Winning the War on Opioids
States can play a major role in the over-prescribing of opioid painkillers, according to the Centers for Disease Control and Prevention. Among other measures, states can tighten control over pain clinics prescribing the drugs and bolster prescription drug monitoring programs that track painkiller prescriptions. The graphic above shows how those actions across three states reduced overdose deaths and the percentage of patients “doctor shopping” for multiple prescriptions.
State PDMP Regulation Important for Opioid Control
In July, the CDC’s monthly report Vital Signs identified the states with the highest and lowest prescription rates for opioid painkillers — and the range is wide. While most states have some form of a prescription drug monitoring program (PDMP), their levels of effectiveness vary widely due to differences in enforcement and a lack of consensus over the appropriateness of opioid prescriptions.
“Health care providers wrote 259 million prescriptions for painkillers in 2012, enough for every American adult to have a bottle of pills,” the report said. Alabama and Tennessee were the highest-prescribing states, writing 143 painkiller prescriptions per every 100 people.
The report also gave kudos to states that have decreased opioid usage through tightened PDMPs and state enforcement. In the continental U.S., California had the lowest rate of prescriptions written in 2012 (second only to Hawaii overall), with opioids prescribed for only 57 out of every 100 people, compared to the national average of 82.5. In fact, California’s numbers were below average for all types of opioid pain relievers, including high dose, long-acting and benzodiazepines.
The state’s success can be attributed to its Controlled Substance Utilization Review and Evaluation System (CURES). The drug monitoring program requires dispensing pharmacy clinics to submit reports of all Schedule II through IV prescription drugs to the Department of Justice at least once per week, making its database an almost real-time source of patient prescription history. Health care practitioners can access the database to see a patient’s prescription history for painkillers dispensed anywhere in the state.
“Automated Patient Activity Reports (PARs) are available to physicians who log into their online PDMP accounts,” said Larissa Mooney, assistant clinical professor of psychiatry and director of the Addiction Medicine Clinic at UCLA. “These reports allow instant viewing of controlled substance prescription histories over designated time periods. Information provided by this database is one step towards reducing abuse and diversion of prescription drugs and their associated consequences.”
According to California’s Department of Justice website, the database contains over 100 million entries and responded to 1,063,952 report requests in fiscal year 2011-2012. Unlike other states, California does not require physicians to use the database before prescribing high-strength painkillers; their decisions to view patient histories are completely voluntary.
Dr. Karen Miotto, a physician in UCLA’s psychiatry and biobehavioral sciences department and leader of its addiction psychiatry services, told the CDC that supportive state agencies and medical associations have also bolstered the program, promoting its use through education initiatives.
Lack of addiction education in medical schools and too few substance abuse resources can undermine drug monitoring programs’ success.
“Physicians vary widely in their knowledge of substance use disorders and their ability to identify, diagnose and treat such disorders,” Mooney said. “Educating physicians on addiction risk factors, screening and clinical interventions could facilitate increased use of PDMP programs and incorporation of controlled substance prescription monitoring within clinical practice.”
Better education could spur physicians to identify patients at risk for addiction, seek alternative drugs for pain management, and prescribe only the lowest possible dose of opioids when necessary.
“Health care providers wrote 259 million prescriptions for painkillers in 2012, enough for every American adult to have a bottle of pills.”
— CDC Vital Signs; Opioid Painkiller Prescribing: Where You Live Makes a Difference; July 2014
In addition to lack of education, the report notes another key struggle states encounter with PDMPs is “complicated access and notarization procedures.” This is an area where state governments could intervene, creating policies to help streamline the process for those submitting and accessing data. California may have had an easier time with this since CURES is administered by its Department of Justice, rather than a pharmacy board or licensing agency, or Health and Human Services department.
State policies tightening regulation of for-profit pain clinics — or “pill mills” — could also reduce the prevalence of opioid prescription for non-medical use, a significant driver of demand for the drugs.
Another barrier may be the lack of a national database. Even in states with effective PDMPs, practitioners have an incomplete picture, seeing only what painkillers a patient has received in their own state but not others. While no plans for a national resource exist, the CDC report said the federal government can assist state PDMPs by “supplying health care providers with data, tools, and guidance for decision making based on proven practices,” and “increasing access to mental health and substance abuse treatment through the Affordable Care Act.”
