REVIEWSecond quarter 2012

In this issue:

A word from Bill McDonough .....................2

News shorts .....................................................3

Risk solutions: managing cyber breaches, opioid abuse, confidentiality ........5

Claim news ..................................................... 23

Insurance and financial news ...................... 24

This edition of the REVIEW is a refreshed version of our quarterly newsletter. You’ll notice that it is now a more robust magazine, to reflect the new, broader range of topics we’ll cover on these pages and a renewed enthusiasm for offering solutions that, in turn, provide peace of mind for you.

Sure, we’ll still keep you in the know about how MMIC is growing, provide a heads-up about new coverage and service offerings, and share financial highlights. In addition, we’ll focus on the medical risks, trends and issues you face every day and provide tips, tools and strategies to help you address these issues in your organization.

If you’re a health care professional, hospital or clinic administrator, a risk manager, long term care provider or one of the many other leaders in health care, the REVIEW is the resource for you. Be sure to see what our new Chief Medical Officer, who also works in the trenches as an ER doc, shares in her column. She knows firsthand the challenges that health care professionals face. Learn from our experienced Risk Management team, who will share case studies of folks just like you who are managing risks daily at their organizations. You can take what they’ve learned and apply it to your own risk management efforts.

In upcoming issues, we’ll provide news about cyber liability challenges and solutions, tips for electronic health record implementation, white papers that address of-the-moment medical topics, and updates about HIPAA compliance, to name just a few features. In short, we’ll cover topics pertinent to you, so that we can grow stronger and better together. Our goal, as always, is to partner with you to continually improve the delivery of good medicine. We hope these pages support your efforts in small but effective ways.

Please let me know what you’d like to see in future issues of this magazine. We want to tailor our content to be meaningful and useful for you, our valued client, so that it is a go-to resource for you.

You can reach me at Bill.McDonough@MMICGroup.com. You can also send questions and comments to our general mailbox at communications@MMICGroup.com.

Yours in health,

Bill McDonoughPresident and CEOMMIC

Dear reader,

2

McDonough elected to PIAA Board...

MMIC’s President and CEO was recently elected to the Physicians Insurance Association of America’s board of directors. Bill McDonough has served on PIAA committees and has been actively involved with the organization for many years. Bill is in his fourth year as chief executive of cer and president of MMIC. During his three-year board term, McDonough will be a member of the regulatory affairs committee and be the board liaison to the dental and marketing sections of the PIAA. Niles Cole, chief nancial of cer and senior vice president at MMIC, is currently the technology, human resources and nance section chair for the PIAA.

...and named a leader in health care

Bill McDonough was named one of the “100 In uential Healthcare Leaders” in Minnesota by the editors at Minnesota Physician Publishing. This list, published every four years for the past two decades, will appear in the August 2012 edition of Minnesota Physician and the September edition of Minnesota Health Care News.

MMIC is “Associate of the Year”

The Minnesota Hospital Association named MMIC its 2011 Associate of the Year in May. As Peggy Wagner, vice president of Risk Management, accepted the award on behalf of MMIC, she highlighted the importance of our mutually bene cial partnership with MHA, one that helps improve patient care for all Minnesotans. The MHA bestowed the honor to MMIC due to its “insurance and information solutions that help physicians, clinics and hospitals minimize risk associated with health care delivery.” Included in their remarks, the MHA declared that throughout the years, “MMIC has been a strong supporter of MHA in a variety of areas, including supporting and disseminating MHA’s full disclosure policy” entitled Communicating Outcomes to Patients. MMIC has provided nancial support for several MHA conferences and is a strategic partner and supporter of the Minnesota Alliance for Patient Safety. For a complete list of 2011 award winners, visit www.mnhospitals.org.

Go green

Did you know that MMIC clients have the option of receiving policy forms, certi cates, and other important documents online instead of by paper mail? Going paperless has several advantages. You will:

• Receive policy information on the same day it is produced

• Have safe, secure access to your documents anytime, from anywhere

• Minimize paper management and clutter

• Have the option of printing the documents

• Contribute to a greener environment

Sign up for this convenient service now by talking to your agent or MMIC account executive or by visiting MyAccount on MMICGroup.com. Once you sign up, you will receive an email whenever there are new forms or policies ready for you online, and a link directly to your documents.

Still getting all “A”s

For the twentieth year in a row, the A.M. Best rating agency has reaf rmed MMIC’s “A” rating. This re ects our stability, dependability and strength over the years. We’re a mission-driven company that’s in it for the long haul!

News shorts

3

Risk Solutions

4

It doesn’t take much digging to uncover examples of huge losses that can make even the most seasoned risk manager cringe. Consider these recent cases:

Failing to provide patient access to medical records results in $4.3 million ne.1

Hospital employee accesses an employee’s medical record, resulting in an Of ce for Civil Rights investigation.2

Investigations by the Of ce for Civil Rights (OCR), large nes, resolution agreements and corrective action plans are all realities that face health care organizations.

Consider the privacy challenges and decisions the staff in your organization face every day. Are they prepared and equipped with the tools they need to handle and release medical information? Rushed staff, temporary workers, unclear policies and new technology can all lead to mistakes that can put your organization at risk.

Before looking at what you can do to protect your organization, a brief summary of the existing rules and their enforcement is in order.

Guidelines for handling medical information

The Health Information Portability and Accountability Act (HIPAA) provides a baseline of federal protection for health information. Many states have laws that add additional layers of protection and complexity.

Basic review. Under HIPAA, health care entities cannot release protected patient information without a patient authorization except in limited circumstances. HIPAA also outlines the rights patients have, as well as the duties of covered organizations to protect the information.

