As security concerns about electronic health records and patient information increase, independent community pharmacists must ask themselves, “What am I doing to protect my patients’ information? And what am I doing to protect my pharmacy?”
The stakes for protecting patient data are higher now than ever, as electronic health records (EHR) become more prevalent and audits to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) become more frequent.
To protect your patients and your business, here are some basic technical safeguards that you need to have in place in your pharmacy’s software system.
1. Unique usernames for each employee
Assign each employee who has access to your electronic files and records a unique username. This way, you can track user activity for each employee instead of guessing who was logged on to the system at what time. Create a system for assigning these unique usernames and manage how much access you give each employee.
2. Set procedures for emergency access
You never know when normal access to your pharmacy’s database might be cut off, such as during a storm or power outage. Set a system in case of an emergency ahead of time to determine who will need access to the information and how they will get it. Consider setting up remote access tools, or backing up data on an encrypted flash drive.
3. Automatic logoff
Although you should train your employees to log off your system after each use, setting up automatic logoff will be helpful for instances when you or your employees are suddenly called away from the workstation or simply forget to log off. With automatic logoff backing you up, unauthorized users won’t have access to your system after you walk away.
4. Encryption and decryption
Encryption can help to make sure that unauthorized users can’t access or view your records. It works by converting regular text into encoded text. In order to decrypt the code and view the regular text, the user needs to have the key to the code. Once your files are encrypted, it’s unlikely that an unauthorized user would have the key to decrypt them, rendering your files useless for fraud.
Security standards
If you want to protect your pharmacy from any sort of data breach, these safeguards need to be in place in your pharmacy. If you need even more incentive, they’re required under the Access Control standard of HIPAA and it could hurt your pharmacy during an audit if you don’t have them set up.
Keep in mind these safeguards are just the minimum. You can always find additional ways to secure your data. For example, you should make sure your pharmacy’s software system vendor is reputable and dedicated to keeping your system secure, or you could use anti-virus programs to ensure an even more secure system.
