How secure is your pharmacy software network? Are you compliant?

Transaction Data Systems About The Author

Sep 26, 2014 10:50:00 AM


What if you lost your billfold?  That is one of those things we would call a “bad deal.”  Now what if you lost the billfold of everybody who had a prescription filled at your store in the past year?  Talk about a really “bad deal!”

I don’t mean to scare you (actually, I do!) but have you given any thought to the fact that the information you have  on your pharmacy software regarding your patients is far more valuable to cyber crooks than a whole database full of credit card numbers?  Just think for a minute about the information that would be needed to create an entire “person.”  Yes, you have it all don’t you?  From social security numbers and insurance numbers to preference of child resistant containers.  With the information you have, the crooks don’t need credit card numbers; they can get their own credit cards!  And talk about HIPAA violations - with the expansive medical histories you have, well, you flat could not afford the penaltiesPharmacist’s Letter® reports the average cost to resolve a single case of medical identity theft is $20,600.


According to an August report in Reuters, the FBI recently warned that it had “observed malicious actors targeting healthcare related systems, perhaps for the purpose of obtaining Protected Healthcare Information (PHI) and/or Personally Identifiable Information (PII).”  That warning may have come too late for the chain of hospitals that was recently hacked and had the names, Social Security numbers, physical addresses, birth dates and phone numbers of 4.5 million patients stolen!

 So what is the point to all of this?  It’s obvious:  you have a “gold mine” of data in your store and likely give very little thought, or put little effort, into protecting it.  Protecting it doesn’t just mean keeping other people’s “mitts off of it,”  - it also means protecting it from loss.  So what do you do about it?

Offsite backup

Notice I didn’t just say backup.  Multiple backups in the pharmacy don’t do much good after a tornado, flood or fire.  I recommend a HIPAA compliant online backup service, but at the very least, create backups that you regularly remove from the pharmacy and then keep them secure.

Network security

Make sure you have a PCI and HIPAA compliant level of security on your network, and make sure it stays that way.  The first step in is a managed firewall, but it also includes password protecting your data and the programs that access that data, and limiting your employees’ access to the information they need to do their work.

Internet security

Net security includes not only anti-virus and anti-spyware, but intrusion prevention as well.  Your internet security should also include limiting your employees’ access to the internet. You can’t get “infected” from a bad web site if you don’t go there!  You also need to keep your anti-virus definitions up to date, and have real time protection activated.

If you don’t have the knowledge or the time to handle these risks yourself, there are services available to help you with any and all of them. Contact your pharmacy software or pharmacy pos vendor first to see if they have services to provide or firms they recommend to keep your safe and secure.  It’s also a good idea to make sure you have data compromise coverage included in your liability insurance policy.

 Your patients trust you with their information. Be vigorous in your efforts to protect the data you store. Identity theft is a terrible thing to experience.

 I want to know more!