What Differentiates Imprivata’s Diversion Surveillance Software from the Others

Our Guest: Russ Nix, Manager of Drug Diversion Monitoring, Imprivata

Imprivata is one of the diversion surveillance software products on the market and they provide something none of the other vendors do as part of their service. In this podcast we discuss what that is and how it works. He also shares what is on the horizon for the product. For those facilities that have an alternate software product and would like an analyst to monitor for you, book a discovery call with Rxpert Solutions to see how we can assist you.

Transcript:


Terri
Welcome, everybody, to diversion insights. Today. We have Russ Nix. He is the manager of drug diversion monitoring for Imprivada. Russ has a background in law enforcement and a lot of experience surrounding drug diversion. In fact, roughly two years ago, I think it was now Russ and I did three podcasts together. We cover interviewing policies and procedures, compliance, risk assessments, as well as the burgeoning diversion software products. So I encourage you to go back and listen to those, because Russ is full of information. Now, if we forward a couple years, russ has joined the team of Imprivada, which is what we are going to discuss today. So welcome back, Russ. It’s good to have you back. 


Russ
Thank you. Thanks for having me. 


Terri
Give us an overview of your background for those who aren’t familiar with you, for the three people that aren’t familiar with you and how you ended up with Imprivada. 


Russ
Sure. So I do come from a law enforcement background. So for about ten years I worked in law enforcement. The vast majority of that I was working undercover narcotics. So for about eight years I worked undercover for the state of Georgia and during that time was kind of at the precipice, so to speak, of the opioid crisis in the early two thousand s. And I spent that time kind of gathering a recognition of the opioid crisis issue, the accountability that wasn’t really existing in health care as far as where were headed with drug diversion and prescribing and all of these different things. So after about ten years in law enforcement, I transitioned into healthcare drug investigations and started to build out drug diversion programs in healthcare. 


Russ
And after doing that, I helped build a couple of those programs in some pretty large healthcare organizations, started doing some consulting. And while I was doing consulting, I was looking for a place with a footprint in the industry that would give me a little bit more of a platform to really continue to make a difference as far as the drug diversion, prevention, mitigation, and detection industry kind of needed to be there. And that’s when I found Imprivada and saw an opportunity to join that team. And that’s kind of how all that evolved. 


Terri
Okay. All right, great. So let’s talk about Imprivada. There are a handful of software surveillance products out there. What would you say sets Imprivada apart? Why should a facility consider purchasing this product? 


Russ
Sure, that’s a great question. You’re right. There are some out there I’m familiar with. Pretty much all of them coming from Natty and Ihsda and working in the industry, all the same names come across your desk every day. I think what kind of sets Imprivada apart is twofold. One is really that Imprivada isn’t just a diversion platform or just a privacy platform. Imprivada really kind of recognizes there’s a complexity in technology, and the more it integrates with healthcare, the more needs there are. So Imprivada kind of has more of this digital identity that reaches across all levels of access, whether it’s a physical access to your facility or it’s the access of that information. And look to basically enable, control and monitor those accesses. So Imprivada provides a lot more in one organization and meets more needs than just that particular specific piece. 


Russ
But for my investment, for the drug diversion piece, what really sets Imprivada apart is the managed services. So with the technology that you get through the Fair Warning product, which is what Imprivada provides, that platform that does the detection piece, you get analyst who monitors and reviews the information for the customer. So if you come in as a customer who has a robust program, or you have one that’s not very mature, you’re getting analyst that is looking at your information daily and providing feedback on if this indicates drug diversion, if it indicates sloppy practices. And this team is built out of experts in the field. So right now we have a team of about twelve individuals, and all of them come with roughly ten to 20 years of experience in either pharmacy, in the healthcare system, nursing, law enforcement, regulatory compliance. 


Russ
And that’s the eyes you have on your daily information, is someone who already knows what they’re looking for. They can use the technology and then give you basically the groundwork already laid out to finish out the investigation and find out what has happened. So I think that what you’re looking at here, and I know coming from the customer side, I remember looking at technologies and thinking, who’s going to be the user on this? Who’s going to be the one who works in this platform and takes that information across to the investigative piece? And for us, we provide that. We give you analyst who goes through, looks through the alerts, and then comes back to you with these are the ones that need to be investigated and these are the ones that basically aligned with your policies and your workflows and are good to go. So I think that’s what really sets Imprivata apart. 