Patients have rights that include:

• The right to expect that their information will be kept confidential

• The right to see their medical records

• The right to request corrections

• The right to know how their information is used and when it is released

Health care organizations have a responsibility to:

• Assign a designated privacy officer. Identify a person to receive patient and staff concerns about privacy issues within the health care organization. Depending on the size and complexity of the organization, the privacy officer might have additional duties in areas such as health information management, risk management, quality or administration.

• Conduct workforce training. The organization’s workforce is broader than employees; it can include volunteers, students or physician staff. Training should occur as soon as possible after a new person is added to the workforce, and ongoing as necessary.

• Develop policies and procedures. The organization should develop policies around maintaining protecting patients’ health information. The policies should address managing the information, releasing the information, reporting, and investigating potential violations. The health care organization should have policies that describe how patients access their records, what is required for a valid authorization and patient rights. Finally, the organization should have a policy that describes the sanctions to workforce members who violate the organization’s policies.

1 http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cignetcmp.html2 http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/allcases.html#case8

Minimize your ongoing privacy risks

(continued)

5

The HITECH rules

In 2009, the Health Information Technology for Economic and Clinical Health Act (HITECH), part of the American Recovery and Reinvestment Act, modi ed HIPAA by adding breach noti cation requirements, imposing additional penalties and adding restrictions on releasing patient information. It also provided for state attorneys general enforcement.3

Investigation, oversight and enforcement

The Of ce for Civil Rights (OCR), part of the Department of Health and Human Services, administers and enforces the HIPAA privacy rules. In 2011, the agency resolved more than 8,000 complaints, as shown in Chart 1 below.

More than half (53%) of the complaints were resolved without an investigation, typically because the incident described in the complaint did not violate the rules, or occurred or was reported outside speci ed time limits. Of those complaints that were investigated, more than two-thirds (67%) received corrective action. The top issues identi ed were:

1. Impermissible use and disclosure of protected health information (PHI)

2. Lack of safeguards to protect PHI

3. Lack of patient access to PHI

4. Failure to follow requirements to provide “minimum necessary information” (for example, when leaving telephone messages or faxing patient information)5

3 To date, certain portions of HITECH are not yet nalized, but are expected in 2012, including: whether the harm threshold will continue to be part of the breach analysis; ability to access reports; whether “treatment, payment and health care operations” disclosures will be included in accounting of disclosures; and the de nition of “minimum necessary.”

4Accessed at www.hhs.gov/ocr/privacy/hipaa/enforcement/data/historicalnumbers.html, June 2012. 5Accessed at www.hhs.gov/ocr/privacy/hipaa/enforcement/data/top5issues.html, June 2012.

53%

4,472

Resolved without investigation

Investigated – no violation

Investigated – corrective action obtained

2,595

1,303

31%

16%

Total OCR complaints in 2011 (8,370)

6

Chart 1. Enforcement Results.4

Taking care with patient information

MMIC risk managers are frequently asked for advice about handling and releasing patient information, especially when there are unique circumstances that raise a red ag.

When evaluating the privacy risks in your organization:

Take a holistic view. First, review your organization’s privacy policies and procedures and verify that they:

• Are updated with current practices

• Reflect changes required under HITECH

• Incorporate meaningful use requirements, if appropriate

• Reflect how your staff manages requests for information. Determine what is working and opportunities for improvement.

Look for weak spots. Evaluate your system and processes to identify privacy vulnerabilities. Providing ongoing education and nurturing a culture of sensitivity to patient privacy can reduce the risk of a privacy incident.

Train your workforce. Training is essential if you want to prevent private information from being released inadvertently. Anyone who is involved in releasing patient medical information must understand and follow your policies and practices.

Assign a point person. Designate someone in your organization to answer privacy-related questions and provide his or her contact information to those with complaints or concerns.

Decide about messages. Develop a policy consistent with the rules about what information is appropriate to leave on answering machines or with a patient’s family members. Ask your patients about their contact preferences.

Distribute your Notice of Privacy Practices. This document informs patients of how their information is used. It should describe when and how information could be released without speci c authorization, such as for payment purposes. Review your Notice of Privacy Practices and ensure that it matches current practices in your organization.

Zip it. Remind staff that patients expect their health information to be kept con dential. This includes the expectation that staff refrain from casual conversations about patients or sharing information with neighbors or family members about patients under your care.

(continued)

7

Keep it covered. Exercise caution when scanning documents or faxing information, and verify the intended recipient.

Allow access. Patients have a right to access their health information. Health care organizations are required to provide it at the patient’s request. What is your process for accepting requests for information and delivering it to the patient? Ensure your policy incorporates state law when appropriate.

Gather the facts. Develop an incident response team to investigate potential privacy incidents. Include team members from several departments who will work collaboratively. Depending on the size of your organization and the details of the situation, members could include the privacy and security of cer and representatives from risk management, legal, information technology, human resources, public relations and medical staff.

• Gather the team when notified of an incident• Determine individual roles and expectations• Set a timeframe for resolution • Consider working with corporate counsel• Investigate the incident and incorporate federal

and state law• Plan internal communications

Learn how to drive on the information highway. Electronic medical records can increase the complexity of managing patient privacy. Most users have only a basic understanding of how the electronic information they use is saved, stored and moved between different systems. Keeping health information that is sensitive or that requires authorization to release separately from the rest of the medical record is no longer as simple as putting the information behind a separate tab in the patient’s le. For help with managing or releasing patient health records, contact your MMIC risk management consultant or refer to the resources on this page.

