Everything is going digital, and that includes the way clinicians prescribe medications. Up until recently, so-called “e-prescribing” has been largely limited to non-controlled substances, but times are changing. Hopeful regulators see the key to reducing prescription-drug addiction at the heart of e-prescribing authentication measures, even moving to encourage vendors and providers to get on board with a 2010 revision of DEA rules that allows for controlled substances to be prescribed electronically.
Following suit, New York passed a statewide mandate, dubbed “I-STOP (Internet System for Tracking Over-Prescribing),” that requires providers to prescribe all meds – including controlled substances – electronically by March 2016. Complete with the establishment of a database that logs all prescriptions in the state, the law has been delayed to allow vendors and providers time to catch up with the technology and staff-training demands. But the writing is on the wall: e-prescribing is the future of all controlled medication, including opiates, and the time for everyone to get on board is now.
To discuss the issue in depth, Health Management Technology interviewed emergency-room physician, Harvard assistant clinical professor, and Imprivata CMO, Dr. Sean Kelly, to get his take on e-prescribing trends and how the surrounding technology is evolving to appease federal regulators, while not leaving providers and patients in the dust.
HMT: Since the federal government started allowing providers to e-prescribe narcotics, many have complained about the stringent security stipulations. How do you convince providers that prescribing controlled substances electronically is worth the hassle?
Kelly: If you walk it through the way it was if I wanted to write a [traditional] prescription for narcotics or some other controlled substance, I would just scribble the prescription on a special piece of paper that was usually in a locked drawer and numbered as a security measure to show that someone didn’t steal a bunch of them. But I would just write “Percocet,” or whatever I’d write, and I’d sign and date it – and I’d also put my DEA number on it, and hand it to the patient.
And that’s not so great, obviously, because I hand a piece of paper with my signature on it to somebody. And sometimes they’ll try to fudge it and put an extra zero – you know, 100 tablets of Percocet instead of 10. Or now since they have a piece of paper with my signature and DEA number, they can try to forge them and start writing scripts. That happens to one in 10 physicians, I think is the number.
Wow. Are you serious?
Yeah, one out of 10 physicians have had someone use their DEA number fraudulently.
Are you liable when that happens?
Maybe, but I’ve never heard of a physician actually getting prosecuted over something like that. I think that the real issue is the unbelievable hassle. Because now you have to go through this period of investigation, you have to get a new DEA number – it’s one headache you don’t need, and it’s one new vulnerability that you don’t need.
The drug abuse problem out in the world is enormous. There are so many drugs out there, and that’s something people need to understand. I think the last time I read where they tracked it was in 2012, and there were 259,000,000 prescriptions for controlled substances and pain killers out there. That’s enough for one bottle of pain pills for every adult in America – isn’t that ridiculous? Think of how many pills that is.
That is crazy to think about.
Definitely. So, the whole idea of an e-prescription system is to find a way electronically to prevent the fraud and abuse early in the system, before those drugs hit the street. It makes it much harder for people who are mischievous, trying to sell drugs to make money or feed an addiction habit. [The goal is to] make it harder for them to get the drugs, but make it easier for a patient who needs them and is in pain to be able to go directly to a pharmacy and have their prescription waiting for them.
How does e-prescribing make it easier for pain patients to get the meds they need? Obviously, there are people who need them, and extra scrutiny usually means a slower process for patients.
There are people who are in pain and they need meds, and for them they don’t have to grab a piece of paper, take it over to the pharmacy, hand it to the pharmacist – while they’re in incredible pain – wait around for a half hour or more while the pharmacist fills it for them, and then finally they come out [with their meds] after an hour of going back and forth. Now a doctor can just approve a prescription and send it, and the patient can just go to pharmacy and pick it up. There are people who worry that e-prescribing makes it harder for patients to get pain meds, but I think that, while the number of prescriptions and the number of pills out there will go down, I think it’s the right numbers. If you’re someone who legitimately needs them because you’re in pain and a doctor is legitimately prescribing [the pain meds], it’s no problem.
For these prescription-information databases, are there analytics in place that can spot someone who is “doctor shopping” and trying to get pain meds illegally?
The short answer is yes, but it depends on the technology in terms of how good they are. So, what happens is there are three parts to it. There’s the electronic prescription part of it, where on the front end, you’re tracking who is actually prescribing by using their fingerprint or typing in a code. On the front end you’re tracking the electronic prescriptions themselves. On the back end, what happens is, once a patient fills their medicine at a pharmacy, the pharmacy is required to report it to the prescription-monitoring program, but the effectiveness of that is judged on a very case-by-case basis right now. The problem is some of those data sets are poorly designed, because many of them were built back in the ‘80s. So, they don’t have good reporting capabilities … and it could be up to a week or even two weeks before any provider could look and see if someone is in the system and already had a prescription filled.
