The opioid crisis and hospital drug theft have been coming together in headlines for years. High-profile cases illustrate that insider drug diversion is an issue that’s very much alive. As a result, preventing drug diversion has been a focus for many security and compliance departments, with efforts ranging from screening employees and limiting access to beefing up physical surveillance.
Healthcare organizations may treat patients who are struggling with the epidemic, but data reveal that hospital workers are not immune to the opioid crisis. According to the Mayo Clinic, up to 15 percent of healthcare workers are addicted to drugs or alcohol, compared with 8 percent of the general population. These workers develop and feed their addictions through drug diversion — the practice of taking a legal prescription intended for one person and transferring it to another person for illicit use.
Drug diversion in hospitals can have a hefty impact on care providers. Key among them is the reputational risk: When care providers are intoxicated, the very place that patients trust can actually make them ill.
Drug Diversion Risk: How Does Drug Diversion Affect Your Care?
First and foremost is the impact on patient safety. Aside from improper care and a lack of focus from intoxicated care providers, reported cases of blood-borne illnesses indicate that diverters could be infecting patients. Then there’s the time and resources dedicated to a staff member’s accidental overdose, death and infections from improperly sterilized needles, falsified records, and theft. Investigations associated with these incidents are time-consuming and costly.
The Drug Enforcement Agency (DEA) is increasingly examining whether hospitals have a drug diversion program in place. And organizations like the Joint Commission require that health systems use policies and procedures to prevent controlled substance diversion. This makes it essential to document when an incident occurs: Care providers are required to report details to the DEA, law enforcement, state pharmacy boards, and the Office of the Inspector General (OIG). All this requires extra work and effort from your team.
How to Prevent Drug Diversion: Best Practices
Care providers must take a multi-layered approach to a drug diversion strategy. Healthcare privacy, security, and compliance professionals should align to conduct forensic investigations, looking for signs of drug diversion and identifying the who, when, what, and how of drug diversion in their facility. Then, they can follow up by sanctioning and training employees. This helps drive a culture of security and compliance, which is important in reducing and preventing future incidents.
Drug diversion often involves unlikely perpetrators and shocking scenarios. That’s why one of the biggest tools for solving the drug diversion puzzle can be found in your very own EHR. A platform that monitors for user behavior can help detect drug diversion by spotting, for example, self-modification. Are physicians or clinicians modifying their own records to obtain medication that weren’t initially prescribed to them? Some state laws allow physicians to treat themselves, but most organizations don’t allow them to modify their own medical records. Another scenario may involve a user who reactivates a months-old expired prescription.
Certain full-lifecycle platforms can also use trend reports to monitor for drug diversion. These compare peer activities by title and department to reveal users who review more pharmaceutical information than their peers. In a drug diversion scenario, this might mean a user is searching for open orders and prescriptions, locating the delivery point, and picking them up using the patient’s name.
Healthcare systems might also identify incidents during routine auditing and monitoring activities. Healthcare privacy professionals should look for suspicious activity like snooping, high face-sheet access, identity theft, and departing employees.
But it’s not enough to detect these incidents. If you’re not handling the full life-cycle of security incidents like drug diversion, it could put you at risk of willful neglect. Instead, hospitals should focus on detecting, investigating, mitigating, and remediating these incidents to reduce risk and maintain compliance.
Preventing Drug Diversion Through a Culture of Compliance
Moving forward, care providers should focus on proactively creating a culture of privacy and security to prevent drug diversion. When behavioral violations are explicitly sanctioned, word will spread that policies are readily enforced and technologies are in place to detect inappropriate behaviors. This should be followed by extensive training and education.
Memorial Healthcare System’s Chief Information Security Officer, Richard Leon, explained during a recent FairWarning webinar that “continuing training and awareness is extremely important in our organization.” So he created a training campaign around patient privacy and policy violation — and noticed that Memorial Healthcare’s culture shifted toward better privacy and compliance.
Moving forward, healthcare systems will need a strategic and proactive strategy to prevent drug diversion. Tools, technology, and a culture-first focus can help stop incidents from occurring in the first place. And when care providers address the full lifecycle of these incidents, they can continue to focus on the core of their business – building trust between patient and provider to give the best care possible.
FairWarning Patient Privacy Intelligence Helps Manage the Full Lifecycle of a Security Incident
FairWarning Patient Privacy Intelligence (PPI) helps healthcare organizations manage the full lifecycle of security incidents. Detect costly and damaging behavior like drug diversion, investigate the behavior, document the investigation, and more from one single platform that integrates with your EHRs and other mission-critical applications. For more information about how FairWarning PPI can help you prevent drug diversion in your hospital and create a culture of compliance, contact us today.