Best Practices for Including Audit Terms in Your PBM Contract

By Steve Baumgardner & Derek Frye
Tue, Dec, 17, 2019

Conducting regular audits of your PBM is one of the best strategies health plans can use to make sure the PBM is fully delivering on its contractual terms. In order to successfully implement an audit strategy, audit rights have to be negotiated with the PBM, and it’s not uncommon for health plans to unknowingly let the PBM gain the upper hand in specifying audit terms.

Therefore, health plans should ensure that their PBM contracts not only allow audits, but include specific provisions indicating how, when, for what purpose, for what length of time, and by whom such audits can be conducted. In other words, audit rights contract language should be specific and not left open to interpretation by the PBM at a later date.

The following information should help health plans gain a better understanding of the importance of paying close attention to audit terms specified during the PBM contracting process, best practices for maximizing your audit rights, and common pitfalls to avoid.

  • Always start your PBM procurement or PBM contract renewal process with an audit plan in mind or a “wish list” of specific PBM problem areas you would like to have audited.
  • Engage your compliance department in the procurement process so they can provide important materials to review to help identify specific areas or issues you might want to have audited in the future.
  • Keep in mind that audit terms language is often contained as a standalone exhibit or attachment within the main contract. However, PBMs will often insert language throughout the body of the main contract that could greatly limit your audit rights, so be sure to review all contract language carefully.
  • Health plans can often renegotiate their audit terms during renewals or even in mid-cycle, so don’t hesitate to raise this with your PBM account manager.

Although there are numerous areas of the PBM contract that can and should be audited, the three most important broad areas are rebates, claims, and compliance. The following tips are related to each of these specific audit areas.

BFG-Maximize Savings-blog-offer-011320 (3)


  • PBMs will require a rebate audit to be done by an independent, outside firm. Make sure the PBM does not impose additional limits such as a requirement to use “a top five accounting firm.” Such language can be open to interpretation (which firms are among the top five) or force you to use a firm that does not have the most specialized expertise to help you accurately identify any issues.
  • Make sure you can conduct a rebate audit at least once a year, can audit any one-year period (not limited to within a calendar year only), and not be subject to audit black out periods by the PBM.
  • Make sure your rebate audit will examine at least 50% of rebate dollars spent. This will often include the top five manufacturers.
  • Specify that the look back period for the audit can be for at least one year, preferably two years if “significant” errors are identified. Be specific in defining “significant” (i.e., greater than $500,000 or some other determined amount).
  • Make sure you have the right to audit not just the PBM’s rebates but the actual rebate invoicing and collections performed by any rebate aggregators the PBM might utilize.
  • Specify in the audit terms your right to audit rebates that would still accrue to your plan in the months following contract termination.
  • Make sure your contract allows you access to the detailed data files that substantiate the rebate and admin fee amounts submitted to CMS annually for the direct and indirect remuneration (DIR) reporting; often clients learn “the hard way” that they have no insight into how the PBM compiled the DIR reporting (because PBMs will not share any DIR reporting if they compiled only at a “book of business” level – request that detailed data files be available for your specific account).
  • Consider separate audit rights for any of your downstream clients (e.g., employer groups, or ASO clients, etc.), so that if a client of the health plan conducts a rebate audit specific to their group, it doesn’t prohibit you (as the health plan) from conducting your own audit of the PBM.

Claims (Pricing and Benefits)

  • Be wary of offset language in the contract related to areas such as discounts and pricing fees. Often, if a PBM “over performs” in one area, they will use that to “offset” or “cancel” out other areas in which they underperform. You should be able to audit each of these areas separately, and if offsetting is allowed, make sure you understand exactly which components can offset one another (otherwise you’re giving the PBMs a set of levers they can use to adjust performance without you knowing about it).
  • Include corrective action timelines linked to performance guarantees in the contract in the event the audit uncovers issues, otherwise, the PBM could take 18 months or more to fix any problem identified.
  • As with rebate audits, conduct a claims audit at least once annually, avoid blackout dates, and have a look back period of at least one year, preferably two for “significant” errors such as incorrect inclusion/exclusion categories.
  • Make sure the audit terms specify review of at least 200 discrepancies per line of business (commercial, Medicare, etc.) in order to ensure a large enough number of potentially discrepant claims will be reviewed by the PBM when your auditors send back claims they suspect to be an issue.
  • Be aware that any audit can take 180 days or longer given the time durations PBMs reserve for themselves along different points in the audit process. Also be mindful of any contract clauses that might prohibit your plan from initiating an audit in another area while a separate audit is still pending.
  • Similar to rebate audits, make sure a claims audit conducted by a downstream client of the health plan does not prohibit you, the health plan, from conducting your own claims audits.
  • Be sure you understand when, exactly, a PBM can charge you “data access fees” or “audit support fees”, and specify what those fees might be, rather than leaving them open to interpretation (e.g., avoid phrases like “reasonable fees will be assessed from PBM to Client in support of a claims audit.”).


  • CMS program and state-based audits undergo significant changes each year, making scope and audit timelines unpredictable. Design your audit terms so your plan will have enough time to review the PBM’s work before you submit to the requesting agency. For example, specify that the PBM must deliver its work to you several days before the CMS-requested deadline, not by the CMS deadline.
  • Make sure your audit rights mirror regulatory audit protocols such as those used by CMS. For example, if your PBM allows a formulary administration mock audit, make sure the PBM will provide as much time for the audit as you expect you’d need in the formal audit CMS would conduct.
  • Negotiate a look back period of at least one year, but specify longer periods for areas considered to be at high compliance risk, such as complaints or miscoding of formulary rules. Make sure you can look back far enough to identify any potential issues before the government agency does.
  • Design performance guarantees into your audit terms requiring the PBM to disclose any pending dispute issues right away. Many PBMs try to negotiate disputes with the government on the plan’s behalf. But if the PBM doesn’t disclose that dispute right away, the plan could find itself owing the government money years down the road.

Having the appropriate audit terms in your PBM contract is essential for maximizing health plan leverage.When used as part of a multi-year PBM audit strategy, including audit rights language in the contract enables health plans to avoid leaving money on the table, identify errors early so they can be corrected, and reduce compliance risks.Having strong audit rights also helps plans protect their members and ensure that both the plan and its members are getting the highest levels of PBM service available.

BFG-Contact-blog-offer-011320 (2)