CAA 2026 Required What We've Done Since 2011.
The Consolidated Appropriations Act of 2026 mandates that PBMs pass through 100% of rebates, disclose all compensation, and operate as ERISA fiduciary covered service providers. Appro-Rx has operated this way since founding. Not because the law required it. Because we believed it was right.
CAA 2026 Requirement
100% rebate and remuneration pass-through to ERISA plans.
Appro-Rx Status
Compliant since 2011
How Appro-Rx Meets It
Fixed PMPM fee model with no retained rebates — by design.
CAA 2026 Requirement
PBMs classified as ERISA Section 408(b)(2) covered service providers — must disclose all compensation.
Appro-Rx Status
Compliant
How Appro-Rx Meets It
Full compensation disclosure in every client contract — one fee, one line.
CAA 2026 Requirement
Semiannual reporting of drug pricing, spread, rebate, and compensation data.
Appro-Rx Status
Compliant
How Appro-Rx Meets It
Real-time data access — not periodic reports — supplemented by required formal reporting cadences.
CAA 2026 Requirement
Plan sponsor audit rights for rebate verification.
Appro-Rx Status
Compliant
How Appro-Rx Meets It
Full audit rights built into every client agreement and contractually enforceable.
CAA 2026 Requirement
Plain-language, machine-readable reporting.
Appro-Rx Status
Compliant
How Appro-Rx Meets It
Plain-language analytics and exportable formats are standard.
HIPAA Is the Floor. We Built a Clean Room.
- Notice of Privacy Practices (NPP): Full HIPAA-compliant NPP available — compliant with 45 CFR § 164.520 and the February 2026 HHS template.
- Business Associate Agreements (BAA): We execute a BAA with every client before handling any PHI. Request a BAA template through our compliance contact.
- Secure Prior Authorization Submission: All clinical documentation submitted through HIPAA-compliant encrypted portal — not unsecured email or fax.
- HIPAA Privacy Officer: Available for compliance inquiries. Contact info on the Compliance page footer.
- Breach Notification: Procedures aligned with 45 CFR §§ 164.400-414. Plan sponsors notified within required timeframes.
- Appro-Rx manages RxDC data collection and CMS submission for client health plans.
- Annual deadline: June 1 (covering the prior calendar year).
- Appro-Rx registers with HIOS and coordinates all required filings.
- Clients receive confirmation of submission and may request copies of submitted data.
- Contact our compliance team to confirm your plan's RxDC responsibilities and our handling process.
Appro-Rx holds PBM registrations and licenses in the states where they are required. Below is a developer-populated table reflecting current licensure status. If your state is not listed or you have a question about licensure, contact our compliance team.
As a covered service provider to ERISA group health plans, Appro-Rx provides a written disclosure of all direct and indirect compensation prior to entering any service arrangement. This disclosure is delivered automatically as part of our standard contracting process. Request our standard 408(b)(2) disclosure package: compliance@approrx.com.
Appro-Rx is committed to WCAG 2.1 AA compliance for this website. We actively audit for accessibility and encourage feedback. If you encounter any accessibility barriers, please contact support@approrx.com or call 866-900-3711.
Compliance Email: compliance@approrx.com
Phone: 866-900-3711
Mailing Address: Appro-Rx LLC, Attn: Compliance, 415 S. Main Street, Waynesville, OH 45068
