Audit Pressure Mounts for 340B Programs as Compliance Platforms Aim to Keep Up

The 340B Drug Pricing Program has long served as a financial lifeline for safety-net hospitals, federally qualified health centers, and other covered entities serving vulnerable populations. By allowing eligible providers to purchase outpatient drugs at steep discounts, the program helps organizations stretch limited resources further into their communities.

“HTA [Healthcare Transformation Alliance] believes that Section 340B should be used for its intended purpose: to provide support for health care providers who treat a high number of lower-income patients,” wrote Robert Andrews, CEO of the HTA, in a statement to The American Journal of Managed Care^® (AJMC^®). “We would welcome reforms that steer more resources toward this purpose and away from other priorities, such as high-margin specialty services and procedures. When low-income patients receive better care, our health system benefits—patients, providers, insurers, and employers. But when funds are diverted, each of these groups suffers.”

But the operational reality of administering a 340B program in 2026 looks very different from even a few years ago, and the compliance burden has grown accordingly.

Against this backdrop, Bluesight, a hospital intelligence software company, has launched a fully redesigned version of its 340BCheck platform. The release is positioned as more than a product refresh. The company describes it as a shift in what effective 340B compliance requires.

A Compliance Crisis in the Data

The numbers paint a stark picture. In fiscal year (FY) 2025, the Health Resources and Services Administration (HRSA) audited 115 covered entities, and 49% received adverse findings, or nearly 1 in 2 programs had a 340B compliance issue last year.¹ Although that figure represents an improvement from the prior year, it underscores that compliance failures remain widespread and persistent across the sector.

What's driving those failures is particularly telling. The 2 most common causes of adverse findings are incorrect Office of Pharmacy Affairs Information System (OPAIS) records and inaccurate Medicaid Exclusion File declarations. Both are administrative issues and require ongoing maintenance that most entities underresource. The OPAIS problem, in particular, has proven stubbornly persistent: among covered entities with adverse findings in FY2025, incorrect OPAIS records appeared in 75% of cases.

The audit process itself is not random. Approximately 90% of HRSA audits are risk-targeted based on HRSA's proprietary criteria, not random selection. Risk factors include tip submissions from stakeholders, data anomalies in OPAIS, contract pharmacy arrangement complexity, and prior adverse audit history. The 68% re-audit failure rate indicates that entities with prior findings face a substantially elevated risk of reselection.²

Beyond Transaction Auditing

The new Bluesight platform has its roots in technology originally developed by Sectyr, with the former expanding the platform's capabilities, including the launch of a 100% transaction audit capability in 2025. Now included are full transaction auditing across patient, provider, and location definitions; OPAIS database synchronization; contract pharmacy and pharmacy service agreement management; Medicare cost report maintenance; Medicaid exclusion file validation; policy and procedure management; mock HRSA audits; and integrated documentation and task management. Mock HRSA audits is intended to simulate what HRSA would look for before an auditor ever arrives.

“A lot of people are focusing on what may be considered to be the most time-consuming or onerous piece of the perception of staying compliant, which is doing self- or mock audits of your actual transactions,” said AJ Rivosecchi, PharmD, product director, Bluesight, in an interview with AJMC. “When you look at the overall landscape of what's expected of a 340B-covered entity, that really only makes up 1 piece of what compliance is, so it creates this gap where covered entities end up so indexed on 1 piece of compliance and solving it that they kind of lose the forest for the trees of the overall program compliance.”

A Regulatory Environment in Flux

The compliance pressure that covered entities face isn't limited to routine HRSA audits. The broader regulatory environment around the 340B program has grown significantly more complex and, in some respects, more volatile over the past 18 months.

One of the most significant disruptions has been the proposed 340B Rebate Model Pilot Program. HRSA's Office of Pharmacy Affairs issued requests for proposals on August 1, 2025, for a new rebate-based pilot model covering 10 drugs subject to Medicare Fair Pricing.³ HRSA approved 9 manufacturers' models by October 30, 2025, and approved Novartis shortly thereafter.

However, on December 29, 2025, just 3 days before the pilot was scheduled to launch, a federal judge granted a nationwide preliminary injunction, halting implementation.⁴ On February 10, 2026, the US District Court for the District of Maine vacated and remanded to HHS the 340B Rebate Model Pilot Program Application Notice, wiping out the HRSA notices and manufacturer approvals altogether.⁶ HRSA subsequently issued a Request for Information to gather input from interested parties regarding the potential use of rebates to effectuate the ceiling price under the 340B Program, with the comment period closing on April 20, 2026.

The rebate model episode, even in its failed first iteration, signaled the direction of regulatory travel. For covered entities, a rebate-based structure would require new documentation layers, tighter transaction-level controls, and closer alignment between 340B program data and financial workflows, the kind of operational complexity that compliance platforms are designed to absorb.

