In addition to protecting employees from safety and security threats, health care organizations must also seek to prevent and address industry-wide concerns such as drug diversion, HIPAA violations, cyber risk, and more. Here, we present several key operational challenges for the health care industry.
Deemed “health care’s hidden epidemic,” drug diversion is a medical and legal term describing the illegal transfer of prescription medications. Drug diversion has far-reaching implications including worsened patient care, reputational damage, liability exposure, and financial losses. In 2019 alone, 148 million doses of medication were lost to drug diversion. Since the DEA holds pharmacies responsible for lost medication, missing doses can lead to costly fines for health care organizations.
A study by the BD Institute for Medication Management Excellence found that health care executives and providers underestimate the threat and prevalence of drug diversion within their organizations. As a result, prevention programs are often insufficient: although an estimated 10% of nurses, pharmacists, and anesthesiologists are diverting drugs, research indicates that approximately 40% of providers have not received formal drug diversion training.
In addition to training, an important way to prevent and address drug diversion is by providing employees with an easy means of accessing relevant resources and reporting concerns. For example, drug diverters often exhibit noticeable behaviors such as substance abuse indicators, high stress levels, or suspicious activity when distributing medication to patients.
Health care workers often face long hours and high-stress work environments. This can lead to mental health struggles and impairment due to fatigue or substance abuse. Additionally, research has found that approximately two-thirds of nurses and physicians suffer from burnout, and that health care workers face higher rates of addiction and substance abuse than the general population.
Health care employee impairment impacts patient quality of care and overall organizational success and reputation. For example, physician burnout increases the frequency of medical errors, impacts math and science skills, and decreases the efficiency of medical procedures.
To address employee impairment and its impacts, health care organizations should provide easily-accessible mental health resources and provide an easy means of reporting and discussing concerns.
Safeguarding patient health information is critical for health care organizations. Specifically, health care organizations must maintain compliance with the Health Insurance Portability and Accountability Act (HIPAA), a federal law regulating the privacy of patient health information. HIPAA forbids identifiable health information from being disclosed without a patient’s knowledge and consent, and violations can be costly.
HIPAA noncompliance penalties range from $100 to $50,000 per violation, based on negligence severity, and have a maximum penalty of $1.5 million per year for each provision. In 2020, HIPAA fines totaled over $13 million, with one health care organization alone paying $6.85 million to address violations.
Health care workers are at significant risk for violence and injury in the workplace. In fact, data from the Bureau of Labor Statistics found that incidents of workplace violence are four times more common in health care settings than in private industry. Additionally, approximately 75 percent of all workplace assaults reported each year in the U.S. occur in health care. The American Hospital Association estimates that subsequent violence response efforts cost hospitals and health systems in the US nearly $3 billion a year.
Health care professionals working alone face particular risk, especially if their patients are incapacitated, medicated, or violent. Depending on the location of a hospital or other health organization, workers may also face security threats when walking to and from their cars in the parking lot or garage.
As digital recordkeeping and technology-enabled care become more prevalent, cyber risk poses an increasing risk to health care organizations. In 2020 alone, there were approximately 600 health care data breaches affecting over 20 million patients. Data breaches threaten an organization’s intellectual property, employee and patient financial details and social security numbers, and HIPAA-protected health information.
To prevent and address cyber risk, health care organizations must deploy effective cybersecurity systems and educate employees about best practices for digital operations. Employees should also have easy access to cybersecurity resources and a simple, intuitive means of submitting questions and concerns about suspected or confirmed cyber threats, such as phishing or malware.
Health care organizations must remain aware of common operational threats so that they can be prevented and addressed. Mobile risk management tools, such as the LiveSafe platform, are an effective way to identify and address risks before they escalate. Health care organizations can benefit from LiveSafe features including:
To learn more about the threats facing healthcare workers and how risk intelligence can help, download our free guide, Protecting Health Care Workers with Risk Intelligence. Visit the LiveSafe website to learn more about implementing LiveSafe into your health care organization’s prevention strategy.