Taking the pulse of health care risksPosted On: Nov. 8, 2015 12:00 AM CST
INDIANAPOLIS — Health care organizations need to train medical staff on how to keep sensitive patient data secure to avoid data breaches.
More health care providers are accessing patient information remotely, and such technology leaves many organizations open to cyber attacks, said Gary Glover, vice president of assessments at Orem, Utah-based data security and compliance services provider SecurityMetrics Inc.
“Insecure remote access is the No. 1 compromise pathway of today's hacker,” Mr. Glover said during the American Society for Healthcare Risk Management's 2015 conference in Indianapolis.
As convenient — and sometimes necessary — as it is to have access to work email when off-site, especially in the health care industry, it's not safe, Mr. Glover said. “Sometimes you need to sacrifice convenience for safety,” he said.
The issue is when people open encrypted data and store it unprotected on their personal computers at work or at home.
“These are people who are just trying to do their job, but your job as a risk manager is to audit processes and find out how they are doing these things,” Mr. Glover said.
Also during the conference, executives from Rockford Health System described how the Rockford, Illinois-based hospital and health care system's opioid prescription plan has helped treat patients' chronic pain while reducing the use of unnecessary narcotics and the risk of patient addiction and overdoses.
In May, the health system implemented its opioid policy, which includes several tools to help manage medications for patients with chronic pain unrelated to cancer.
Those strategies include prescribing limited amounts of opioids to patients with acute pain, rather than providing 60- or 90-day supplies; checking Illinois' prescription drug monitoring program database to see if patients have already received recent narcotic prescriptions; and referring patients to a pain management program if they seek opioids more than twice in a month, said Barbara Giardino, the health system's risk manager.
As a result, Rockford Health System, issued 2,237 narcotic prescriptions from June 1 to Aug. 31 this year, down 12.3% from the same period in 2014, with 50,914 opioid pills prescribed, down 13.9% from last year, Ms. Giardino said.
It was important for Rockford Health System to base its policy on evidence-based treatment guidelines from groups such as the American Pain Society, American College of Emergency Physicians, American Academy of Family Physicians and the National Pharmaceutical Council, said Dr. Jude Perez, an emergency room physician and chairman of credentials at Rockford Memorial Hospital in Rockford, Illinois.
Doing so gave the opioid policy credibility with its physicians, which has helped with compliance, Dr. Perez said.
“If you want to get a physician's attention, say "evidence-based practices,'” he said.
Also at ASHRM, an expert in workplace violence prevention said managers need to devise plans to help prevent patients from attacking health care workers.
Carolyn Wolf, Lake Success, New York-based executive partner at law firm Abrams, Fensterman, Fensterman, Eisman, Formato, Ferrara & Wolf L.L.P., said training and education are key to preventing workplace violence.
“Every workplace environment must adopt a workplace violence policy and prevention program and communicate the policy and program to employees,” Ms. Wolf said.
Other effective methods include controlling access to offices with locks after hours and security guards, having a system to alert security officers of a threat and designing the workplaces to include an escape route, Ms. Wolf said.
It is also crucial to practice evacuation and active-shooter drills, she said.
“The organizations that had practice drills and later had a violent episode at work had the highest survival rates of incidents in the workplace,” she said.