Terri
Okay, all right, I would agree. And so I’d like to dig into that piece a little bit. How exactly does it work? What does the analyst provide? What does the facility still have to do on top of that, with other products, they have their scores and they tell you, okay, this is the one you should go look at. Does the customer still see that with the Fair Warning? Or do they rely on the analyst to say, this is the one that you should look at? Let’s start with that kind of high level identification. 


Russ
Sure. So the customer does still have visibility, and they also do have some steps that when we kind of look at this customer versus Imprivada agreement, it is definitely a framework that we work as a team with the point of contact with the customer. They do have, obviously, visibility into the application into the platform, so they’re able to see the alerts and the things that we’re reviewing as well. The biggest difference is our analyst, our team, will get all of those alerts, and then they will basically whittle it down. They look for those needles in the haystack, and then they take those alerts and start a dialogue with the POC, the point of contact. So let me kind of back up and give you an idea of how that dialogue is established. 


Russ
When we do foundation building, or we start with a customer, we sit down prior to go live, and we go through all of their workflows, all of their policies, and we really get to customize how we look at things based on what they feel is a vulnerability, what they feel is a concern for them. And so each one of our customers has their own guide that is specific to them. But we also align industry best practices on top of that. So it’s kind of a layered approach. Out of that, we have a dialogue with those alerts. Our analyst looks through those alerts and comes back and says, based on our conversations and our ongoing dialogue, these are the ones we’re concerned with. And then that becomes kind of a conversation between the point of contact and our analysts. 


Russ
And they say, okay, let’s dig a little deeper into these, and let’s look at these and say, okay, these align with our workflow. We’re going to say, These make sense. Let’s pull those off. And then that analyst takes that information back and continues to make an even better and smarter process. Digs deeper, and then comes back and says, these are the pieces that we really need to look at. And then we provide an investigative memo that breaks down why we think this alert is not good or why these pieces don’t add up. And this is where we would say, what’s your next piece? We’ve given you all of the groundwork, all the basework done for the investigation. Now we just need you to take it and go back internally and finish it out. 


Terri
Okay, so those people that are essentially flagged, I just want to make sure I’m understanding it right. The people that are flagged in the software, the analyst and the POC have that conversation, let’s look at this a little bit more, or I think this one is fine, which then the analyst takes back to make it smarter, right, so they don’t have to rehab those conversations of, nah, not worried. And then the analyst gives them some information on the ones that the POC says, yeah, I want more information on this. So then the analyst does dig a little bit deeper and gives them more information. But then the POC has to is it a final product that the analyst gives them that POC can then take to whatever committees or whatever their structure is? Or does the POC need to dig. 


Russ
Further and get you know, when you look at this investigative memo, it is definitely something that could be presented as part of a file for, say, regulatory agencies, or even for your own internal diversion, council, steering council, whatever you want to call it. But I think the one piece that we aren’t doing for the POC, but what we’re basically leading up to is when you get this memo, you should be ready for your interview process. At that point, you should be ready to have a conversation with that user based on the information that we’ve provided. Because at that point you now have here’s why it doesn’t add up. Here’s why there’s still question and then they should be able to take that and do that internal interview process or that administrative process that’s left. So there’s a good bit. 


Russ
Like I said, it’s basically and the dialogue gets shorter each time as the customer relationship grows, because obviously our analysts are already well versed in these processes, and all they really have left to do is continue to customize it to that particular facility organization. So as we have those conversations with the customer over each investigation, we’re able to say, okay, this is a piece of their workflow that matches, so we know we don’t have to worry about that particular piece. But this one is something they’re very concerned with. It matches trends in their area. It is something that we’ve already flagged, that we want to make sure we watch more. 


Russ
So when we hand off that memo, whenever we hand off that information, that point of contact can look at that and basically that plus a short conversation with our analyst, be ready to go internal with it and say, let’s get that last piece. 