Up until now, a lot of these systems simply didn’t talk to each other. I’m up in New England working in an ER, and what happens is people go and cruise through a bunch of ERs. In a week’s time, they could go to five different ERs per day in three or four different states … and a lot of these state systems didn’t talk to each other and, up until now, there hasn’t been pressure for them to update the data in real time or even a 24-hour basis. It could be up to a week or two.
Eventually, as this stuff comes through the system I will see – or another doctor will see – in the database that a person has gotten eight prescriptions over the past three weeks, but by then the damage has already been done. And that’s how we get these massive amounts of pain pills out there in the world; you couldn’t clamp down on it fast enough.
But this is something that is improving, in terms of the analytics?
Yeah, it’s definitely improving. A lot of states are looking into having prescription-monitoring programs and creating reciprocity across states. A lot of state legislatures are waking up and requiring rules that mimic New York’s I-STOP, but nothing has passed quite yet.
Do you think e-prescribing mandates like New York’s I-STOP are something we’ll eventually see nationwide?
It’s funny, a lot of people you talk to focus on I-STOP, but the reality is we [at Imprivata] have seen over 70 percent of our business – which is taking off faster than we could have hoped for – come from outside of New York. Really, the drivers are that doctors in the local community are recognizing what a huge opiate and heroin overdose problem they have. People are dying left and right. You see it in the papers all the time; it kills more people per year than car accidents. It’s amazing how prevalent the (drug abuse problem) is and how bad it is.
So, there’s a lot of pressure on providers to switch to e-prescribing for two reasons: one is the health and public safety implications, but two is workflow and Meaningful Use.
Are there Meaningful Use dollars at stake for implementing e-prescribing?
There is. I’ll put it to you this way – this is me putting on my provider hat – up to anywhere from 4 to 65 percent of patients who have been discharged from the hospital or from the ER, or go home from a clinic, will have at least one controlled substance prescribed to them.
So, if over 60 percent of patients have even one of those controlled substances … the doctors and nurses have an option to either do the prescription electronically or use a paper version, and it’s really hard to optimize for both of those. Whenever there is even one controlled substance in the mix, many places will revert to all paper, and now that’s affecting their Meaningful Use numbers, because Meaningful Use 2 and 3 – if you believe 3 will happen – the number is going to be so much greater for the number of e-prescriptions that need to happen that providers simply can’t ignore it.
The proposed number for Meaningful Use 3 is really high. I personally don’t think it’ll actually pass – it’s pretty damn high.
(Editor’s Note: The proposed Meaningful Use Stage 3 benchmark for e-prescriptions is set at 80 percent, nearly double the threshold of Stage 2.)1
I know one of the reasons the I-STOP e-prescribing mandate was delayed and the demand for middleware is growing is because EHR vendors were not getting the federal certification they need for narcotic e-prescribing. Is that something you see improving?
That’s exactly the crux of the issue. It was only with I-STOP that a lot of these vendors started to move, and some of them quickly, some of them more slowly. You’re correct in everything you said. The technical issues they need to solve and then stitch together with complement technologies like Imprivata’s authentication and Surescripts’ systems – it’s a high hurdle. It’s expensive to develop that and it’s hard to develop that, and the security stipulations were so high that they didn’t want to do that unless they had to. Now they have to because of New York. We’re right exactly in the middle of the changeover.
For authentication companies like Imprivata, what types of things do you bring to the table to help meet the stringent security stipulations?
I’ll tell you about one thing we have created, from a doctor perspective, that I think is awesome: So, the authentication rules the DEA made to be the hardest, because they want there to be no argument after that fact that Dr. Sean Kelly prescribed that amount of medicine. There’s a supervised enrollment that takes place. … I would walk in and a pharmacy person or an IT person would sit me down, check my ID to make sure it’s really me and that my license is up to date, check my DEA number, and know I’m allowed to prescribe; and then they would witness me enroll any number of my fingers into the software system. Passwords are also another acceptable authentication method.
I need two authentication methods total after I’ve ordered that medicine, and the tap-and-go stuff that’s used to get people originally into their EMR does not count. The DEA does not allow prox cards to be used, because the encryption in them isn’t enough. The fraud protection isn’t enough, according to the DEA. So, you could use a smart card, the ones you put into the reader, but nobody uses them in this country. Approximately zero places across the entire U.S. use smart cards.
Zero? I didn’t realize that. We’ve covered the technology before.
Yeah, no one uses smart cards. You have to put them in, take them out – they’re actually vulnerable, because you know what they did in Europe all the time? One guy would put his smart card in the reader and cut it off, and it would just sit there for the next five months. Everybody would just use his ID; the system is always open. It’s a classic workaround, because we doctors and nurses love to do stuff like that (laughs).
