When three-hospital Nebraska Methodist Health System in Omaha set out to enable electronic prescription of controlled substances (EPCS), its clinical informatics team found itself with a huge project management task to ensure compliance with all state and federal regulations and a smooth rollout.
Speaking at the American Nursing Informatics Association 2015 Annual Conference in Philadelphia on April 25, Michele Higgins, PharmD, M.B.A., pharmacy informatics coordinator, and Marie Kozel, M.B.A., R.N.C.-B.C., service executive for clinical informatics, led attendees through their lessons learned.
In 2010 the U.S. Drug Enforcement Administration issued regulations allowing electronically sending prescriptions from prescriber to pharmacy. Each state then had to pass regulations as well. Every state has since done so, except Montana and Missouri. (Apparently Missouri passed and then rescinded such regulations.) New York passed legislation requiring EPCS by this year, but then put it off until next year because many providers signaled they weren’t ready.
Nebraska Methodist was the first organization in its region to go live with EPCS, and Higgins said the project brought together teams that in some cases had never worked together before: clinical IT, Informatics, pharmacy, legal, and a “lean” team. The implementation took approximately eight months, starting with employed clinic providers, then hospital-specific providers, and finishing with non-employed providers in the hospital.
There were several steps to the process, as spelled out in the regulations. Software vendors had to be certified. The prescriptions have to be processed through a third party intermediary. Each provider must be registered and approved. There must be two-factor authentication, and audit reports are required.
Assuming their EHR vendor was going to take care of certification and the format of audit reports, the Nebraska Methodist team focused on provider registration and approval and two-factor authentication.
Nebraska Methodist had to develop a registration process for go-live, and for future on-boarding and off-boarding of providers. Within the approval process, there were three regulations: For “pre-nomination,” they had to identity-proof providers; for nomination, they had to enter the provider in the tools to enable EPCS, and then get final approval. Each step must be done by different set of people. Kozel said just tracking and storing the registration data on hundreds of providers in a place that is secure yet accessible for audits was a challenge.
The factors in two-factor authentication have to be something you are (a fingerprint), something you know (a password) or something you have (a token). A soft token can be an app downloaded on a mobile device that creates a randomly generated number.
Nebraska Methodist found that fingerprint readers worked well. Only two providers out of 400 in its largest hospital had fingerprints that the reader wouldn’t read. There was a small group of provides who were initially wary of giving their fingerprints, they said. Also, the thin-client PCs in use at the hospitals seemed to have trouble with the two-factor process and the organization has stopped installing the hardware/software combination on thin clients.
Another challenge was that the process was difficult to test before go-live in a nonproduction environment, Kozel said. The nonproduction environment is not hooked up to Surescripts or pharmacies, she said, and most of the testers are not prescribers themselves and pharmacies frown on sending narcotics on test patients.
In terms of audits, there is a daily audit report run looked at by a few executives each day. Then, a monthly audit report is sent to all EPCS physicians. If they note any discrepancy, the organization is required to report it to the DEA within one business day.
Yet Kozel said the project is a triple win: patients don’t have to wait in a pharmacy as long and the process is easier for clinicians and other staff members — no more chasing down printed prescriptions. They have recorded a failure rate of less than 1 percent. When they do have issues, they are with second factor authentication failing.
The EPCS usage has grown from 137 last September to 2,470 in March 2015. A great side-benefit, Higgins said, is that the overall e-prescribing rate at Nebraska Methodist, which was sitting at 42 percent last October, has climbed to 81 percent.
In the end, the biggest problem Nebraska Methodist encountered was with the pharmacies in their community, Kozel said. “Despite what we thought, they were not aware we were going to make this change or were not prepared. Many didn’t know federal and state laws had been passed years before and some even accused our organization of taking illegal actions, she said. Higgins and the organization’s chief medical information officer, Steven Zuber, M.D., spent hours talking to state, regional, and national leaders of pharmacy chains to make sure communication was sent down to pharmacies that legislation supports this. “We would resolve it one day, and then a different group of pharmacists would come in to work and we would go through the whole thing again,” she said. “We learned that the more proactive communication to local pharmacies, the better.”