The Challenge of Ensuring Compliance at Scale as Resources Shrink, Violations Rise
by Protenus on September 9, 2021
As they continue devoting their limited resources to battling the Covid-19 pandemic, healthcare organizations may not be able to monitor compliance violations — including drug misuse or diversion and inappropriate access to patient records — as closely as they normally would.
For one, the costs of personal protective equipment, rigorous sanitization processes, and other Covid-19-related needs are eating into the budgets that compliance departments are competing for in their efforts to improve efficiencies. Add to this the fact that many compliance experts — over one-fourth of whom are doctors and nurses — have expanded or shifted their focus to help in other areas of patient care.
Hear Protenus CEO Nick Culbertson discuss detecting and preventing diversion at scale: stream his interview with RxPert Solution's Terri Vidals, BS, Pharm.
While compliance teams navigate this resource-constrained environment, there are countless reasons to believe that the serious privacy violations and medication-related safety hazards they monitor are simultaneously occurring more frequently. Here, we name just a few of the most salient:
1. The pandemic has severely exacerbated burnout among clinicians, and by extension, poses a threat to appropriate medication handling.According to a 2020 survey of 20,947 healthcare workers across 42 U.S. organizations, levels of stress and burnout have risen among both clinical and non-clinical staff. And "while burnout doesn’t cause drug diversion," Patient Safety and Quality Healthcare states, "burnout is correlated with substance use disorders, and substance use disorders are correlated with drug diversion." That's bad news for hospitals in every corner of the country — as of this writing, 0 states have decreasing Covid-19 cases, and healthcare workers continue working around the clock, on high alert.
2. Big systems employ hundreds or even thousands of people who have easy access to sensitive patient data in the EHR.As anxieties and confusion swirl around Covid-19, any one of these employees could be driven to access the Covid-19 diagnoses and vaccine history of friends, family, and public figures — in violation of HIPAA and other privacy regulations.
3. Along with a spike in insider incidents for the first time in four years, in 2020, we observed external actors taking advantage of an overwhelmed U.S. healthcare system.Hacking incidents overall increased for the fifth straight year, and hospital employees specifically became bigger targets for ransomware attacks, which more than doubled from 2019, the 2021 Protenus Breach Barometer shows. The upward trajectory of these costly, reputation-damaging events is likely to continue, given that the number of reported health data breaches has increased every year since we began publishing the Breach Barometer in 2016.
Amid mounting threats (related and unrelated to the pandemic) and shrinking resources, compliance teams' mission to protect patient privacy and address drug diversion across entire systems has not changed. This massive undertaking undoubtedly requires more than human expertise alone; subject matter experts must be equipped with advanced, artificial intelligence-powered technology that prioritizes cases with exceptional accuracy, notifies end-users of likely violations at manageable volumes, and enables faster case resolution times.
In order to scale for the future, compliance departments will need to create efficiencies that simply can't be achieved through manual or otherwise outdated processes. It will be the adoption of healthcare compliance analytics that helps ensure patient privacy and reduce costly risk across entire enterprises.