Resources

8

Access the Office for Civil Rights (OCR) HIPAA Privacy and Security Audit Protocol at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html

Access the Office of the National Coordinator for Health Information Technology (ONC) Guide to Privacy and Security of Health Information at healthit.gov/sites/default/ les/pdf/privacy/privacy-and-security-guide.pdf

Office for Civil Rights (OCR) informationTry www.hhs.gov/ocr/privacy/index.html or www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/resolution_agreement_and_cap.pdf

For enforcement highlights go towww.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/index.html

Cinda Velasco, R.N., J.D.

Cinda Velasco is the attorney in risk management at MMIC. She has 12 years of experience as an attorney working in risk management. Cinda is a member of the Minnesota State and Hennepin County Bar Associations and the American Health Lawyers Association. She is a frequent lecturer to physicians, hospitals and other health care organizations about risk management issues and the new risks associated with emerging technology. Contact Cinda at Cinda.Velasco@MMICGroup.com.

9

We protect your peace of mind. And we do it in

lots of ways for physicians, facilities and hospitals.

Whatever your situation, we’ve been there, and will be

there. We’ve gotten good at it. Excellent, actually, with

a proven success rate. It’s a peace of mind movement.

And we’d love to have you along.

Join the Peace of Mind Movement at

PeaceofMindMovement.com,

or contact your independent agent or broker.

Protecting confidentiality in an electronic age

10

For many people in health care today, the moment “technology” is thrown into the conversation, a glazed look appears, born from a lack of comprehension or interest in technical concepts. My mission is to deliberately shift this stance to help build a stronger vision for con dentiality in health care organizations for both technical and non-technical minds as we navigate through the electronic age. Let’s start by travelling back in time to ancient Greece.

Con dentiality is a time-tested foundation of patient trust. The ancient physicians of Greece understood the importance of trust as far back as the fourth century B.C., when they incorporated the concept of privacy into the Hippocratic Oath. They took the idea a step further by providing a vision of how they would create con dentiality. They would simply keep information secret. In its widely used modern version, the oath continues to provide testament to the importance of con dentiality through its declaration of privacy.

Only in the last several decades has the ability to maintain con dentiality become increasingly complex, with the advent of electronic methods of communication. As we know, ancient physicians didn’t have computers, electronic health records, email, Internet, or social media; nor did they have the supporting workforce we have today. Today, con dentiality can no longer be the responsibility of the physician alone, and simply keeping information secret is not enough. By embracing the ancients’ wisdom and following in their footsteps, we can continue to fortify the foundation of patient trust by modernizing con dentiality and our vision of how to achieve it through security compliance.

Compliance, like any other strategy, starts with an end goal in mind. So let’s build the vision.

Envision a work culture where security is empowered by the organization, embraced within the culture of the workforce, and supported and strengthened by technology — all in an effort to reach the unwavering end goal of respecting the privacy of our patients “for their problems are not disclosed to us that the world may know.”

To achieve this vision, we must approach security as a sociotechnical system. Sociotechnical philosophy was introduced in the 1950s as machines were introduced in the workplace. This approach recognized that outcomes depend on the success of each component involved, not just the technology. Components of security include regulation, organization, policies, procedures, processes, technology and people. Technology alone is only one of the links in the chain of security, and in fact only a fraction of the total equation.

Bruce Schneier, Chief Security Of cer at British Telecomm, said it best: “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” This is not to excuse anyone from doing due diligence regarding technology. Still, the security chain is only as strong as its weakest link, which further highlights the importance of every component of the security sociotechnical system.

Con dentiality can no longer be the responsibility of the physician alone

“I will respect the privacy of my patients, for their problems are not disclosed to me that the world may know.”

Hippocratic Oath

excerpt from the modern version

(continued)

11

An effective security program, like any other compliance program, must be built from a solid base. Regulations at the base shape the organizational policies. Policies and supporting technology direct the procedures, process, and human behavior. Organizations must support compliance through ongoing iterations of training, monitoring, enforcement, and remediation of the components.

It becomes our legal responsibility to safeguard a variety of our patients’ information, whether clinical or financial in nature, and we must understand our requirements. Today, I urge everyone in health care to start strengthening security by looking at it in a new light. Security is simply confidentiality redefined in the electronic age. Embrace security in your organization, and promote security as part of your culture of confidentiality.

And remember to keep sight of the very basic foundation of patient trust passed down through the ages:“I will respect the privacy of my patients, for their problems are not disclosed to me that the world may know.”

Security is simply con dentiality rede ned in the electronic age

Trish Lugtu is enjoying her twelfth year at MMIC and is passionate about helping organizations navigate the swiftly changing health care landscape. Trish provides strategic health IT consulting for hospitals, clinics, and facilities throughout the Midwest. Trish’s areas of expertise include security, IT strategy and data and Internet strategies. She holds a Bachelor of Science degree in Biology from the University of Minnesota, an AAS in Visual Communications, and is certi ed in HIPAA privacy and security (CHP/CHSS), health information management systems (CPHIMS), and computer programming. Contact Trish at Trish.Lugtu@MMICGroup.com.

12

HIPAA Help LineEmail HIPAAHelp@MMICGroup.com or call 952-838-6706 for answers to all your HIPAA questions.

HIPAA security Watch our on-demand webinar Developing HIPAA Security Compliance in the risk management section at MMICGroup.com, My Account section.

Check your HIPAA health

Health care organizations are subject to a variety of federal and state regulations due to the protected health information they handle and store. Regulatory authorities perform audits to ensure compliance and enforce penalties, with nes ranging from $25,000 to $1.5 million for cases of “willful neglect.” To avoid nes, enlist our help to ensure your organization is HIPAA-compliant. Risk consultants offer HIPAA security services, including:

• Baseline compliance assessment

• Security risk analysis

• Breach risk of harm assessment

• Risk remediation consulting

• Audit preparation and planning

• Workforce security training

As an MMIC policyholder, your rst two hours of service are complimentary! For more information or to schedule an assessment, contact Trish Lugtu at 952-838-6844 or email Trish.Lugtu@MMICGroup.com.

