The Simplest Way to Know If Your PBM Is Transparent
Executive Brief
Here’s a question telling you everything you need to know about your PBM relationship:
Can you audit them without restrictions?
If the answer requires a paragraph of qualifications, they’re not transparent. Those qualifications exist to protect their revenue, not your participants.
This week, I’m walking through the specific audit restrictions we’ve found in contracts. Some are absurd. Some are infuriating. All of them exist for the same reason: to prevent you from verifying what fiduciaries need to monitor.
The Restriction Parade
The ERISA Advisory Council documented PBM audit problems back in 2014. Twelve years later, the DOL’s proposed rule quotes those same findings because the industry hasn’t changed.
Here’s what plan sponsors face when they try to exercise audit rights:
“The exclusion of auditors who the PBM believes hold hostile views.”
Read that again. They can reject your auditor for being too good at finding problems.
“On-site audits are required at PBM headquarters.”
Your auditor has to travel to their location. You cover the cost. They control the environment.
“PBMs limit the auditor to transcribing notes of documents.”
You can’t make copies. Your auditor sits in their conference room and handwrites what they find. No photographs. No digital records. This isn’t an audit. This is theater.
“Confidentiality agreements can be overly broad and put unnecessary burdens on the parties when they prohibit disclosure of information by an auditor to its client plan.”
The auditor can’t tell you what they found. Let that sink in.
Onsite Auditing Restriction
The Numbers Behind the Obstruction
Dr. Susan Hayes, a Professor of Healthcare Ethics and PBM investigator who has consulted with over 1,000 plan sponsors, testified to the ERISA Advisory Council:
“PBMs make it near impossible to audit both their ‘secret agreements’ for rebates with pharmaceutical companies and retail network agreements with pharmacy chains. If the PBM is acting on behalf of the plan sponsor to negotiate rebates or network arrangements, why keep the rebate agreements secret from the entity you are working for?”
The Advisory Council found:
• Audits cost $15,000 to $200,000
• Audits take up to two years to complete
• Audits are often “not meaningful for plan sponsors”
And that’s if you can get one done at all.
Don’t Fall For This Trap
Another obstruction technique is the cost of the audit. Even the otherwise solid DOL proposed rule includes audit costs being split 50/50 between the plan and the PBM.
Sounds fair. But it’s a trap.
The PBM controls their own cost of cooperating. They can staff the audit with expensive senior lawyers. They can require multiple on-site visits extending the timeline. They can slow-walk document production requiring more billable hours.
You’re not splitting the cost of an audit. You’re subsidizing their obstruction.
One solution: each party bears its own costs. You pay for your auditor. They absorb the cost of cooperating with the audit of their own disclosures. Any other structure creates a financial barrier to exercising your rights.
You Signed What?
Here’s the part keeping me up at night.
Even if you fought through every obstacle: the 300-claim caps, the no-extrapolation rules, the approved auditor lists, the on-site-only restrictions. Even if you found spread pricing. Even if you documented it perfectly.
Your contract likely permits it.
Traditional PBM contracts explicitly state they may retain the difference between what they charge you and what they pay the pharmacy. You signed that clause. Your auditor finds $500,000 in spread. The PBM’s response: “That’s our business model. You agreed to it.”
The audit found exactly what the contract permitted.
This is why fiduciary-aligned contract terms are so important. If you’ve already agreed to spread pricing, even the best audit in the world leaves you empty-handed.
What Real Audit Rights Look Like
Contrast everything above with what fiduciary-aligned PBMs offer:
Traditional vs. Transparent
When someone says “we’re transparent” only one question matters: Can I verify everything you tell me, using my own auditor, on my own timeline, with full data access?
If the answer is no, they’re practicing compliance theater.
What to Do First Thing Monday
Pull your current PBM contract and find the audit clause. Read every limitation. Note the sample size caps, approved auditor requirements, notice periods, and scope exclusions. If it runs more than two paragraphs with restrictions, you know what that means.
If you have a fiduciary committee meeting this month, add audit rights to the agenda. Document the discussion. A committee decision to evaluate your audit provisions is a fiduciary action worth recording.
Check your contract for fiduciary red flags. Data restrictions. Spread pricing. Rebate retention. Termination lock-in. These are terms you will either want to remediate or avoid in your next contract.
Use the AI prompt to interview you and generate a personalized comment letter
In Closing
The audit test isn’t complicated. It’s just uncomfortable.
Can you verify what you’re being told? Can you choose who does the verifying? Can you access the data you need without asking permission?
If you’re negotiating audit provisions that require your auditor to transcribe notes by hand in a PBM conference room, you’re not negotiating oversight. You’re negotiating the appearance of oversight.
The difference matters. Plan participants are counting on you to know which one you have.
Here’s to clearer thinking, stronger plans, and better outcomes for the people who rely on us.
All the best,
P.S. The DOL comment deadline has been extended to April 15. If you’ve experienced audit restrictions firsthand, that’s exactly the kind of employer experience the Department wants to hear about. Your story matters more than another industry lobbyist’s talking points.
Subscribe & Share
🔗 Subscribe: Was this newsletter forwarded to you? Signup to receive The Health Plan Compliance Advantage every Monday.
📤 Share: Forward this issue to someone wrestling with PBM oversight.
💸 SPECIAL OFFER: Newsletter subscribers receive 10% off any Validation Institute service. Use code FIDUCIARY10 at checkout.
────────────────────────────────────────
A Note of Appreciation
Dr. Susan Hayes has 40 years’ experience in the health care consulting and pharmacy benefit management industry. Dr. Hayes is a Certified Pharmacy Technician and Accredited Healthcare Fraud Investigator (AFHI) and a Licensed Private Detective.
Don’t be a bystander. Change the status quo and reap the benefits of The Health Plan Compliance Advantage. Schedule an introductory call with us.
