Rivera
Rivera

Contract variance vs. systemic integrity: why the difference matters in PBM oversight

Pharmacy benefit manager (PBM) oversight is getting more attention than it has in years. Rising drug costs, high-profile enforcement actions, and the surge of GLP-1 therapies have health plans asking a version of the same question: are we actually paying claims the way we should be?

The answer depends on what kind of oversight the plan has in place. Two approaches are often discussed interchangeably, but they measure fundamentally different things: contract variance and systemic integrity. Understanding the distinction is essential for health plans that want to move beyond reactive recovery and toward continuous accuracy in their pharmacy spend.

What contract variance oversight measures

Contract variance asks whether the PBM executed the terms of the written agreement. Did the PBM hit its rebate guarantee? Did it meet the generic dispensing rate target? If the contract limits GLP-1 coverage to Type 2 diabetes indications, were claims for weight-loss use correctly excluded?

These are straightforward, measurable questions. The contract defines the expectation. The claims data shows whether the PBM met it. When findings surface, the dollars are quantifiable and responsibility is clear.

Contract variance is where most oversight programs start, and for good reason. The findings are concrete, defensible, and directly tied to the PBM's contractual obligations. But contract variance only covers what the written agreement explicitly addresses, with independent review typically happening once a year through the annual audit or once per contract cycle. That cadence allows months, and sometimes years, of drift to accumulate before anyone knows to look.

A health plan can have an airtight contract and still have operational issues quietly affecting payment accuracy every day. Contract variance won't find those.

What systemic integrity monitoring uncovers

That raises a fair question: if contract variance checks whether the PBM kept its commitments, what else is there to monitor? The gap is in the difference between what a contract can define and how the PBM's systems actually process claims. A PBM contract is a financial and legal document. It defines guarantees, service levels, and coverage parameters. The plan's benefit design is a separate operational layer: formulary tiers, copay structures, prior authorization requirements, step therapy protocols, quantity limits, coordination of benefits rules. The PBM takes that design and configures it into their adjudication system, and that configuration is the PBM's interpretation and implementation of what the plan intended. A contract can say "the PBM will administer the plan's benefit design," but it cannot specify every adjudication rule, every pricing file interaction, or every edge case in how COB logic should handle a non-standard secondary payer. Those details live in the PBM's system configuration, not in the contract. And even when the contract and benefit design are perfectly aligned at signing, both change throughout the year as formularies update, clinical programs launch, pricing files refresh, and systems get patched.

Systemic integrity monitoring exists to close that gap. It asks whether each claim was processed accurately according to the plan's full benefit design, pricing rules, clinical edits, and regulatory requirements, regardless of what the contract explicitly spells out.

This kind of monitoring looks at how claims actually move through the PBM's adjudication engine. PBM platforms are complex, layered environments where rule engines, clinical edits, price files, external data sources, override codes, and plan-level customizations all interact. When even one component is misaligned, the effect may not violate the contract, but it absolutely affects payment accuracy.

A lesser-of-logic clause can exist in the contract and still be coded incorrectly for specific drugs or pharmacy types, meaning a subset of claims gets overpaid even though the contractual term is technically in place. A prior authorization requirement can be active in the system and still get bypassed on certain claims due to how override codes interact with clinical edits. Coordination of benefits logic might work correctly for most secondary payers but miss edge cases with non-standard processing timelines, creating leakage the plan never sees in aggregate reporting.

These issues are not technical edge cases. They affect thousands of claims and meaningfully influence financial performance. They also don't surface in contract variance reviews because they aren't contract violations. They are operational breakdowns in how the PBM's systems translate plan intent into claim-level execution.

Systemic integrity monitoring also uncovers patterns that variance alone will never reach: pharmacy-level behavior anomalies, recurring misconfigurations tied to specific NDCs, inconsistencies in prior authorization enforcement after a PBM system update, or shifts in adjudication logic that followed a formulary change nobody flagged. These patterns require continuous monitoring because system behavior changes constantly as pricing files update, benefit plans renew, claims volume shifts, and new therapies enter the market.

Why the distinction matters for health plans

Most health plans that have some form of PBM oversight are running contract variance reviews. They verify whether the PBM kept its commitments and pursue recovery where it didn't. That work is valuable and should continue.

But contract variance alone leaves a significant blind spot. Across the plans Rivera works with, systemic issues consistently account for a substantial share of avoidable spend. Not because someone intentionally violated the contract, but because day-to-day adjudication logic drifted from the plan's intended benefit design. A new plan year build introduced a configuration error. A formulary update didn't propagate correctly to every adjudication rule. A pricing file update changed the math on thousands of claims and nobody caught it because the aggregate numbers still looked reasonable.

