OIG finds lack of opioid prescribing oversight at IHS hospitals
The Indian Health Service needs to improve oversight of opioid prescribing and dispensing practices at its hospitals, as well as consider centralizing the agency’s information technology operations.
That’s the conclusion of an audit by the Department of Health and Human Services’ Office of Inspector General.
IHS, an agency of HHS, provides comprehensive federal health services to about 2.6 million American Indians and Alaska Natives.
Auditors found that IHS hospitals did not always follow the Indian Health Manual when prescribing and dispensing opioids, and that these medical facilities did not fully use state-run prescription drug monitoring programs to flag suspicious prescribing activities.
“Specifically, through our patient record review, we found that hospitals did not always review the course of patient treatment and causes of pain within required timeframes, perform the required urine drug screenings within recommended time intervals, review patient health records before filling a prescription from a non-IHS provider, and maintain pain management documents to support that provider responsibilities had been performed,” according to OIG.
OIG also found fault with IHS’s decentralized IT management structure, which auditors said led to vulnerabilities and weaknesses in implementing security controls at its hospitals.
“IHS’s controls were not effective at preventing or detecting our penetration test cyberattacks,” states the report. “In addition, the hospitals implemented IT security controls to protect health information and patient safety differently. Inconsistencies in the delivery of cybersecurity services can lead to the same vulnerability being remediated at one hospital but being exploited at another hospital that did not remediate the vulnerability. As a result, IHS hospital operations and delivery of patient care could have been significantly affected.”
To address these problems, OIG recommended that IHS work with hospitals to ensure they follow the Indian Health Manual when prescribing and dispensing opioids.
Specifically, auditors called on the agency to take the following actions:
- Develop policies and procedures to review the EHRs of patients with opioid prescriptions from non-IHS providers and document the results of the review in the EHR, particularly for those patients who had previously violated their chronic opioid therapy (COT) agreements.
- Ensure opioid dispensing data are complete, accurate and submitted in a timely manner to the state PDMP for use by providers and pharmacists.
- Track all opioids prescribed at the hospital in the patient EHRs, including those being filled at an outside pharmacy.
OIG also recommended that IHS consider centralizing its IT systems, services and functions by conducting a cost-benefit analysis of adopting a cloud computing policy.
IHS concurred with all of OIG’s recommendations and said auditor feedback will be used to improve the agency’s overall management control systems.