Resources

Guard against data breacheswithCyber Solutions®

You may already know that your MMIC professional liability insurance includes Cyber Solutions cyber liability coverage.6 There’s a reason we include this coverage for you, and you’ve seen proof of it in the news every day – a stolen laptop, misplaced back-up tapes, Internet hackers gaining access to patient information.

The costs associated with a privacy breach can be signi cant, and so can the damage to your reputation. That’s why we include Cyber Solutions for eligible policyholders.6

There’s even more you can do to secure your dataassets. Let us help you...

Lower your risk

As a Cyber Solutions policyholder, you have unlimited access to online data security risk management services, including:

• Online compliance materials

• Quarterly newsletters and instant alerts

• Expert online support

• Step-by-step procedures to lower risk

• Training modules

• Guidance for handling data breaches

Use these resources to help you gauge your risk, how well you are currently managing it, and ways to do even better. MMIC policyholders can gain access to this website by signing in to My Account at the top right hand corner of the home page, then clicking on Cyber Solutions. The link to the cyber risk website appears under the heading “Risk Management website.”

(continued)

13

6 Eligible policyholders include:

• Independently owned and operated physician practices with medical professional liability deductibles less than $250,000

• Hospitals with revenues of less than $250 million and medical professional liability deductibles less than $250,000.

Pending approval, we will extend Cyber Solutions coverage to additional health care facilities, including long-term care facilities. See page 24 for details.

MMIC Health IT is pleased to welcome a number of new clients to our HIT service family. In addition, many clients have broadened the HIT support they count on from us, adding managed IT services, network support, implementation assistance, EHR consulting, HIPAA security consulting and website development. We’re delighted to partner with you to reduce your IT risks and help you make smarter use of your organization’s information.

• Allina Integrated Medical Network• Arthritis and Rheumatology Consultants• Centrasota Oral and Maxillofacial Surgeons• Colon and Rectal Surgery Associates• McCannel Eye Clinic• Northfield Hospital and Clinics• Northwest Anesthesia• St. Cloud Medical Group• Thayer County Health Services• Yankton Medical Clinic

Welcome, new Health IT clients!

Take advantage of additional coverage

Just by carrying an MMIC policy, eligible policyholders gain $100,000 in coverage at no additional cost. But you may want to think about additional coverage. Consider:

• Data breaches in health care organizations are on the rise. The frequency of data breaches among organizations in a Poneman study7 increased 32 percent from the previous year.

• A full 96 percent of all health care providers say they have had at least one data breach in the last two years. Most of these were due to employee mistakes and sloppiness — 49 percent of respondents in this study cite lost or stolen computing devices and 41 percent note unintentional employee action. Another cause is third-party error, including errors by business associates, according to 46 percent of participants.

• Widespread use of mobile devices is putting patient data at risk. Eighty-one percent of health care organizations report that they use mobile devices to collect, store and/or transmit some form of PHI. However, 49 percent of participants admit their organizations do nothing to protect these devices.

• The average economic impact of a data breach increased more than 9 percent between 2010 and 2011– from $2,060,174 to $2,247,700.

To ensure that you have enough coverage for your organization and its speci c risk exposures, we offer the option to purchase up to $10 million of additional Cyber Solutions coverage. Read more about additional limits and the details of coverage for hospitals and physicians at MMICGroup.com/medical-professional-liability-insurance/cyber-solutions. Then talk to your agent or drop us a note at CyberSolutions@MMICGroup.com for an assessment of your need for additional coverage.

7Ponemon Institute Annual Study – Ponemon.org

14

MMIC is streamlining risk management services to meet the needs of clients and expand our educational reach. Following is a summary of changes.

Website enhancements and more on-demand webinars

A new risk management portal on the MMIC website launched in June. It is more user-friendly, has interactive elements and allows clients direct access to information and educational opportunities that were previously accessible only through a risk consultant. This includes on-demand webinars that our customers may access at their convenience.

We are also moving to on-demand webinars for more of the educational offerings that we previously presented as roundtables or at client sites. In the past, we delivered programs to live audiences, which required that many customers travel and take time away from work to participate. Those events are now available as live webinars at least once a month, which enables customers to participate in up to 12 educational opportunities a year, versus the one or two previously offered. Following the live sessions, we will post the webinars on the website. This will allow customers to share educational opportunities with their entire staff, rather than having just one or two people attend a seminar. This will get critical information on current topics to front-line staff much more efficiently and effectively.

Risk matters

(continued)15

Targeting customers

Because organizations of any size can access the increased volume of information on the website, we will now target larger organizations for our on-site efforts. One activity we are encouraging for all hospitals and large clinic practices is regular on-site risk assessments. Clients can gear these assessments toward focused specialty areas, high-risk environments or organization-wide assessments. Our goal is to gather information from all customer sites to provide benchmarking. Our newly developed assessment tools will include a severity rating and provide a risk score for customers to help them compare themselves to other like entities and demonstrate improvement over time.

Subscriptions and publications

Previously, MMIC covered ECRI subscription costs for all hospital and surgery center customers. However, our data show that many clients did not use the subscription. In order to be better stewards of resources, we will limit

ECRI subscriptions to customers who demonstrate consistent usage. We will also move to an online-only subscription format and discontinue paper versions beginning with 2012 renewals.