With continued manufacturer restrictions on contract pharmacy shipments, heightened HRSA scrutiny, and an increase in the volume of auditable data, the risk of noncompliance has never been higher.⁷ At the state level, 13 states enacted 340B contract pharmacy access laws in 2025 alone, while 7 passed provider reporting requirements, adding yet another layer of jurisdiction-specific compliance obligations for multistate health systems.⁸

Scaling Compliance Without Scaling Staff

One of the structural challenges driving demand for new compliance tools is a mismatch between growing program complexity and static team sizes. As covered entities expand their 340B programs, capturing a greater share of eligible transactions and adding contract pharmacy arrangements, the volume of auditable activity grows—but compliance teams rarely grow with it.

Common compliance challenges include complex billing structures across multiple payers and pharmacies, documentation gaps in patient records that create audit vulnerabilities, data integration issues between electronic health record systems, pharmacy dispensing software and finance departments, and administrative strain on accounting and compliance teams as audit requests increase.⁷

The American Hospital Association has noted that HRSA performs approximately 200 audits annually, with around 160 targeting 340B hospitals, roughly 6% of participating hospitals.⁹ For organizations that fall within that audit pool, the ability to produce documentation quickly and demonstrate a continuous compliance posture has become a differentiating factor.

What Continuous Compliance Looks Like in Practice

“Continuous compliance" has become something of an industry catchphrase in the 340B space, but the gap between aspiration and execution remains wide for many organizations. The challenge is that compliance in a 340B context isn't a single activity but a set of ongoing processes that span patient eligibility verification, transaction auditing, OPAIS record maintenance, contract pharmacy oversight, Medicaid exclusion file management, and policy documentation, each touching different systems and different teams.

Platforms that address only 1 slice of this picture create fragmented compliance postures, where an organization might pass a transaction audit but fail on documentation gaps or OPAIS inaccuracies, precisely the findings that have dominated recent HRSA audit reports.^1,2

Bluesight goal in updating 340BCheck is to bring these functions into a, workflow-driven interface designed around how HRSA conducts audits, rather than how compliance software has traditionally been architected. The mock HRSA audit capability is particularly significant in this regard, in that is operationalizes the audit standard into a regular organizational practice rather than a periodic, high-stakes event.

“We term compliance events broken into 6 buckets, and the way we designed that is when you get audited by HRSA, they present you with what's called a data request list, and [it] says all the stuff that you need to have ready for us to do an audit,” explained Rivosecchi. “We really took that and worked backward, not just [at] the transactional auditing, but everything they're going to ask for. Let's turn those into these compliance event buckets, and then have a workflow that says, ‘How do we make sure you're always ready?'“

References

1. Gilman S. Top HRSA audit findings in FY2025. 340B Report. May 7, 2026. Accessed May 22, 2026. https://340breport.com/top-hrsa-audit-findings-in-fy2025-sponcon-bluesight/
2. 340B program integrity and audit readiness. Integral Healthcare Solutions. Updated April 2026. Accessed May 22, 2026. https://www.integralhs.com/340b-program
3. Lesnick L, Kuperberg S. HRSA pauses 340B rebate model pilot program. Feldesmen. January 2, 2026. Accessed May 26, 2026. https://www.feldesman.com/hrsa-pauses-340b-rebate-model-pilot-program-following-federal-court-order/
4. The 340B rebate model: what just happened and what comes next." PharmaForce. Accessed May 26, 2026. https://thepharmaforce.com/blog/the-capture/the-340b-rebate-model-what-just-happened-and-what-comes-next
5. 340B drug pricing program. HRSA Office of Pharmacy Affairs. Updated May 2026. Accessed May 26, 2026. https://www.hrsa.gov/opa
6. The complete guide to 340B program compliance in 2026: HRSA audits, key requirements & proven strategies. GATP Solutions. January 8, 2026. Accessed May 26, 2026. https://gatpsolutions.com/blog/the-ultimate-guide-to-340b-program-compliance-in-2025/
7. Young S. 2025 in review: 13 states enacted 340B contract pharmacy access laws and 7 passed provider reporting requirements. 340B Report. December 18, 2025. Accessed May 26, 2026. https://340breport.com/2025-in-review-13-states-enacted-340b-contract-pharmacy-access-laws-and-7-passed-provider-reporting-requirements/
8. More drug company oversight needed to maintain compliance with 340B program rules. American Hospital Association. Accessed May 26, 2026. https://www.aha.org/guidesreports/2025-06-16-more-drug-company-oversight-needed-maintain-compliance-340b-program-rules
9. HRSA 340B audits: insights from recent reports. 340B Health. April 2, 2026. Accessed May 26, 2026. https://www.340bhealth.org/events/hrsa-340b-audits-insights-from-recent-reports-reg/