5 & 5: Rewards and Risks of Cloud Computing
Cloud computing lowers costs, increases capacity and provides security that companies would be hard-pressed to deliver on their own. Utilizing the cloud allows companies to “rent” hardware and software as a service and store data on a series of servers with unlimited availability and space. But the risks loom large, such as unforgiving contracts, hidden fees and sophisticated criminal attacks.
ACE’s recently published whitepaper, “Cloud Computing: Is Your Company Weighing Both Benefits and Risks?”, focuses on educating risk managers about the risks and rewards of this ever-evolving technology. Key issues raised in the paper include:
5 benefits of cloud computing
1. Lower infrastructure costs
The days of investing in standalone servers are over. For far less investment, a company can store data in the cloud with much greater capacity. Cloud technology reduces or eliminates management costs associated with IT personnel, data storage and real estate. Cloud providers can also absorb the expenses of software upgrades, hardware upgrades and the replacement of obsolete network and security devices.
2. Capacity when you need it … not when you don’t
Cloud computing enables businesses to ramp up their capacity during peak times, then ramp back down during the year, rather than wastefully buying capacity they don’t need. Take the retail sector, for example. During the holiday season, online traffic increases substantially as consumers shop for gifts. Now, companies in the retail sector can pay for the capacity they need only when they need it.
3. Security and speed increase
Cloud providers invest big dollars in securing data with the latest technology — striving for cutting-edge speed and security. In fact, they provide redundancy data that’s replicated and encrypted so it can be delivered quickly and securely. Companies that utilize the cloud would find it difficult to get such results on their own.
4. Anything, anytime, anywhere
With cloud technology, companies can access data from anywhere, at any time. Take Dropbox for example. Its popularity has grown because people want to share large files that exceed the capacity of their email inboxes. Now it’s expanded the way we share data. As time goes on, other cloud companies will surely be looking to improve upon that technology.
5. Regulatory compliance comes more easily
The data security and technology that regulators require typically come standard from cloud providers. They routinely test their networks and systems. They provide data backups and power redundancy. Some even overtly assist customers with regulatory compliance such as the Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry Data Security Standard (PCI DSS).
1. Cloud contracts are unforgiving
Typically, risk managers and legal departments create contracts that mitigate losses caused by service providers. But cloud providers decline such stringent contracts, saying they hinder their ability to keep prices down. Instead, cloud contracts don’t include traditional indemnification or limitations of liability, particularly pertaining to privacy and data security. If a cloud provider suffers a data breach of customer information or sustains a network outage, risk managers are less likely to have the same contractual protection they are accustomed to seeing from traditional service providers.
2. Control is lost
In the cloud, companies are often forced to give up control of data and network availability. This can make staying compliant with regulations a challenge. For example cloud providers use data warehouses located in multiple jurisdictions, often transferring data across servers globally. While a company would be compliant in one location, it could be non-compliant when that data is transferred to a different location — and worst of all, the company may have no idea that it even happened.
3. High-level security threats loom
Higher levels of security attract sophisticated hackers. While a data thief may not be interested in your company’s information by itself, a large collection of data is a prime target. Advanced Persistent Threat (APT) attacks by highly skilled criminals continue to increase — putting your data at increased risk.
4. Hidden costs can hurt
Nobody can dispute the up-front cost savings provided by the cloud. But moving from one cloud to another can be expensive. Plus, one cloud is often not enough because of congestion and outages. More cloud providers equals more cost. Also, regulatory compliance again becomes a challenge since you can never outsource the risk to a third party. That leaves the burden of conducting vendor due diligence in a company’s hands.
5. Data security is actually your responsibility
Yes, security in the cloud is often more sophisticated than what a company can provide on its own. However, many organizations fail to realize that it’s their responsibility to secure their data before sending it to the cloud. In fact, cloud providers often won’t ensure the security of the data in their clouds and, legally, most jurisdictions hold the data owner accountable for security.
Risk managers can’t just take cloud computing at face value. Yes, it’s a great alternative for cost, speed and security, but hidden fees and unexpected threats can make utilization much riskier than anticipated.
Managing the risks requires a deeper understanding of the technology, careful due diligence and constant vigilance — and ACE can help guide an organization through the process.
To learn more about how to manage cloud risks, read the ACE whitepaper: Cloud Computing: Is Your Company Weighing Both Benefits and Risks?