We have integrated two of our risk management publications, Perspectives and Safetylutions, into the Review, the MMIC quarterly magazine you are currently reading, which we send via U.S. mail and post online. In the next year, we will begin sending these publications electronically, so be sure we have your correct email address so you don’t miss valuable risk management updates. Send your updated contact information, feedback and suggestions about risk management topics and services to me at Peggy.Wagner@MMICGroup.com.

Peggy Wagner, RN, MBA. Peggy held a number of leadership positions in the health care industry before becoming MMIC’s vice president of Risk Management. Her experiences include enterprise risk management for a large integrated health care system with accountabilities for hospital, clinic, home care and transitional care settings. Her roles include clinical nursing, quality improvement consultant, and regulatory and compliance liaison in addition to risk management. Peggy received her bachelor’s degree from Mid-America Nazarene University in Olathe, Kansas and her MBA from St. Thomas University in St. Paul, Minnesota. She is certif ied as an Associate in Risk Management and an Associate in Claims through the Insurance Institute of America, and as a Certif ied Professional in Health Care Risk Management through American Hospital Association.

16

When I recently left my full-time emergency medicine practice to join MMIC, the questions came swiftly and many were incredulous. You’re leaving your practice to do WHAT? What’s a medical professional liability company? Who is MMIC? The company that insures me? Why would you do that? What will you do? Can you really make a difference? Won’t you miss patient care? Are you burned out?

What do I tell these well-meaning colleagues and friends? First of all, yes. I do miss my patients and co-workers. Second, I didn’t leave my practice because I was burned out, but I have experienced burnout. Third, it’s possible for me to make a difference in how MMIC supports its clients, in a variety of ways.

Now I’m “on the inside” of the medical liability world at MMIC. It was a big decision for me to leave full-time clinical medicine (although I will maintain a part-time practice) and jump into a whole new type of work.

My background is in emergency medicine. I began working as a nursing assistant at age 14. Now that I’ve been in the trenches for 40 years, I am ready to affect care on a systems level, where I will deliver programs to serve our insured providers, clinics, and hospitals. These programs, in turn, will help the patients for whom we all care, and that is the compounded benefit of this job change for me.

As Chief Medical Officer, I will extend our mission to be a resource and trusted partner to you, our insured clients, in helping to manage the risk inherent in health care delivery. My initial efforts will be to:

• Offer a new approach to supporting physicians and patients involved in adverse events

• Leverage the power of predictive analytics from MMIC’s rapidly growing data warehouse, in order to fine tune our risk management efforts

• Create educational programs for health care professionals based on trends in claim data

A regular column by Laurie Drill-Mellum, MD, MPH, Chief Medical Of cer at MMIC

From thefront lines

(continued)

17

As Chief Medical Officer, I will extend our mission to be a resource and trusted partner to you, our insured clients, in helping to manage the risk inherent in health care delivery.

• Offer physician education in communication and team building, which will impact care positively

• Partner and consult with clinic and hospital staff to improve efficiency, risk, and safety programs

Last, but certainly not least, I am committed to exploring ways that we can support physicians in their quest for balance in their lives. I realize firsthand how great the stresses are that we clinicians deal with day-to-day. Burnout is something most of us struggle with during our careers, and we need to be better at acknowledging it and learning better ways to address it. MMIC is committed to participating in this effort, starting with a physician wellness program called HEALTM, currently in development. This program will support providers and patients, as well as their families, who are impacted by adverse health care events. This is just one MMIC effort aimed at supporting providers’ mental, physical and spiritual health.

Laurie Drill-Mellum is MMIC’s first Chief Medical Officer. She is a Board-certif ied emergency medicine physician, a current Bush Medical Fellow and recently completed a fellowship in Integrative Medicine at the University of Arizona. She attended the University of Minnesota Medical School, where she also obtained a Master’s in Public Health. She is a graduate of the Emergency Medicine Residency Program at Hennepin County Medical Center in Minneapolis. Drill-Mellum has practiced emergency medicine at Ridgeview Medical Center in Waconia, Minnesota since 1991. During her tenure, she held roles as both Chief of the Medical Staff as well as Medical Director of the Emergency Department. She is also a Comprehensive Advanced Life Support Instructor. Drill-Mellum is a Fellow of the American College of Emergency Physicians and a member of the American College of Emergency Physicians, the Minnesota Medical Association, the Twin Cities Medical Society, the American Medical Association, and the American and Minnesota Holistic Physician Associations. You may contact Dr. Drill-Mellum at Laurie.Drill-Mellum@MMICGroup.com.

18

“Welcome to Jerkville!” That’s how speaker J. Bryan Sexton, PhD, Duke University Health System, characterizes medical residents – and anyone else, pointedly – who’s gone for 35 hours without sleep. It’s nothing personal, he explains. It’s purely the biology of sleep deprivation, well supported by research. “After 24 hours, you act drunk, after 30, you’re stupid, after 35, you’re a jerk.”

Sexton was in Minneapolis in June to lead a physician wellness symposium focused on helping medical professionals build resilience and deal with symptoms of burnout.

MMIC co-sponsored the event, which we viewed as an excellent way to support our physician members and help them learn ways to deal effectively with the occupational challenges they face. Protecting and enhancing their own resilience has obvious benefits for both them and their patients. (The startling impact of sleep deprivation on clinical performance was just one of several research examples Sexton shared.)

Using an engaging blend of science and strategies during the half-day symposium, Sexton guided attendees through exercises focused on self-awareness and explored multiple techniques for self-care, fatigue management, and “practicing safe stress.”

“Your resilience will only be reliably protected and enhanced by what you do,” he explained, noting that today’s emphasis on quality improvement in

health care has perils for those who must do the improving. “Health care has become over-reliant on threatening caregivers to get them to do more,” he stated. Forcing too much change on people at one time takes them out of their flow and can be very stress-inducing.

