Data and Compliance: Tools for Fighting Opioid Addiction

posted on
Data and Compliance: Tools for Fighting Opioid Addiction

In recent years, hospital and emergency department visits related to opioid use have continued to rise.  The Centers for Disease Control and Prevention (CDC) 2018 Annual Surveillance Report of Drug-Related Risks and Outcomes noted that 2016 also marked a record high in the number of deaths from drug overdoses, with 63,632 total deaths that year.  Opioids, whether prescription or not, were involved in over half (66.4%) of those deaths.


As a result of this ongoing epidemic, healthcare providers have become much more aware of their prescribing practices and are more cautious when prescribing opioid medications.  In fact, according to the CDC Annual Surveillance Report, the number of opioid prescriptions written per 100 people dropped from 72 in 2006 to 58 in 2017.  The prescribing rate of high-dosage opioid prescriptions had also declined by about 56.5% in the decade between 2006 and 2016.  Lower prescribing rates are just one way that providers have sought to address this crisis.


Fighting the Epidemic with Data

Healthcare providers and policy makers are always looking for new ways to address this national epidemic of addiction.  One possibility, suggested by the Office for the National Coordinator of Health Information Technology (ONC), is to integrate prescription drug monitoring programs (PDMPs) with existing health IT systems, such as electronic health records (EHRs).  This could make it much easier for providers to check a patient’s prescription record before prescribing them certain pain medications.  In a previous article, we discussed a series of 2012 pilot studies that had successfully integrated PDMPs with health IT systems in multiple states.


Additionally, one of the five main strategies being employed by the Department of Health and Human Services (HHS) to fight this issue is “better data” about opioid use, misuse, and prescribing trends.  This has included reports like the CDC Annual Surveillance Report, various research programs, and events such as the recent HHS Opioid Code-a-Thon.  At the Code-a-Thon, programmers, public health experts, scientists, and researchers worked to develop data-driven solutions to address the opioid epidemic.


Regarding the care for patients who may be caught up in this epidemic, the Substance Abuse and Mental Health Services Administration (SAMHSA)-HRSA Center for Integrated Health Solutions provided some useful suggestions in 2014.  They noted that, “using electronic health information exchange (HIE) to facilitate necessary care coordination could go far in improving both the patient experience and their treatment outcomes” in both behavioral and physical health.  However, they also cautioned that a number of factors could slow down this information exchange, such as codes of ethics with patient confidentiality requirements, the technological capabilities of some EHRs, and potential business and trust-related barriers.


Before tackling these obstacles to information exchanges, it is necessary to understand protected health data as well as the various laws that govern the disclosure and use of such information.


Compliance to Support Providers and Their Patients

When utilizing various data-based tools to help patients struggling with addiction, one of the biggest questions facing providers is how they can ensure that they remain compliant with privacy and security regulations.


Sharing Information With Other Providers

A few factors that can result in confusion for providers when it comes to sharing health information is that some states have adopted laws that may require patient consent for health information exchanges, even if such an exchange is relevant to the patient’s care.  Privacy laws also vary between states, so providers must remain aware of which laws apply to each potential information exchange if they happen to be working with a provider in a different state.


When it comes to federal regulations, two guidelines that can apply to patient information include HIPAA and 42 CFR Part 2.  Remember that 42 CFR Part 2, which deals more specifically with substance-use-disorder-related care, can sometimes be more strict in requiring patient consent before information is shared with another provider.  The HIPAA Privacy Rule, on the other hand, does not require covered entities to get patient consent before using or disclosing protected health information (PHI) for treatment, payment, or healthcare operations.  As a provider, you should stay informed of the different situations where either or both of these regulations may apply.


Sharing Information to Support Patient Care

As well as helping multiple providers share information to treat patients and fight the opioid epidemic, HIPAA can also help individual providers communicate with the family and friends of patients who may be struggling with addiction.  This can in turn help strengthen the health-related support available for individual patients.  HIPAA allows healthcare providers to make decisions about communicating information with a patient’s family and friends based on what the provider determines is in the best interests of the patient and what is necessary and relevant to the family member or friend’s involvement with the patient’s care.  This serves three primary purposes:

  1. Keeping family or friends who are involved with a patient’s care notified
  2. To share information relevant to the health-related care or assistance someone is providing to their loved one
  3. To assist personal representatives with making decisions on behalf of the patient for whom they are responsible

Provided the information that is shared is directly related to an individual’s involvement in the patient’s health care or payment for health care, this sharing of information can be permitted under HIPAA.


Stay informed about privacy and security regulations with HIPAA Compliance Training provided by the American Institute of Healthcare Compliance.  This training is available either online or in-person at our upcoming HIPAA Privacy & Security Training Camp in spring 2019.


Some Additional Resources for Providers


| Categories: AIHC Professional Articles, Compliance and the Opioid Epidemic | Tags: HHS, CDC, SAMHSA, ONC, Providers, HRSA, HIPAA, Security, Privacy, HIPAA Covered Entities, Compliance, Pain Management, Addiction, Opioid Crisis, Healthcare Employees, Training, Health IT, 42 CFR Part 2, Agency for Healthcare Research and Quality | View Count: (391) | Return

Post a Comment

Blog Subscription

Articles by Month
AIHC Facebook Feed
CMS - Centers for Medicare & Medicaid Services

Articles written by the American Institute of Healthcare Compliance are under Copyright Notice: © 2016-2019 American Institute of Healthcare Compliance, Inc. All Rights Reserved. Views expressed through RSS feeds or remarks made on this blog or website are solely those of the original authors and other contributors and do not necessarily represent those of the American Institute of Healthcare Compliance and/or staff.