The single most preventable audit exposure is the NDC swap: you bill one manufacturer's NDC while your wholesaler shipped a different manufacturer's version of the same drug. On paper it looks like a discrepancy. Caught early in reconciliation, it is a non-event. Caught by an auditor first, it becomes a finding.
What Triggers a PBM Audit (And How to Be Ready Before One Hits)
A PBM audit rarely arrives without a reason. Understanding the patterns that draw an auditor's attention - and keeping the right records on hand - turns an audit from a fire drill into a routine response.
A pharmacy benefit manager (PBM) audit is not a random act of bad luck. Most audits are selected by analytics: software at the PBM compares your claims against peer pharmacies and flags outliers. A smaller share are truly random. Either way, the pharmacies that handle audits calmly are the ones that already keep the records an auditor will ask for.
Below are the patterns most likely to put your claims under review, and the practical steps that make you audit-ready before any letter arrives.
The most common PBM audit triggers
- High-dollar claims. Expensive brand and specialty medications carry more reimbursement risk, so they are reviewed more often. A spike in high-cost claims relative to your baseline can flag your pharmacy.
- High-volume or unusual NDC usage. A sudden increase in a particular National Drug Code, or billing an NDC that differs from what your purchase records show, is a classic outlier. This is where undetected NDC swaps quietly create audit exposure.
- Refill-too-soon and quantity patterns. Early refills, day-supply mismatches, and quantities that do not reconcile with package sizes are routine flags.
- Dispense-as-written (DAW) codes. Frequent or inconsistent DAW usage draws scrutiny because it affects generic substitution and reimbursement.
- Deviation from peer pharmacies. PBMs benchmark you against similar pharmacies. Being a statistical outlier on cost, mix, or volume is itself a trigger.
- Random selection. Some audits are simply part of routine contractual sampling. You cannot prevent these - but you can be ready for them.
Where the risk hides
What auditors actually ask for
When the audit letter arrives, the request is almost always for evidence tying each flagged claim to a real, properly documented dispensing event. Commonly requested records include:
- Original prescription records and signature logs
- Purchase invoices showing you acquired the drug you billed (including the actual NDC)
- Proof of the quantity and day supply dispensed
- Documentation supporting any DAW code used
- Reimbursement records by PBM and BIN
The pharmacies that struggle are the ones reconstructing this from scratch under a 14 or 30 day deadline. The pharmacies that breeze through already keep it as a byproduct of routine reconciliation.
How to be audit-ready before the letter
- Reconcile every cycle. Match billing against purchasing and reimbursement at the claim level so discrepancies surface immediately, not at audit time.
- Detect NDC swaps automatically. Map NDC families across manufacturers so a swap is flagged the moment it happens, not flagged by an auditor months later.
- Keep an exportable trail. Maintain time-stamped reports by PBM and BIN that you can hand to counsel or the PBM without a scramble.
- Organize source documents. Prescriptions, invoices, and logs should be retrievable by claim, not buried in a filing cabinet.
Software is the data layer of audit defense; a law firm is the legal layer. Reconciliation software like RxDelta does not represent you in a dispute - but it gives you and your counsel the claim-level evidence that turns an audit from a threat into a formality.
Frequently Asked Questions
What is the most common trigger for a PBM audit?
High-dollar and high-volume claims are among the most common triggers, along with billing patterns that deviate from peer pharmacies. PBMs use automated analytics to flag outliers, so a sudden change in your mix of expensive medications or a spike in a particular NDC can draw attention. Random selection also accounts for a portion of audits.
Can a single NDC swap trigger a PBM audit?
A single swap is unlikely to trigger an audit on its own, but undetected NDC swaps create patterns that auditors flag - for example, billing one NDC while purchase records show a different manufacturer's NDC for the same drug. That mismatch is exactly the kind of discrepancy a reconciliation tool surfaces before it ever becomes an audit finding.
How far back can a PBM audit go?
Audit look-back periods vary by PBM contract, but reviews commonly span the prior 12 to 24 months of claims. That is why a continuous reconciliation trail matters: if an audit covers two years of claims, reconstructing the records by hand under a tight response deadline is far harder than producing a record you already maintain.
How do I prepare for a PBM audit before I get the letter?
Reconcile every cycle so billing, purchasing, and reimbursement always match at the claim level; keep your purchase invoices, signature logs, and prescription records organized and retrievable; and maintain exportable reports by PBM and BIN. Pharmacies that reconcile continuously are audit-ready by default rather than scrambling after a letter arrives.
Related reading
Stay Audit-Ready Every Cycle
RxDelta reconciles every claim against your purchases and reimbursement so you keep a continuous, exportable record - the documentation that makes an audit a routine response. Plans from $200/month.