In a final segment, Sexton coached attendees on how to deal with difficult colleagues. He observed that “no one acts aggressively from a position of strength” and encouraged a subtler appreciation of the role of confrontation. “The reason to confront is to get closer,” he said. “Don’t confront to sting. Confront to improve a relationship or situation.”

Later that evening, many participants saw that more muscular kind of confrontation in action at a Guthrie Theater performance of a play by William Thomas, M.D., commissioned by HealthPartners Institute for Medical Education with program support by MMIC. Entitled “Play What’s Not There” (a reference to musician Miles Davis), the play explored the impact of choices on the careers, families and dreams of a group of physicians when a new resident is hired who questions the status quo.

As one of the actors expressedto the audience of medical professionals in a lively post-performance discussion, “Your work has reverberations way beyond the exam room.”

Physician wellness workshop helps docs prevent burnout

Lynn Welch is a senior communications consultant at MMIC. Contact her at Lynn.Welch@MMICGroup.com.

19

Lessons learned from malpractice claim files

20

Case study: abuse of narcotic pain meds leads to claim

The allegation. Inappropriate prescribing of narcotic pain medication, failure to refer to a specialist and failure to monitor narcotic use leading to addiction.

The risk management focus. Chronic pain management and prescription pain medication abuse.

The facts of the case. A 30-year-old female with a history of two previous back injuries presented to the emergency department (ED) complaining of a reinjured back. The ED physician ordered an MRI that revealed an L5-S1 moderate disc herniation with bilateral foraminal stenosis. Because she continued to complain of severe pain after several doses of IV Dilaudid, the ED physician ordered an orthopedic consultation. The orthopedist admitted her to the hospital for further pain control and evaluation.

After evaluation, the orthopedist felt that she was not a surgical candidate due to a lack of lower extremity symptoms, and he ordered an epidural steroid injection and prescribed oral pain medication.

Following discharge, the patient returned to the care of her family physician (FP). The FP referred her for physical therapy and prescribed oral narcotic pain medication. Over the next year, the patient was examined numerous times for other reasons as well as continued complaints of back pain. The FP continued to prescribe narcotic pain medication.

After one year of treatment, the FP noted in her medical record that she had become addicted to the pain medications she was taking for back pain. The FP documented his discussion with the patient regarding her addiction and a written narcotic treatment agreement was completed and signed by the patient. In the following months, the patient did not follow the agreement, but the FP continued to refill her pain medication. Eventually the FP referred her to an inpatient drug treatment program. Following discharge from the treatment facility, the patient had numerous suicidal ideations and was hospitalized for each incident. She continued to receive pain medication refills from her FP. Several months later, the patient’s parents found her

in full cardiac arrest; she was transported to the ED and successfully resuscitated. The ED physician noted her respiratory and cardiac arrest were secondary to a narcotic overdose.

The patient filed a malpractice claim against the FP, alleging inappropriate prescribing of narcotic pain medication, failure to monitor narcotic use leading to addiction, failure to refer to a back specialist, and failure to timely refer to a drug treatment program. She claimed an inability to work due to brain damage caused by the cardiac arrest.

Disposition of the case

The case was settled for $400,000 against the physician. The physician was disciplined by his state medical licensing board for violating the standards of practice for appropriate pain management.

Patient safety and risk management perspective

The experts who reviewed this case were unsupportive of the care provided by the FP. They cited the continued prescribing and refilling of narcotics prescriptions in spite of inappropriate use and breach of the narcotic treatment agreement. They were also critical of the FP for failing to refer the patient to a back specialist and a drug treatment program.

The FP testified that he thought the patient was being truthful about her pain and narcotic use and that he was only trying to help her. The patient testified she was fired from her job in a hospital for stealing narcotic medications. She also testified that she was exaggerating her symptoms to continue to receive pain medication and admitted to using a family member’s narcotic medications.

Lessons learned and how to apply them

Physicians frequently find themselves in a difficult situation when trying to help a patient with chronic pain. Drug-seeking patients are not always easy to spot. They come from all walks of life and all socio-economic groups. The majority of patients in your practice will not be seeking drugs; they are seeking relief from pain. Physicians are under pressure to treat the legitimate pain management needs of patients while, at the same time, preventing misuse and diversion.

(continued)

21

According to the Centers for Disease Control and Prevention (CDC), overdoses of prescription painkillers have more than tripled in the past 20 years. The CDC recommends that physicians:

• Follow evidence-based guidelines for prescribing, including screening and monitoring for substance abuse and mental health issues

• Prescribe painkillers only when other treatments have not been effective for pain

• Prescribe only the quantity of painkillers needed based on the expected duration of pain

• Use patient-provider agreements combined with urine drug tests for people using prescription painkillers long term

• Talk with patients about safely using, storing and disposing of prescription painkillers

• Use your state’s prescription drug monitoring program (PDMP) to identify patients who are improperly using prescription painkillers. Most states have PDMPs, which are electronic databases that track all prescriptions for painkillers in the state. See the list below.

Many state medical licensing boards have approved standards for pain management. If you choose to prescribe narcotics to treat chronic or acute pain, become familiar with your state’s guidance and incorporate this into your practice. Physicians who

are sanctioned for prescribing narcotics frequently fail to document adequately the necessity for ongoing narcotic treatment.

When documenting in the medical record, include:

• A thorough medical exam and history and physical

• The nature and intensity of the pain• Current and past treatments• Any underlying or coexisting diseases• The medical indication for the use of narcotics• The treatment plan with objectives• Follow-up care and any changes in treatment along

with the rationale• The narcotic prescription including date, dosage,

quantity and refills• Referrals to specialists

Contact your MMIC risk management consultant for assistance in evaluating your medication management processes, policies and procedures, or write to communications@MMICGroup.com.

