Hospitals falling short on implementing bar code medication administration

Ever noticed the steps nurses have to go through when they administer medications in the hospital? Scanning, typing, asking the patient for name and birthday – these steps protect patient health and hospitals from liability. Despite how useful these steps are for reducing medication errors, the Leapfrog Group found that not all hospitals are using them effectively.

Only 30 percent of hospitals are meeting standards

In the 2017 report on medication safety, Castlight Health analyzed hospital use of bar code medication administration (BCMA) and computer physician order entry (CPOE) systems. Although Leapfrog’s standard standards include implementation of a BCMA to cover 100 percent of a hospital’s intensive care and medical/surgical units, along with several important processes, only 30 percent of hospitals met all four of Leapfrog’s criteria.

BCMA systems

A BCMA system requires the administering nurse to scan a bar code on the patient’s wristband and then scan the bar code on the medication. This ensures that the “Five Rights of Medication Administration” are met: right patient, drug, dose, time, and route. The Leapfrog Group developed the first industry standard for BCMA adoption and included measurement elements in its 2016 hospital survey. One of Leapfrog’s standards requires scanning both bar codes for 95 percent of bedside administration in units with BCMA systems.

Findings

Although 97.8 reporting hospitals have a BCMA system in at least one inpatient unit connected to their electronic medication administration record, only 30 percent of the hospitals fully met the standard. A remaining 35 percent fulfilled three out of the four, and 26 percent met two of the criteria.

The most commonly unmet requirement was integration of Leapfrog’s seven decision support elements. These support elements are ensuring that the patient, medication, dose, and time are correct as well as checking for vital signs, performing a patient-specific allergy check, and having a second nurse perform a check. Out of these elements, the vital sign check was the most frequently lacking at 80 percent. Hospitals also failed to adhere to Leapfrog’s best practice processes and workaround prevention, which require (1) formal BCMA use committee; (2) back-up systems for hardware failure; (3) a help desk; (4) observation of BCMA users; and (5) engaging nursing leadership.

Reporting issues

In addition to the BCMA elements in the hospital survey, Leapfrog’s CPOE Evaluation Tool allows hospitals to download simulated data and input patient and medication combinations into their systems. Hospitals then track the alerts generated by the system and are scored based on correct alerts. Leapfrog noted that although more hospitals have been meeting the CPOE standards, an additional 26 percent of reporting hospitals failed to meet these standards. Only 22 percent of hospitals that reported CPOE and BCMA data fully met all standards. Leapfrog noted that some hospitals are not reporting their data at all, and noted that this can cause a serious gap in understanding hospital medication safety because Leapfrog is the only organization that publicly reports this data.

Health technology oversight growing more complicated as innovation continues

As health information technology (HIT) evolves and the industry increasingly relies on it, the field represents a niche opportunity for young lawyers. At the American Health Lawyers Association (AHLA) Fundamentals of Health Law conference, presenters Ryann Schneider and Sidney Welch emphasized the necessity of understanding both the technology and regulations as well as maintaining close oversight of vendors. This area presents many pitfalls and compliance is difficult, but essential.

Innovations

At the close of the third quarter of 2016, $6.5 billion in digital health deals were recorded. Clinical operations are finding more uses for technology, as providers use telehealth for specialty consults, chronic care management, monitoring, and diagnosis while patients continue to rely on personal health applications and wearables. These innovations require continued development of oversight strategies.

Statutes and regulations

One challenge for compliance is understanding the changing (and conflicting) rules surrounding telemedicine. CMS has issued and updated telemedicine regulations for Medicare, while Medicaid reimbursement differs between the states. States have also implemented various non-payment laws, such as the definitions of a valid telemedicine encounter and requiring a full license to practice medicine in the state in which the patient is located. There are also intellectual property considerations, as well as dealing with a long list of regulatory agencies from the HHS Office of Inspector General (OIG) and the Department of Justice (DOJ) to the Federal Trade Commission (FTC) and Internal Revenue Service (IRS).

Vendors

When health care entities hire technology vendors, each side has a different level of understanding and priorities. Health care customers are particularly sensitive to safety, outcome commitments, and security than other technology customers, and often overestimate the time and resources required for projects. Vendors are experts on their technology, and have a better idea of the partnership required to successfully implement sophisticated projects.

The speakers noted that counsel does not have to understand the nuts and bolts of the technology, but emphasized the need for a team comprised of both business and tech experts to ensure that all bases are covered. Additionally, if in-house counsel focuses on regulatory understanding, outside technology or intellectual property (IP) counsel can supplement with specialized expertise.

Health care gets a ‘D’ in cybersecurity, but no one scores high

The health care sector scored a ‘D’ grade in overall cybersecurity for 2016, but other industries didn’t fare much better, with the retail sector scoring a high ‘C,’ according to Tenable Network Security. Cybersecurity experts in most industries showed decreased confidence in their industry’s ability to assess risks and mitigate threats. New and increased challenges, including new platforms and environments and continued use of mobile devices, contributed to the decrease.

Tenable asked 700 security practitioners from seven industries and nine countries about their attitudes and beliefs toward security defenses, rather than actual effectiveness. Health care security professionals’ average confidence level in their risk assessments was only 54 percent, down 18 percent from Tenable’s 2015 report. Professional were more confident in their ability to mitigate threats through security assurances, showing an average 76 percent confident level, an increase of 1 percent from 2015. They were most comfortable in their ability to convey risks to executives and board members, measure security effectiveness, and view network risks continuously. However, a common theme across industries and countries were professionals’ concerns that the executive level did not responds effectively once given information about risks.

Tenable noted health significant health care sector weaknesses in assessing mobile devices. Confidence in risk assessment for mobile devices dropped 8 percent across all industries from 2015, and the web application security rating dropped 18 percent, the largest drop in any risk assessment category. The health care sector also showed weakness in assessing risks with respect to two new categories, developmental operations (DevOps) environments and containerization platforms. DevOps is a set of practices that emphasizes collaboration and communication between software developers and other information-technology (IT) professionals that also includes an automation component with respect to software delivery and infrastructure changes. Containerization technologies allow multiple isolated systems to run on a single control host by packing them in a “container” within their own operating environment.

OIG identifies top 10 challenges in fulfilling HHS’ mission

Going into the new year, the HHS Office of Inspector General (OIG) will continue to focus on administration, quality health care, program integrity, and the improvement of electronic health records (EHR) and health information technology (IT). The OIG has identified its top 10 management and performance challenges, and has expressed its commitment to assisting in transitioning between administrations.

Effective administration

The OIG finds effective administration to be a challenge in many areas. The Medicaid program is a particular area of concern due to the 72 million enrollees that the program serves and the expansions implemented under the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148). In particular, CMS needs complete and accurate data about managed care, states need to fully implement all program integrity tools, and corrective action plans to address improper payments must be developed. These issues are representative of the OIG’s challenges in operating the entirety of HHS, which reported total costs of about $1 trillion in fiscal year (FY) 2015. The OIG must continue taking corrective actions, resolving deficiencies, and monitoring contracts. Other particular administrative challenges are grants, the health insurance marketplaces, and Part A and Part B program integrity.

Other issues

The OIG faces several issues within the realm of IT. Cybersecurity has been a growing concern due to the significant increase in the frequency of data breaches. Additionally, despite HHS’ investments in health IT and interoperability, the agency still has steps to take to ensure widespread use and adoption of EHRs and other health IT. The rest of the top challenges focus on serving the population: ensuring that vulnerable populations receive quality care; monitoring food, drug, and medical device safety; and addressing drug abuse in Part D and Medicaid.