitoring to detect and remediate any duplicate discount instances proactively

3. Contract pharmacy compliance

Contract pharmacy arrangements allow covered entities to extend 340B benefits to patients who fill prescriptions at community pharmacies — expanding access significantly for many health systems. But each arrangement introduces compliance obligations that must be actively managed, not assumed to be handled by the pharmacy partner.

• Written agreements that specify roles, responsibilities, and data-sharing protocols in detail
• Prescription attribution processes ensuring only qualifying patients’ prescriptions are purchased at 340B prices
• Inventory methodology (ship-and-bill, virtual inventory, or replenishment) clearly defined, documented, and consistently applied
• Regular reconciliation of 340B purchases against dispensing records by location
• Manufacturer restriction monitoring to track which drugs and manufacturers have restricted contract pharmacy access

4. Split billing and inventory controls

Covered entities operating both 340B and non-340B inventory — common in hospitals and outpatient pharmacies — must implement split billing controls that ensure only eligible patients receive 340B-priced drugs. Weaknesses in this area create both diversion risk and financial exposure.

Split billing control checklist

• Clear segregation or virtual accounting of 340B and non-340B inventory
• Pharmacy system configurations enforcing correct inventory selection at dispensing
• Regular physical or virtual inventory audits to verify accuracy
• Written policies documenting the split billing methodology
• Staff training on correct inventory selection procedures

---

Section 03

Audit Readiness: Preparation as a Continuous Practice

HRSA audits can occur with limited advance notice. Covered entities that treat audit preparation as an ongoing operational discipline — not a one-time event — consistently demonstrate stronger outcomes.

What HRSA audits examine

HRSA’s audit protocol focuses on four primary compliance areas:

• Patient eligibility: Are drugs dispensed only to patients who meet HRSA’s patient definition?
• Duplicate discounts: Is the covered entity billing Medicaid for 340B-purchased drugs?
• Diversion: Are 340B drugs being dispensed to ineligible individuals or entities outside the program?
• Contract pharmacy compliance: Are contract pharmacy arrangements properly managed, documented, and reconciled?

Best Practice: Conduct internal mock audits at least annually, simulating HRSA’s audit methodology and documentation requests. Organizations that self-identify and remediate issues before a formal audit demonstrate good-faith compliance efforts that can favorably influence outcomes.

Documentation that auditors will request

Comprehensive, accessible documentation is the practical foundation of audit readiness. Covered entities should actively maintain:

• Eligibility policies and procedures — written, approved, and dated
• Contract pharmacy agreements — current, signed, and immediately accessible
• Medicaid carve-in/carve-out elections — documented and verifiably applied consistently
• Patient eligibility verification records — tied to specific encounter dates
• Inventory reconciliation reports — regularly generated and systematically retained
• Staff training records — documenting education on 340B requirements by role

How technology transforms audit readiness

Manual compliance processes introduce both operational risk and the administrative burden of assembling documentation under audit pressure. Purpose-built 340B platforms transform the audit experience by:

---

Section 04

Technology-Enabled 340B Compliance: What to Look for in a Platform

General pharmacy management systems were not designed with 340B compliance in mind. The operational complexity of patient eligibility verification, Medicaid management, contract pharmacy attribution, and split billing requires purpose-built functionality to manage reliably at scale.

When evaluating 340B compliance technology, covered entities should prioritize platforms that deliver:

Real-time patient eligibility verification

Integration with covered entity EMR systems allows eligibility to be verified at the moment of dispensing — ensuring only patients with qualifying encounters receive 340B-priced drugs. This creates both operational reliability and a defensible documentation record for every dispensed prescription.

Automated Medicaid identification and duplicate discount prevention

The platform should automatically identify Medicaid-insured patients and apply the covered entity’s carve-in or carve-out election without manual intervention. Removing the reliance on individual staff judgment eliminates the inconsistency that creates duplicate discount exposure.

Contract pharmacy network management

For covered entities operating multi-location contract pharmacy networks, the platform should provide centralized management of attribution rules, inventory methodologies, and dispensing reconciliation. As manufacturer drug restrictions evolve, the platform should provide current guidance on contract pharmacy eligibility by drug and manufacturer.