References and resources appear on page 27.

State Prescription Drug Monitoring Programs

The Alliance of States with Prescription Drug Monitoring Programs provides a forum for information sharing on prescription monitoring programs (PDMPs) among state and federal agencies seeking to curtail drug diversion and abuse while ensuring patient care. Visit pmpalliance.org

See a map of states that have active Prescription Drug Monitoring Programs at pmpalliance.org/pdf/pmpstatusmap2012.pdf

In the Midwest:

Illinois Prescription Monitoring Program – ilpmp.org/

Iowa Prescription Monitoring Program – www.state.ia.us/ibpe/pmp/pmp_info.html

Kansas Tracking and Reporting of Controlled Substances – www.hidinc.com/kansaspmp/

Minnesota Prescription Drug Monitoring Program – pmp.pharmacy.state.mn.us/

North Dakota Prescription Drug Monitoring Program – nodakpharmacy.com/PDMP-index.asp

South Dakota Prescription Drug Monitoring Program – hidinc.com/sdpmp

Lori J. Atkinson is a senior risk manager at MMIC. She holds RN, BSN and CPHRM designations. Contact her at Lori.Atkinson@MMICGroup.com.

22

Claim divisionupdates

A note from Tim Smith, vice president, Claim

Since I joined the MMIC team a year ago, my goal has been to continually improve the services we provide for you, whether it is submitting claims or handling the stress of litigation with our litigation support program. Below are our latest efforts to make it easy to work with us. Let me know how we’re doing at Timothy.Smith@MMICGroup.com.

New survey garners feedback

The Claim department now sends a survey to clients who use its services to gauge how well the department and defense attorneys are meeting client needs. We want to know what’s working for you and use your feedback about what’s not working to improve our service for you – and for all of our clients. Our goal is great service. Should you use our claim services, we’ll send you a survey so you can tell us how well we’re meeting that goal.

If you are in need of your loss history report for credentialing purposes or for your records, contactLauri Jedlicki in Claim at Lauri.Jedlicki@MMICGroup.com or 952-838-6718. When emailing your request, please provide written permission for Lauri to release the information.

We are simplifying our claim reporting process.

To submit a claim, simply send an email to claim.mail@MMICGroup.com. We encourage use of this central mailbox for the quickest possible service. If you send claims directly to an MMIC staff person, they may not be immediately available to serve you.

As a reminder, we need the following information to process a claim:

• Name of insured • Policy number • Involved physician or health care professional

• Phone number and/or email address • Name, address, phone number and date

of birth of the involved patient • Date of event • Date notified of the event • Copies of any claim correspondence or

suit papers• Copies of the patient record with any report

of a potential claim, claim or suit

Thank you for helping us to serve you better!

Tim Smith has nearly 25 years of experience in the legal and insurance industries. Before joining MMIC, Tim held positions as Vice President of Claims at COPIC Insurance Company and at CNA HealthPro, was Regional Vice president for the Caronia Corporation and Senior Vice President of Claims for both the Kemper Insurance Companies and the Reciprocal Group of Companies. Prior to working in the insurance industry, Tim practiced law in California and Illinois in the areas of medical malpractice, products and general liability and has managed claims in all 50 states. Tim received his Bachelor of Science degree in Commerce from DePaul University in Chicago and his Juris Doctor from the McGeorge School of Law in California.

It’s easier than ever to report a claim

23

This section of the Review highlights trends, issues and news in medical professional liability coverage and provides updates regarding MMIC’s nancial status.

New filings to reduce minimum premiums and expand Cyber Solutions®

MMIC has led to change the minimum premium for all hospitals, health care facilities and long-term care clients to $5,000. Previously, the minimum premium was $10,000-$15,000 for hospitals and varied by classi cation for all other health care facilities and long-term care.

We have also led to extend our Cyber Solutions products to eligible health care facilities and long term care clients at no additional cost. Previously, Cyber Solutions applied to hospitals and physicians only. Eligibility includes health care facilities (including long-term care) with revenues less than $250 million and medical professional liability deductibles less than $250,000.

The anticipated effective date for these enhancements is 8/1/2012, pending approval from state departments of insurance.

MMIC reports outstanding investment income returns

How is MMIC able to maintain a high rate in investment income returns – and a rate in 2011 that was greater than the composite yield of Physician’s Insurance Association members?

Niles Cole, MMIC’s senior vice president and chief financial officer, has the answers. According to Cole, “A heavier, yet safe, well-diversified portfolio in revenue-backed municipal bonds is what helped MMIC achieve pre- and after-tax yields greater than the overall PIAA composite yield.”

Further, taking advantage of redeployed capital helped MMIC obtain a 1.31% pre-tax and a 1.47% after-tax investment yield advantage over the calculated PIAA yield in 2011. Said Cole, “The advantage is derived from PIAA’s heavier weighting into U.S. Treasuries compared to MMIC, which results in safer, but lower-yielding returns. Achieving this higher yield gives MMIC the ability to write business at a higher combined ratio (lower policy rates) because MMIC is able to cover higher losses with the higher investment yield.” Conversely, insurers with a lower investment yield may need to offset lost investment income with higher policy rates.

Insurance and financial news

24

Niles Cole, senior vice president and CFO, has more than 29 years of experience in the insurance industry with 22 of those years specifically devoted to medical professional liability. Before he joined MMIC in 1996, Niles was Vice President, Controller of Physicians Insurance, a Mutual Company in Seattle, Washington. Niles is an alum of Minnesota State University, Moorhead, where he earned degrees in finance and accounting. He is a board chair of the PIAA Technology, Finance and Human Resource Section and a founding member of the Oasis Customer Group.