I guess that leads me to my final question: For you as a doctor, is e-prescribing authentication adding extra hurdles for you to follow, or is it really making life easier when compared to prescribing meds on paper?
One thing that we just built, and it’s DEA approved, last month we started rolling it out, is a secure Bluetooth OTP (one-time password) called hands-free authentication, which is really cool for me as a doctor. You’re in the e-prescription system and you hit order, for Percocet or something, it calls out to our software if you have the hands-free OTP enrolled. If you have enrolled your phone ahead of time, it knows I’m in front of the computer because I tapped in using my badge, [so] it’ll look for Dr. Sean Kelly’s phone, and if it sees it it’ll use that as the OTP and complete the authentication, all without me doing anything – just while it’s in my pocket. We call it hands-free because the doctor literally doesn’t do anything.
This is brand new stuff, and I’m so fired up about it, because it’s the perfect example of something that is way more secure but also way easier – and to me that’s the secret sauce of what we’re doing as a company and why I get excited about working with Imprivata. As a provider, I put my finger down as one of the authentications, and the system calls out to my phone as the other part of it – and I’m done. I don’t have to put in a password, I don’t have to sign anything. It’s actually easier than when I wrote a prescription. That’s where the technology becomes the separator. Good technology is actually more secure and more convenient than trying to write on a piece of paper.
Reference
Following up on I-STOP
Recently, an article on the topic of e-prescription mandates written by SigmaCare CEO Steve Pacicco was published on healthmgttech.com. In it, he discussed the New York I-STOP law and its implications for the future of drug prescriptions nationwide.
HMT sent a few follow-up questions to Pacicco to continue the discussion surrounding e-prescription technology and the New York mandate.
Q: In your article, you mention that some healthcare organizations, particularly long-term care and assisted-living facilities, have an aversion to e-prescribing. Is this as simple as a lack of Meaningful Use (MU) incentives, or are there other reasons for the lack of adoption?
My comments in the article centered on the idea that e-prescribing may not be top of mind for those facilities in states outside of New York who do not have a mandate to comply with. In general, I don’t see an aversion to e-prescribing, but more of a slower adoption of e-prescribing that is mostly attributable to the process and technology hurdles that must be overcome to seamlessly move along the adoption curve.
The process hurdle is due to the fact that workflow in long-term care is very different than that of a hospital or a physician’s office. Both of those worlds are physician driven. Yet in the hospital, the patient is in constant contact with the physician, so when a drug is ordered, the physician is there and prescribing it, which is conducive to e-prescribing. In the LTPAC [long-term and post-acute care] space, much of the care is driven by clinicians with a physician following up. In LTPAC, the clinician sets the stage and the physician approves, adjusts, or abandons the request. This process requires more coordination and conversation, and it hasn’t typically been built into systems.
The technology hurdle is due to the fact that technology hasn’t been pushed in the long-term care market for e-prescribing due to the process hurdle. Technology should help this exchange, but employing technology impacts the process and needs to focus not only on the e-prescribing aspect but also the communication between the clinician and physician. MU would help speed the adoption from a directive standpoint, but technology companies need to help LTPAC facilities manage the change to be successful with these technologies. Given the need for technology companies to partner in this way with LTPAC facilities in order to help facilitate change management, it is imperative that vendors approach their LTPAC facilities with a partnership mindset.
Q: I-STOP sets up yet another database for a myriad of patient records to be stored and accessed. Is mandated e-prescribing creating a new risk for identity theft?
Any time there are large repositories of personal-identifiable information, there is risk for identity theft. That being said, CMS (the Centers for Medicare & Medicaid Services) has published strict criteria (HIPAA and safe harbor) around how the data is stored, system requirements, and security mandates. All vendors have to meet said criteria and must go above and beyond.
Q: The selling point for I-STOP has been that it will hypothetically reduce the abuse of narcotics. Are there other major sales pitches that lawmakers and supporters should be mentioning?
Not only will I-STOP reduce the abuse of narcotics, but it should reduce transcription errors (no more scribbling on a pad, then having someone interpret it, rewrite it, and order the med). Additionally, it should foster safer medication management through smart algorithms that can catch contraindications, allergies, overdosing, etc. Lastly, the process will be more efficient because it is a direct transaction between the prescriber and the pharmacy, and as a result, will allow their residents to get their needed medications faster.
Vendors should look to develop technological solutions that are truly prescriber-centric and provide capabilities such as: quick access to the resident’s health record, easy-to-use order writing leveraging clinical decision support to make informed decisions, simplified medication reconciliation to create retail scripts using current orders, intuitive workflow to manage retail scripts during the discharge planning process, and mobile alerts to shorten the duration between order and signoff.