The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
Health Resources and Services Administration
Health Resources and Services Administration

A-Z Index  |  Questions? 

  • Print this
  • Email this

Program Integrity & 340B Program Audits

340B Drug Pricing Program covered entities must ensure program integrity and maintain accurate records documenting compliance with all 340B Program requirements.

HRSA has the authority to audit covered entities for compliance with 340B Drug Pricing Program (340B Program) requirements (42 USC 256b(a)(5)(C)):

Covered entities are subject to audit by the manufacturer or the federal government. Failure to comply may make the 340B covered entity liable to manufacturers for refunds of discounts or cause the covered entity to be removed from the 340B Program.

Audit Number, Duration & Scope

Audit Number 
Only one audit of a covered entity will be permitted at any one time. When HRSA has received a request from a manufacturer to conduct an audit, HRSA will determine whether an audit should be performed by the Government or the manufacturer. 

Audit Duration 
Audits will be performed in the minimum time necessary with the minimum intrusion on the covered entity’s operation. 

Audit Scope 
HRSA’s 340B Program audits review covered entity compliance with respect to eligibility status, including compliance with the Group Purchasing Organization (GPO) prohibition as applicable (see 42 USC 256b(a)(4)(L)(iii)), duplicate discounts, and diversion as defined by42 USC 256b(a)(5)(A) and (B).

Audit Process

HRSA regional auditors conduct 340B Program audit field work for the HRSA Office of Pharmacy Affairs (OPA).


  • Covered entities selected for audit receive an engagement letter explaining what to expect and how to appropriately prepare.
  • HRSA regional auditors conduct an introductory teleconference with the entity to request and obtain specified documents, including policies, procedures, and internal controls.
  • HRSA regional auditors work with the entity to schedule an opening meeting with key covered entity management to discuss expectations for the onsite audit.

Onsite Audit

  • HRSA regional auditors obtain and review select 340B Program data and internal controls.
  • Audit procedures include, at a minimum:
    • review of relevant policies and procedures and how they are operationalized;
    • verification of eligibility, including GPO and outpatient clinic eligibility;
    • verification of internal controls to prevent diversion and duplicate discounts, including how the covered entity defines whether a patient is considered inpatient or outpatient, HRSA Medicaid Exclusion File designations, and accuracy of covered entity’s 340B database record;
    • review of 340B Program compliance at covered entity, outpatient or associated facilities, and contract pharmacies; and
    • testing of 340B drug transaction records on a sample basis.
  • HRSA regional auditors collect the facts throughout the audit but are not authorized to summarize any findings to the entity. Their report to OPA will contain the facts as they understand it and must undergo OPA review. Additionally, any auditor statements made during the audit are not considered final and are subject to change.   

Post Audit

  • HRSA regional auditors forward a preliminary report to OPA for review.
  • OPA reviews the preliminary report, drafts a Final Report and issues the report to the covered entity, with a request for a corrective action plan (CAP), if applicable.

Notice and Hearing

  • After HRSA issues a Final Report, the covered entity has 30 calendar days from the date of the HRSA Final Report to review findings noted in the HRSA Final Report, and to review HRSA’s request for a CAP related to the findings noted.
  • If a covered entity agrees with the Final Report, a covered entity must submit a CAP to HRSA within 60 calendar days for HRSA’s approval.  
  • If a covered entity disagrees with the Final Report, it shall notify HRSA in writing within 30 calendar days with appropriate supporting documentation of the covered entity’s disagreement.  OPA reviews the covered entity’s response and, if appropriate, may reissue the Final Report if changes are made based on documentation submitted.  
  • If an entity fails to submit a CAP, it may be removed from the 340B Program.
  • Once an audit report is finalized by OPA, the findings and any associated corrective action will be summarized on the OPA public website.
  • In addition, once HRSA reviews and approves a CAP, the covered entity will be required to provide HRSA a public letter that outlines the findings involving diversion and/or duplicate discounts, states that repayment may be necessary, and provides a contact person for any questions that may arise.  This letter will be posted on the HRSA website under the CAP column in the audit findings table.   HRSA closes out the audit once the covered entity attests that all repayment is resolved (if necessary) and that the CAP has been fully implemented.   
  • Covered entities whose findings involve repayment will be subject to audit in a year.

Audit Standards

Audit Standards
HRSA has developed a program-specific audit process for its 340B compliance audits. 340B compliance audits are conducted by HRSA Division of Financial Integrity's highly trained program integrity analysts in accordance with this process. Unlike other statutorily authorized programs, the 340B statute does not require HRSA to use Generally Accepted Government Auditing Standards (GAGAS) for 340B Program audits.