Contract variance confirms that the PBM kept its written promises. Systemic integrity goes deeper, asking whether the underlying systems were executing accurately at the claim level across every transaction. Both questions matter, but only the second catches the issues that compound quietly across a full book of business.

The financial distinction is also worth understanding. Contract variance findings tend to produce straightforward recoveries tied to specific guarantee shortfalls. Systemic integrity findings produce recoveries too, but the larger value is in root-cause correction and recurrence prevention. When a systemic issue is identified and the underlying configuration is fixed, the same error stops appearing on future claims. That prevention value compounds over time and often exceeds the initial recovery.

What this means for how plans structure oversight

A health plan that only runs contract variance reviews is answering half the question. The PBM may be meeting every guarantee in the contract while still processing claims in ways that don't match the plan's actual benefit design.

Closing that gap requires monitoring infrastructure that reviews 100% of claims against the full set of rules that should govern adjudication, not just the terms written into the PBM contract. It requires that monitoring to run continuously, because system behavior changes with every pricing update, formulary revision, and plan year build. And it requires clinical expertise to validate findings and separate true errors from explainable variances, because not every flag is an overpayment.

Health plans that build both contract variance and systemic integrity into their pharmacy payment integrity programs are in a stronger position to protect their spend, negotiate PBM contracts from a position of evidence, and prevent the kind of slow, systemic leakage that periodic reviews consistently miss.

Frequently asked questions

What is the difference between contract variance and systemic integrity in pharmacy oversight?

Contract variance measures whether the PBM followed the specific terms of its written agreement with the health plan, including pricing guarantees, rebate commitments, and coverage restrictions. Systemic integrity measures whether every claim was processed accurately according to the plan's full benefit design, pricing rules, clinical edits, and regulatory requirements. A PBM can meet every contractual guarantee while still processing claims inaccurately at the systemic level.

Can a PBM meet its contract terms and still overpay claims?

Yes. Contract terms cover specific, measurable commitments like rebate guarantees and pricing benchmarks. They do not cover every aspect of how claims are adjudicated. Configuration errors, miscoded rules, coordination of benefits gaps, and adjudication drift can all cause overpayments on claims that fall outside the scope of the contract's explicit terms. These systemic issues often account for a substantial share of avoidable pharmacy spend.

Why doesn't a contract variance review catch systemic issues?

Contract variance reviews are designed to measure PBM performance against written guarantees. Systemic issues, such as a lesser-of-logic rule coded incorrectly for certain pharmacy types or a prior authorization requirement being bypassed due to override code interactions, are not contract violations. They are operational breakdowns in the PBM's adjudication engine that affect payment accuracy without triggering a contractual shortfall.

How does systemic integrity monitoring work?

Systemic integrity monitoring reviews 100% of pharmacy claims on a continuous basis against the full set of rules that should govern adjudication, including pricing, benefit design, clinical edits, coordination of benefits, and regulatory requirements. Algorithms flag claims where adjudication did not match the plan's intended design. Clinical pharmacists and analysts then validate findings to separate true errors from explainable variances. Validated findings are documented and quantified for health plan review and PBM recovery.

Why does systemic integrity monitoring need to run continuously?

PBM system behavior changes constantly. Pricing files update, formularies change, benefit plans renew, clinical programs are added or modified, and new therapies enter the market. Each change introduces the potential for adjudication drift. A rule that was working correctly in January may not be working correctly in March because something else in the system changed. Continuous monitoring catches these shifts as they occur rather than months later during a periodic review.

Why doesn't the PBM contract cover the full benefit design?

A PBM contract is a financial and legal document that defines guarantees, service levels, and coverage parameters. The plan's benefit design is a separate operational layer covering formulary tiers, copay structures, prior authorization requirements, step therapy protocols, quantity limits, and coordination of benefits rules. The PBM configures its adjudication system based on that design, but a contract cannot specify every adjudication rule, pricing file interaction, or claims processing edge case. Those details live in the PBM's system configuration, not in the contract. And even when the two are aligned at signing, both change throughout the year as formularies update, clinical programs launch, and systems get patched. Systemic integrity monitoring exists to verify that the PBM's systems are executing the plan's full benefit design accurately at the claim level, not just meeting the financial commitments in the contract.

See what clarity and control can do for you.

See what clarity and control can do for you.

Get in touch

Rivera, Inc.

444 N. Front St., Suite 101, Columbus, OH 43215

(614) 515-2700 | info@riverarx.com

Who we serve

Commercial health plans

Government health plans

Employers

Channel partners

Resources

Insights

Newsroom

About

Who we are

Work at Rivera

Follow us

LinkedIn

Copyright

©

2026 Rivera, Inc.