MMIC by the numbers

MMIC ranks as the 13th leading writer of physician medical professional liability in the nation and the 17th carrier of medical professional liability insurance overall (up from 19th in 2010, based on direct written premium).

MMIC market share increased from 21% in 2010 to 23% in 2011, and continues to be the number one ranked carrier in its eight-state territory.

The top 10 carriers in MMIC’s eight-state territory were unchanged from 2010 to 2011. Market share for each company remained unchanged with the exception of MMIC.

After-tax investment yield rankings

Company Name 2011 2010 2009 2008 2007 Company Name 2011 2010 2009 2008 2007

After-Tax Yield = (Taxable Income/Two-Year Average of Total Bonds & Cash) * .65 + (Tax-Exempt Income/Two-Year Average of Total Bonds & Cash) * .9475; ranked by 2011 data

Source: Prime Advisors, Inc.

25

... once you get there, dinner and lodging are on us!

Please join us for a special event filled with education, networking and fun where you’ll get:

• News, trends and issues around health care risk, including cyber liability and emerging claim trends• Ways to minimize these risks while maximizing performance and patient satisfaction • A chance to meet with fellow health care leaders

It’s bound to be a groovy time!

Each event begins at 11 a.m. with a welcome, networking and lunch8. Educational sessions run from 1 to 5 p.m., and complimentary social hour, dinner and networking follow. Complimentary lodging is available for people traveling to the event. Choose from the following sessions:

August 16 .................................Sheraton Suites, Country Club Plaza.............. Kansas City, MO

September 13 ..........................Holiday Inn at Jordan Creek..............................West Des Moines, IA

September 27 and 28 ............Maddens Resort .................................................... Brainerd, MN9

October 4 ................................Dubuque Hotel and Conference Center .......Dubuque, IA (Tristate IPA partner) Best Western Plus

October 11 ..............................Embassy Suites ......................................................Downtown Lincoln, NE

For more information and to register, go to PeaceofMindMovement.com/events or contact Shelby Halferty at 888-397-3034 Shelby.Halferty@MMICGroup.com or Pat Hatfield at 800-328-5532 Pat.Hatfield@MMICGroup.com

8Agendas may vary slightly for each event. 9 The Minnesota event features golf and boating September 27 with the educational session at 8:30 a.m. September 28.

Hop on the bus to an MMIC client seminar …

26

Resources and references for case study on page 21:

• CDC’s National Center for Injury Prevention and Control Prevention of Prescription Pain Killer Overdose – cdc.gov/injury/about/focus-rx.html

• CDC Prescription Pain Killer Overdoses in the US – cdc.gov/vitalsigns/PainkillerOverdoses/index.html

• National Alliance for Model State Drug Laws – map of states with active Prescription Drug Monitoring Programs www.namsdl.org/documents/PMPProgramStatusMay19th.pdf

• American Academy of Pain Medicine – painmed.org/

• American Pain Society: Clinical Practice Guidelines – ampainsoc.org/library/cp_guidelines.htm

• American Psychological Association – apa.org

• American Society of Addiction Medicine – asam.org

• American Society for Pain Management Nursing – aspmn.org

• American Academy of Pain Management – aapainmanage.org/

• PainEDU – Improving Pain Treatment through Education – painedu.org/

• Federation of State Medical Boards, Resources for pain management – fsmb.org/cme/pain-resources.html#trt

Responsible Opioid Prescribing: A Clinician’s Guide – fsmb.org/cme/ Offers clinicians effective strategies for reducing the risk of addiction, abuse and diversion of opioids they prescribe for patients in pain. The expanded Clinician’s Guide translates best-practice guidelines from leading pain medicine societies and the Federation of State Medical Boards into pragmatic steps for risk reduction and improved patient care, including:

• Patient evaluation, including risk assessment

• Treatment plans that incorporate functional goals

• Informed consent and prescribing agreements

• Periodic review and monitoring of patients

• Referral and patient management

• Effective documentation

• Compliance with state and federal law

• Patient education on safe use, storage and disposal of opioid medication

• Termination strategies for chronic opioid therapy

About MMIC

MMIC provides professional liability insurance and health information technology services to physicians, clinics, hospitals and other health care facilities and systems, primarily in Minnesota, Iowa, Nebraska, Kansas, Missouri, North Dakota, South Dakota and Wisconsin.

Founded in 1980, MMIC currently insures more than 14,700 physicians and 430 hospitals and health care facilities. In July A.M. Best Company af rmed MMIC’s “A” rating for the twentieth consecutive year, demonstrating MMIC’s stability and consistency.

7701 France Avenue South, Suite 500Minneapolis, MN 55435–5288800–328–5532

27

Articles in the Review are designed to provide accurate and authoritative information about the subject matter covered and are not legal advice. This information is provided to MMIC policyholders with the understanding that MMIC is not engaged in rendering legal services. For speci c legal advice, contact a quali ed attorney.

The Review is printed four times a year by the communications department at MMIC. You can access the Review online at MMICGroup.com. Comments? Email communications@MMICGroup.com

Copyright 2012 MMIC. All rights reserved.

We protect your peace of mind. It’s what we do for

medical professionals. We know your work challenges

are unique. And so are we.

Sure, we provide medical liability insurance. But we’re

also focused on your personal wellness. We want you to feel

as groovy as possible, because if you’re at your best, you’ll

deliver your best. It’s a Peace of Mind movement, and we’d

love for you to join us.

Contact your independent agent or broker or check out

PeaceofMindMovement.com to see what MMIC can do for you.

Be protected, stay cool.