Compliance dashboards and reporting

Compliance leaders need visibility into program performance through configurable dashboards that continuously track:

• Eligibility verification rates and exception counts by location
• Medicaid billing activity and duplicate discount risk indicators
• Contract pharmacy utilization and reconciliation status
• Savings capture rates compared to program potential
• Audit-ready documentation completeness by category

---

Section 05

Building a Sustainable 340B Compliance Program

Technology is a critical enabler — but durable program integrity requires a broader organizational foundation. Covered entities that sustain strong compliance outcomes share four structural characteristics.

Designated compliance oversight

High-performing covered entities designate a 340B coordinator or compliance officer with clear authority and accountability for program oversight. This role serves as the internal expert, manages external relationships with third-party administrators (TPAs) and contract pharmacies, and ensures policies reflect current regulatory requirements.

Cross-functional governance

340B compliance intersects pharmacy operations, finance, billing, and compliance functions. Effective programs establish a cross-functional governance structure — often a 340B steering committee — that ensures alignment across departments and elevates compliance issues to appropriate leadership before they become material risks.

Ongoing staff training

HRSA expects that covered entity staff who interact with the 340B program understand their compliance obligations. Regular training for pharmacy staff, billing teams, and relevant clinical personnel is both a regulatory expectation and a practical risk-reduction measure. Training records are also a standard documentation request during HRSA audits.

Proactive regulatory monitoring

The 340B regulatory landscape evolves continuously through HRSA guidance, federal court decisions, and congressional activity. Covered entities should establish a process for monitoring regulatory developments and rapidly assessing the operational impact of changes — rather than reacting after the fact.

Program Maturity Indicator: A strong 340B compliance program is characterized by documented policies, automated controls, designated oversight, regular internal auditing, and cross-functional governance. Programs with all five elements in place are significantly better positioned for HRSA audits and long-term program sustainability.

---

Frequently Asked Questions

340B Compliance: Common Questions Answered

What is 340B compliance?

340B compliance refers to the requirements covered entities must meet to legally participate in the 340B Drug Pricing Program. This includes ensuring drugs are dispensed only to eligible patients, preventing duplicate discounts when billing Medicaid, maintaining proper contract pharmacy arrangements, and keeping documentation available for HRSA audits.

What are the most common 340B audit findings?

The most frequently cited HRSA 340B audit findings involve patient eligibility violations (dispensing to patients who don’t meet HRSA’s definition), duplicate discounts (billing Medicaid for 340B-purchased drugs), drug diversion, and contract pharmacy compliance failures. Automated eligibility verification and regular internal audits are the most effective tools for reducing these risks.

What is a duplicate discount in the 340B program?

A duplicate discount occurs when a covered entity bills Medicaid for a drug that was already purchased at the discounted 340B price. This is prohibited because the manufacturer would then be required to provide two discounts on the same drug — the 340B acquisition price and the Medicaid rebate. Duplicate discounts can result in mandatory repayment and increased HRSA oversight.

How do covered entities manage contract pharmacy 340B compliance?

Effective contract pharmacy compliance requires written agreements defining roles and data-sharing, prescription attribution processes that ensure only eligible patients’ prescriptions are filled at 340B prices, a documented and consistently applied inventory methodology, regular dispensing reconciliation, and monitoring of manufacturer drug restrictions that may affect contract pharmacy eligibility.

How does technology improve 340B compliance outcomes?

Purpose-built 340B platforms like Bluesight’s 340BCheck automate patient eligibility verification, apply Medicaid carve-in/carve-out elections without manual intervention, manage multi-location contract pharmacy networks, generate real-time compliance reports, and maintain audit-ready documentation. Health systems using dedicated 340B software consistently report fewer compliance exceptions and stronger audit outcomes than those relying on manual processes.

What happens if a covered entity fails a HRSA audit?

HRSA audit findings can result in required repayment of 340B savings on non-compliant transactions, mandatory corrective action plans, increased monitoring and follow-up audits, and in severe cases, termination from the 340B program. Early self-identification and remediation of compliance issues — before a formal audit — can significantly influence outcomes.

Ready to strengthen your 340B compliance program?

See how Bluesight’s 340BCheck platform helps covered entities automate eligibility verification, prevent duplicate discounts, and stay audit-ready — without the manual burden. Explore 340BCheck or talk to a 340B compliance expert.