Terri
Okay, all right, so your analyst essentially does all of that digging if it gets them up to the point of being ready for the interview. And then obviously, if there’s lingering questions, let me check and see what this looks like that they haven’t thought about. So are those investigative memos, do they include the data from the software screenshots EHR? Are your analysts getting into the EHR and kind of matching things, or is it all coming from what the software is gathering, which I know takes in. 


Russ
Know information, obviously, sure, so we do parse in from different data sources, obviously from the ADC and then from the EMR and stuff. But what the investigative memo eventually does is it does have some screenshots in it. It does have different pieces of that. It’s a template that we also have basically paragraphs that not only show a visual of the data, but it also gives you a well written out. This is why. And this is the part of the investigation that the analyst has already done. This is where they tried to reconcile or they tried to resolve the issue by looking at the data and here is why it didn’t resolve. Here is why it didn’t line up with they’re not so exhaustive that no one’s going to read them. 


Russ
They’re concise and to the point, but they have all of the relevant information in them. 


Terri
Okay, that makes sense. So what would happen in the case of the software didn’t necessarily flag somebody because we know that we find people other ways. Right? And so there was a concern about someone and I don’t know, let’s just say a missing med. It’s the first time it’s ever happened. I want to take a look and see. Is there anything else concerning? Would I as a client have access to all of the information to literally go in and completely look myself? Or am I dependent on the analyst to have that conversation and say, hey, can you look at this user for me? 


Russ
So our customers will typically do what’s called an ad hoc process. And that happens very regularly, where whether it’s a verbal tip that they’ve been given through inside the facility or we just have some concerns, or there’s a behavioral issue, whatever it is, and then they will reach out and say, we want to look at this particular user. Maybe that particular user hasn’t flagged or they were flagged and dismissed at some point. But they will do an ad hoc process in which our analysts will then do a deeper dive into that user, go back and provide basically the same type of investigative memo, the same type of follow up on the information on that user based on the request that was given to us by the customer. 


Terri
Okay, what if I, as the client, just wanted to spend a couple of minutes looking? Do I have what I need available to me to just look myself or do I need to go through the analyst? 


Russ
Absolutely. So there is access allowed. Obviously most of our customers prefer to have that analyst’s eye on it and just say, hey, we’ve had a couple of exceptions to the rule throughout the customer history that kind of want to be in there and ask questions. But the vast majority say, hey, if I have somebody who’s already sitting in that platform, in that application and they’re already looking at our data, why not just give the name to them and see what comes out? 


Terri
Right? Yeah, well I could see it happening if I just sometimes I don’t want to wait. I just want to know now, should I be concerned or not? Let me just do a little tickler and see what I got going on. So the client could, if they wanted to, as they obviously they have to become familiar with how the software works. I mean if they’re never in there, then they’re probably not going to know how to interpret and how to navigate. 


Russ
So that is something and we do work through that. So through foundation building, the person who is actually over foundation building for us has been 20 years in pharmacy, drug diversion investigations, and just an absolute subject matter expert in those areas. And that is the person who’s also helping align those policies and those workflows into the application and helping teach the customers what they’re looking at and how to continue to move forward. So the resources are definitely there. I think that as we all do, sometimes the most convenient way is the way we typically go. So that is why we see more of the ad hoc request and it just come back to the analyst. But absolutely, it’s not that difficult to drill through, but I think that most people just pick the easier route. 


Terri
Right? And do you have a feel for what the turnaround time is? I mean, these investigations take a bit of time and you have other clients. I’m going to guess that your analysts have more than one client that they’re serving. 


Russ
We make sure that our analysts don’t have a ton of clients. They continue to keep like a small amount of clients so that they can give customized personal service to each one. But we typically take it depends on the load of that request, whether you’re asking for a small amount over the last week or you’re asking for the last three months, whatever it is, we will take that workload, look at how long it’s going to take and then try to turn it around and give a response. So within the day of the request we will tell you it’s going to take this long. 


