How to Write a Corrective Action Plan (CAP) for Your 340B Program

In the world of 340B compliance, mistakes are inevitable—but inaction is inexcusable. The Health Resources and Services Administration (HRSA) expects covered entities to address findings quickly, thoroughly, and sustainably. That’s where a Corrective Action Plan (CAP) becomes the most critical document your organization produces after a compliance review or HRSA audit.

A well-written CAP does more than fix issues—it demonstrates accountability, transparency, and control maturity. When done correctly, it strengthens your compliance infrastructure and safeguards your program from future financial and reputational risk.

This article outlines how to create a comprehensive, HRSA-aligned Corrective Action Plan for your 340B program, with clear steps, templates, and leadership insights.

Why Corrective Action Plans Matter

A CAP serves three purposes:

1. Regulatory Response: It fulfills HRSA’s requirement to respond to audit findings or self-identified compliance breaches.
   
2. Root-Cause Documentation: It shows your ability to diagnose systemic issues, not just symptoms.
   
3. Sustainability: It establishes permanent process improvements that prevent recurrence.
   

In short, your CAP is both a compliance deliverable and an internal roadmap for institutional improvement. For HRSA, it’s evidence that you take 340B integrity seriously. For your leadership, it’s proof that you’re managing risk responsibly.

Step 1: Acknowledge and Define the Issue Clearly

Every CAP begins with a Statement of Finding—a concise restatement of what went wrong, exactly as identified during the HRSA audit or internal self-audit.

Avoid defensive language or generalities. Instead, focus on precision:

• Identify the policy, process, or system involved.
  
• Specify the timeframe affected.
  
• Quantify the scope (number of claims, transactions, or dollars).
  

Example:

“Between July and October 2024, 67 prescriptions dispensed at ABC Contract Pharmacy were ineligible due to misaligned prescriber NPI data in the TPA eligibility file.”

This clarity demonstrates integrity and control awareness—both key E.E.A.T. elements HRSA looks for in CAP submissions.

Step 2: Conduct a Root-Cause Analysis (RCA)

The next step is to explain why the issue occurred—not just what happened. Root-cause analysis transforms reactive fixes into preventive strategy.

A strong RCA will:

• Identify system, process, or training failures.
  
• Trace the breakdown through your workflow (from patient definition to purchasing).
  
• Address cross-departmental touchpoints, such as pharmacy, IT, billing, and compliance.
  

Example Root Causes:

• Split-billing logic not updated after prescriber reassignment.
  
• Policy gap regarding referral capture documentation.
  
• Incomplete reconciliation between EHR and contract pharmacy TPA data.
  

Avoid superficial explanations like “staff error.” HRSA expects demonstration of systemic understanding—that’s how you build trust.

Step 3: Define Specific Corrective Actions

Once the root cause is clear, outline specific, measurable, and achievable actions that directly address it. Each action should answer: Who will do what, by when, and how will success be verified?

Structure your CAP actions in a table or bulleted format for clarity:

#	Corrective Action	Responsible Party	Completion Date	Verification Method
1	Update prescriber NPI matching rules in TPA system	IT/Pharmacy Data Analyst	12/31/2025	Successful validation of TPA logic and test file accuracy
2	Revise 340B SOP section on prescriber eligibility	Compliance Officer	01/15/2026	Approval by Oversight Committee and staff re-training completion
3	Implement quarterly prescriber file reconciliation	340B Program Manager	03/31/2026	Audit log review and sign-off by Compliance

Each action must be traceable to the root cause and verifiable through documentation.

Step 4: Assign Ownership and Accountability

Accountability defines success. HRSA expects to see clearly defined roles in your CAP—who is responsible for implementation, validation, and sign-off.

Best Practice:
Assign a Responsible Owner for each corrective action and a Monitoring Owner (often your compliance or audit department).

Document these assignments formally within your CAP and communicate expectations to each stakeholder.

Step 5: Establish Measurable Outcomes

A CAP without metrics is an aspiration, not a plan. Each corrective action should include a measurable result to confirm effectiveness.
Examples:

• “Zero NPI mismatches in next quarterly reconciliation.”
  
• “100% staff training completion with documented attestation.”
  
• “No repeat findings in next HRSA audit cycle.”
  

Align metrics to compliance indicators that leadership already tracks—such as diversion rates, duplicate discount errors, and contract pharmacy reconciliation accuracy.

Step 6: Build a Monitoring and Verification Framework

Your CAP must show how corrective actions will be monitored after implementation. This typically includes:

• Periodic self-audits or QA reviews.
  
• Dashboard tracking of error metrics.
  
• Review by your 340B Oversight Committee or Compliance Committee.
  
• Sign-off by your Authorizing Official (AO) once verified.
  

A CAP is only considered closed when verification demonstrates that the fix is effective and sustainable.

Step 7: Communicate and Train

Training is often the missing link between policy and performance.
Include a training component that ensures all relevant personnel understand the updated process. Document:

• Training audience and dates.
  
• Materials used.
  
• Completion and attestation records.
  

