The number of drug overdoses related to opioids has more than quadrupled in the U.S. since 1999, according to the National Institute on Drug Abuse (NIDA). As of 2014, some 2.5 million Americans were thought to have a substance abuse disorder related to prescription opioid painkillers or heroin?and they're coming into hospitals where case managers are increasingly being called on to manage their care.
"The substance abuse epidemic seems exactly like that, an epidemic, with the numbers of patients suffering from substance abuse growing, with many presenting to the hospitals with serious overdoses and/or medical complications of their drug habits," says June Stark, RN, BSN, MEd, director of care coordination at St. Elizabeth's Medical Center-Steward Healthcare in Boston.
Scarce resources and the complex needs of these patients make helping patients with opioid addictions a challenge. Not only do case managers need to manage the challenges and social issues that go along with addiction, such as homelessness and lack of family connections, but they may also struggle to find placements for patients?there just aren't enough beds out there, Stark says, a possible side effect of years of cutbacks and reductions in these types of care options.
While in the past, many patients came into St. Elizabeth's Comprehensive Addictions Program suffering from alcohol dependence, today there's been a huge increase in individuals abusing prescriptions and other opiates, says Mary Ellen Peters, RN, BSN, CARN, a substance abuse case manager at St. Elizabeth's Medical Center in Boston. The growing number of opioid users and the increased publicity surrounding this issue has prompted more people to come in and seek help, she says.
In Massachusetts, you can't pick up a newspaper without hearing stories of struggles with addiction and the community's effort to get ahead of the crisis, says Peters. Even police departments are changing their approach, arming police officers and first responders with a lifesaving opioid overdose-reversal treatment, Narcan. The Gloucester (MA) Police Department is not only using Narcan, but has publicly changed its focus to trying to get people treatment, not jail time, says Peters.
While some changes are in the works that may help future case management efforts, today's case managers still face major challenges. Peters says they manage these challenges by taking a multi-pronged approach to address patient needs, consisting of:
A thorough assessment
Community referrals for follow-up care
Reaching out to family members for support
A focus on reversing social issues, which provide barriers to recovery
Research shows that ethnic and racial minorities may wind up back in the hospital after discharge more often than their white counterparts for certain conditions, such as pneumonia and heart failure. This increased rate of readmissions is due to many factors, including:
A higher incidence of some chronic diseases
Social, economic, cultural, and linguistic barriers to care
CMS is hoping to change that with a new publication, "Guide to Preventing Readmissions Among Racially and Ethnically Diverse Beneficiaries." Its authors said that the guide aims to accomplish three main goals:
Providing an overview of the issues that can lead to higher readmission rates among this group
Outlining actions hospital leaders can take to reduce these avoidable readmissions
Providing case studies and examples of initiatives that have worked to reduce readmissions among racial and ethnically diverse Medicare beneficiaries
Subpoenas are a sometimes-unwelcome fact of life for privacy officers. They can be complicated, requesting broad amounts of information that is time-consuming to gather. They can be written in dense legal language that takes time and finesse to decipher. If a subpoena requests PHI, it can also raise privacy concerns and questions about how to honor the subpoena while releasing only the necessary information. Some subpoenas may request information that an organization considers sensitive for other reasons. It can be all too easy to put off dealing with a subpoena until the last minute, then rushing to react without taking the time to really read and understand what it says.
OCR and HIPAA audits. Give you chills, don't they? Most covered entities (CE) naturally fear getting the letter from the HIPAA privacy and security enforcers saying that they're coming?or that they want something. "Something" usually means your policies and procedures, risk analysis, and mitigation efforts if you've suffered a breach. Bottom line: CEs want to avoid OCR unless they need to go to the agency for information on the HIPAA Privacy, Security, or Breach Notification rules
Interoperability isn't a new goal, but 2016 may be the year it becomes closer to a reality. HHS' 2017 budget includes a boost in the Office of the National Coordinator for Health Information Technology (ONC) funding specifically for the development of interoperability guidelines and standards, like an interoperability code of conduct, as well as efforts to combat information blocking.
Staying ahead of change
Being a hot-button issue alone won't solve interoperability's problems. It's a complex initiative, and reaching the goals outlined in the ONC's Interoperability Roadmap means providers, vendors, and policymakers have to work together to create practical guidelines and products that meet all applicable existing legislation, including HIPAA and other privacy and security laws. Interoperability also requires software vendors and developers to go against the very nature of their business and work with the competition.
It's a tall order, but achieving interoperability could greatly reduce the technical burdens many security officers struggle with, as well as create an atmosphere in which providers and vendors can work together to keep PHI safe. If it's not achieved, greater administrative burdens, technological problems, and, at worst, significant security weaknesses could result, cautions Chris Apgar, CISSP, president of Apgar and Associates, LLC, in Portland, Oregon.
Security officers need to pay close attention to interoperability, Apgar says. "Any time code is touched or changes are made in how an application or interface works, [it] raises the risk that the end product will not include the required security controls."
If 2016 is the year the healthcare industry starts making real progress on the road to interoperability, security officers need to make sure they read the map and scout the territory to ensure their organizations don't take any wrong turns.
Email encryption, file sharing, and mailbox security
by Chris Apgar, CISSP
Q: We are in the process of building a new office. Would it be HIPAA compliant to have an outside locked mailbox for our general postal mail and therapist paperwork that is dropped off at night? If not, would a mail slot on our front door work better?
A: An outside locked mailbox will suffice to secure incoming mail and therapist paperwork. Ensure that the mailbox is secure and not easily broken into. If the mailbox is secured with a key, it's a good idea to implement a solid key management program so it's known who has a key. Keys should be recovered when an employee resigns or is terminated. If an employee leaves without returning his or her key, it's wise to re-key the lock on the mailbox.
Editor's note
Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Email your HIPAA questions to Associate Editor Nicole Votta at nvotta@hcpro.com.