Russ
So that day you’ll know what the load is going to look like, what the turnaround is going to look like, because we don’t want there to be any question about, well, they’re not responding, so am I going to get what I need? Because we are also well aware, regulatory agencies, mandatory reporting, all of these different things, they’re putting a sense of urgency on that organization. So we want to make sure our communication stays the same way. We know that you’re under kind of a pressure cooker once you start to see some type of incident coming out. So we turn that around pretty quickly if we can. 


Russ
And obviously we have the ability to shuffle things around and get other resources involved if we need to, if we know that this urgency level is kind of increased because there’s an inspection or something like that coming. But same day you’ll find out how long it’s going to take and then we’ll be able to turn it around in that time just based on it. 


Terri
Yeah. And you mentioned something. So how far back does your analyst typically go if this is not an ad hoc investigation, it’s just part of what they’re finding in the data, what do they look at? 


Russ
The last, our platform continues to keep investigation. So if there’s an alert on a user, we’ll know if that user has been investigated before and that type of thing. So that part of it is based on that. What’s the history of this user? Have they had an investigation before or not? But we do typically try to because of turnaround and making sure that we’re not going to be real time, obviously because it’s coming in on a daily basis. But we want to be as close as we can. So we try to turn that information around as much as we can. When we get an alert, we try to make sure is this something that we can investigate or we need to investigate immediately or is it not? And then we will try to take those as they come in. 


Russ
So if this alert standalone does not reconcile, we will start to do a dig. But we’re going to go ahead and show that to the POC. We’re going to go ahead and send that communication over and say this isn’t reconciling. We need to do more here and see if we can’t go ahead and get that communication going. Because obviously if there’s a way to do it quicker, if there’s a way to get that information back to the customer quicker, that’s what we tend to lean on. So it’s kind know, kind of like that DEA reporting, we’re going to let them know that something’s going on. We’ll get you more information as we continue to do. And so that’s how we do. So it does kind of depend on case by case basis on how far. 


Terri
Yeah. So two questions if they’re going to do a deeper dive, do they go back three months, one month typically? I’m sure it’s different depending on what’s going on, but what is their standard start with? 


Russ
I think each when you start to look at our analyst, I think it kind of depends on their efficiency. I think most of them will probably go back a month. I remember when I was doing it was three months. But I think the reason were looking at a three month window was because at the time when you started doing this in its infancy, three months was kind of where your anomalous usage report started to roll out one to three months. So we’ve shortened that amount of time okay. And try to look at it really quickly. If it needs more, we can go back further. But typically we try to look at as small of a window as possible to see what indicators are there and then move that window out, move that brushstroke out further if it’s needed, if you needed to. 


Terri
Okay, that makes sense. And then you said if things aren’t reconciled so your analysts look at the daily unreconciled which can be a very large load. 


Russ
Sure, absolutely. So we get a lot of alerts and they’re based on enforced policies that we’ve put in place. We do have a lot of technological improvements that continue to come out and roll out that we’re testing. But you’re right, I think that we see a lot of alerts, we see a great deal of those and we have filters in place to take certain pieces that we already know through best practices and standard across the industry that we know. That’s not going to be something we’re concerned about. But at the same time, our Most Intelligent Filter is going to be that analyst. 


Russ
And so they spend all day going through alerts in each of their accounts, which is why we keep their caseload so small and their number of customers so small is so that they have the time to go through each of those alerts for those particular customers on a daily basis and turn those around okay. 


Terri
And follow whatever procedure they’ve come up with, I guess, for follow up. Yeah, I like that. Your most intelligent filter is your analyst. I like that 100% because that is true. Absolutely. Yeah. Okay. Is there anything on the horizon for the fair warning piece of it in Pravada that you guys are working on improvements or changes in the logic? Or improvements to the logic? 


Russ
Absolutely. So I think that there’s the elephant in the room for drug diversion across the board, which is this outcry from the customers that they want full medication lifecycle, reconciliation. They want to be able to reconcile all the medications within the facility across the lifecycle and that’s a heavy lift for any platform. And all the technologies are pursuing that from different angles. And one thing that having the team that we do at Imprivada and knowing we have pharmacists, we have nurses, we have law enforcement, regulatory, looking at how to align that desire for the reconciliation of the medications with what we really need, which is true diversion incidents detected. There’s a hard balance there and technologies, platforms are doing scores and they’re doing anomalous usage and they’re doing all of these different pieces. 