HRSA auditors often request evidence of staff education as proof that your CAP reached the operational level.

Step 8: Integrate CAP Lessons into Your Policy Framework

Sustainable compliance depends on institutional learning. Once a CAP is complete, update your policies, SOPs, and governance documentation to prevent regression.

Your Oversight Committee should review all CAPs quarterly to identify patterns or systemic gaps that need broader attention. This practice strengthens enterprise risk management and ensures continuous improvement.

Step 9: Document Everything for HRSA Transparency

Every CAP should include:

• Original finding statement.
  
• Root-cause analysis summary.
  
• Corrective actions, owners, and timelines.
  
• Verification and closure evidence.
  

Maintain digital and physical versions in your central compliance repository for at least five years. If HRSA or a manufacturer requests documentation, immediate retrieval builds confidence and reduces follow-up inquiries.

Step 10: Conduct a CAP Effectiveness Review

Finally, evaluate your CAP’s success 6–12 months after closure. This internal review ensures the corrective action had its intended effect and that controls remain stable.

Use your self-audit or mock-audit program to confirm no recurrence. If findings reappear, adjust your control strategy—proof that your organization is evolving with experience.

---

Example CAP Framework Summary

1. Finding: 67 ineligible prescriptions due to NPI mismatch.
   
2. Root Cause: Prescriber file not synchronized with TPA.
   
3. Actions: File logic update, staff retraining, quarterly reconciliations.
   
4. Metrics: Zero mismatches over two consecutive quarters.
   
5. Verification: Compliance audit validated new logic and accuracy.
   
6. Status: Closed, with policy revision logged and verified.
   

Building a CAP Culture, Not Just a Document

The strongest 340B organizations treat CAPs as learning tools, not punishments. They analyze patterns across audits, identify high-risk workflows, and create playbooks for future responses.

A proactive CAP culture:

• Builds trust with HRSA and leadership.
  
• Reduces repeat findings.
  
• Strengthens interdepartmental communication.
  
• Improves patient access and financial sustainability.
  

If your team needs to build a CAP framework or refine existing audit response workflows, Cooper Strategy can help design structured, evidence-based solutions.
Start your CAP development conversation today: Contact Cooper Strategy

Frequently Asked Questions About How to Write a Corrective Action Plan (CAP) for Your 340B Program

1. What is a Corrective Action Plan (CAP) in the context of a 340B audit?

A CAP is a formal document outlining how a covered entity will correct deficiencies identified during an HRSA audit or internal review. It details each finding, root cause, corrective action, responsible parties, and completion timeline. The CAP serves as both a compliance deliverable and a strategic improvement plan, proving to HRSA that the organization has resolved identified issues and strengthened internal controls. Effective CAPs not only close gaps but also institutionalize safeguards that prevent recurrence, improving overall compliance maturity and audit resilience across all 340B operations.

2. How quickly must a CAP be submitted after receiving HRSA audit findings?

HRSA typically requires CAP submission within 30 calendar days after receiving the official audit report. However, timelines may vary depending on HRSA’s instructions and the severity of findings. Covered entities should begin drafting immediately upon receiving preliminary results to avoid rushed or incomplete plans. The most successful organizations maintain a CAP template and response team ready to act, ensuring high-quality submissions that meet HRSA’s expectations. Timely submission signals strong governance and accountability—two critical pillars HRSA looks for during program integrity evaluations.

3. What are the most common mistakes covered entities make when writing a CAP?

Common CAP pitfalls include vague language, missing root-cause analysis, unrealistic deadlines, and lack of verification methods. Some organizations list corrective actions without specifying who is responsible or how success will be measured. Others fail to connect CAP actions back to updated policies or training initiatives. HRSA reviewers expect detail, accountability, and evidence of sustainability. Avoid generic phrases like “staff retrained” without proof of attendance or testing. A high-quality CAP reads like a project plan—clear, actionable, documented, and traceable through completion and verification.

4. How should leadership monitor the progress of a CAP once it’s submitted?

Leadership should embed CAP oversight into regular compliance or 340B Oversight Committee meetings. Each corrective action should have defined milestones, owners, and completion evidence reviewed periodically until closure. Use dashboards or trackers to visualize progress. If delays occur, document reasons and updated timelines. Once all actions are implemented, conduct a CAP Effectiveness Review—a post-implementation audit to verify results. This governance model not only keeps leadership informed but also proves to HRSA that accountability and continuous monitoring are part of your compliance culture.

5. How can Cooper Strategy help develop or review a Corrective Action Plan?

Cooper Strategy assists covered entities and hospitals with developing, validating, and executing Corrective Action Plans that withstand HRSA scrutiny. Our experts translate audit findings into targeted, measurable, and sustainable actions—integrating governance, data validation, and training frameworks. We also conduct mock HRSA audits and CAP effectiveness reviews to ensure corrective measures close the loop. Whether you’re responding to a formal audit or self-identified issue, our team helps you structure your CAP for clarity, completeness, and credibility.
Get expert guidance today: Contact Cooper Strategy