Russ
And right now, we’re working on a project that will tie all of it together, that will give us an ability to drill down on your most vulnerable medications instead of all looking. Let’s take this group that we know is the precipice of the drug diversion risk, and let’s look at those and let’s apply all of those different factors, scores, usage, enforced policies. How are we going to take all of those things and actually combine reconciling that medication throughout its life cycle in the facility with finding the true diversion and the bad users, not just having a plethora of alerts that are all just, hey, none of these are reconciled. Because as you know, when you look at just MedRec, just looking at reconciling that lifecycle, that number of alerts is something that analyst will not be able to lift. 


Russ
And it won’t matter which platform comes up with the best way to try to reconcile them by the dose. Nobody’s going through all of those because that’s going to include sloppy practice and different workflows and how it got handed off. So there’s a lot of things there that it’s better to find a way to bring it all to a center and be able to put all of those things layered in together at the same time. And we’re working on that as we speak and testing it in several of our customers and pilot phases and we have really promising results. So I’m excited to see where that goes. 


Russ
And obviously, as I’m not necessarily objective in this, but when you add on the eyes of a person who’s already done this for 15 or 20 years, you already have a piece that the other ones are missing, which gives you even a higher level of efficiency and a higher level of, I would say, meeting the standard that we really need to be hitting as far as DEA regulations are concerned. And HFDA, having been an investigator and looking at it from a law enforcement perspective, I see the value in you already have a set of eyes that has done this and seen this on top of your technology that to me, gives me a better product. 


Terri
Yeah, absolutely. Okay, that all makes sense. Do your analysts get involved if there is somebody that’s reported out and then say, the Board of Nursing inspector now wants to talk to everybody that was involved with the investigation, do your analysts then, are they available for conversation? 


Russ
They are. So we do respond, obviously, if there’s a subpoena that comes in or an inspection that comes in. I answered the phone at 07:00 in the evening about three or four weeks ago because the DEA was at one of the facilities for our customers and they just had some questions and it was pretty high level. But it’s one of those things that I talked to the analyst for that particular customer and we both decided we can get on the phone and we can try to speak to some of those questions. But we have had some of our customers that have went through inspections or even investigative follow ups and we have a process for being involved in that and being able to respond and provide what we have. 


Terri
Okay, all right, so that makes sense. Okay, so in a large part it sounds that for Imprivada you have your analysts, which essentially is what our expert solutions does for all the other products if they want to hire somebody to do yeah, exactly. And you’re right. I mean, the value there of somebody that knows what they’re looking at and can interpret it’s invaluable. I mean, that is the final filter. 


Russ
It really and Terri, like you were just for you’ve been in this industry for so long and doing the consultant piece, there are things that you’re going to catch and things that you’re going to be able to speak to. The technology just is not going to be able to discover or reveal and some of that can be bad practices and some of that can be actual bad users. But at the end of the day, that experience, when it comes into play, it does tend to give the customer an extra layer of protection. I think the DEA made it pretty clear in some of their language where they take into consideration not only the actions you’ve taken to resolve an issue, but they take into consideration how robust was that effort? Did you just oh, it happened, so we reported it and that was it? 


Russ
Or have you continued to add more and more steps into your effort to not only resolve what happened, but to prevent it from happening in the next time? And if you have technology that’s fantastic. You’ve heard me say it a million times. Technology to me is our human attempt to bridge the gap between what we needed. And ever since the will, we’ve been trying to create technology that makes things easier. Well, now we sit from there in a place where we lean on our technology and we need to re add that human element because we don’t want to let the gap fall back to us. And so when we put that piece back in and we put these managed services experts in play, they are the ones that take it to that next level and are able to speak to. 


Russ
I worked in a facility just like the one that I’m serving now and these are things that I think you could do to prevent to mitigate. I think that, like you said, it becomes necessary now as we all start to pick technologies to invest in healthcare, that we also start to pivot back to, well, where are we investing in our people and who’s looking at this information and giving us a way to make it even more effective? 


Terri
Yeah. Well, yeah, because that human can rule out some of the false accusations right. That absolutely. The software might be telling you it’s like no. And then the other way around the software might well, does it misses things and so there’s different ways to piece things together and to look at them that aren’t necessarily factored in to the software logic. So it’s critical. You’ve got to have somebody that knows what they’re doing and that is looking at it. Yeah. So that’s definitely what sets your company apart. It comes with those people. And that’s nice. Yeah, it does. Okay, fantastic. Anything else you want to add? 


Russ
I will just add to that piece where the analysts and those experts are working in this. We’ve had true diversion incidents that our enforced policies were giving us alerts. But as they would go through the alerts, something that may have slipped through the cracks or may have been one of those things that almost looked normal, some of our analysts will find an opportunity to investigate further just based on the notes that a user has put. Into their waste practice or whatever. Your technology can’t read that note, right? But a human eye can and say that note does not make sense, that note doesn’t check out, or that note has been the same in every single one of their ways. 


Terri
All of their patients vomit so often, right? 


Russ
Exactly. 


Terri
It’s always something or they’re butterfingers, they’re always dropping their dropping. 


Russ
They dropped it, they vomited it. They couldn’t swallow whatever it is. Or the only patient that continues to refuse your medication happens to be this particular patient. With this particular medication, all of your other ones were able to take their medicine. And I think that and we’ve seen a number of true diversion incidents that were discovered just by that extra layer of that analyst being able to put their knowledge and their experience and their expertise into the review of those alerts and say, this doesn’t look right. And then go back to the customer and say, this doesn’t look right because of this. And then that customer is like, I would never have thought to look at that. 


Russ
I have a couple of letters that have told us that the very reason that these customers continue to stay at Imprivada and use that platform is because of the analysts that they have a relationship with and the expertise that analyst is providing. So I think that speaks for yeah, absolutely. 


Terri
Yeah, all good points and definitely yeah, that’s that human factor. The human factor that knows what they’re looking for, knows how to look for it, knows your software, and has the time, right? I mean, that’s their job. They’re dedicated to that. Whereas the point of contact has other things that they’re doing. And so that time resource isn’t always there either. 


Russ
I think that’s one of the biggest vulnerabilities we see in healthcare diversion detection is that those customers, even if they do get the technology in place, that to be the user, the end user that has a responsibility for looking at it is also the manager or director of a pharmacy or they’re somewhere else. And they have 37 of their weekly hours are already accounted for. So they’re getting this handful of time that they have to figure out a way to go back into this application and try to find something or try to review all of this different alerts. And I’ve been there, I’ve done that job, and it is hard to find that kind of time to be able to invest. 


Russ
So when you can get a platform, you can get a technology, but you get someone who literally goes through all of it for you and then provides you the handful of things that you have to follow up on. It’s pretty impressive. 


Terri
Yeah, it is. Because you need a big block of time too, right? It’s like, okay, I have 20 minutes. I’m not going to get started on that. I’ll barely get the application open and get my mind focused. Right. So I need 2 hours at least before I’m going to sit down. Who has 2 hours to devote to that? 


Russ
Absolutely. 


Terri
Yeah. No, that’s great. Okay. I want to thank you for your time. Thank you for sharing, and this is all good information. And thank you for reminding us that we need that human intelligence behind all of these products. That is a must. 


Russ
Absolutely. Thank you for having me. 


Terri
Absolutely. All right. You have a great rest of your week. Russ, it was good seeing you. 


Russ
You too. 

Picture of Terri Vidals
Terri Vidals

Terri has been a pharmacist for over 30 years and is a drug diversion mitigation and monitoring subject matter expert. Her years of experience in various roles within hospital pharmacy have given her real-world insight into risk, compliance, and regulatory requirements, as well as best practices for medication and patient safety.

Subscribe to Drug Diversion Insights with Terri Vidals to learn more about diversion mitigation.

Download White Paper