Several years ago, I received a letter from my doctor’s office. My physician’s home had been broken into and her work laptop was stolen - her unencrypted laptop. Potentially containing personal information about her patients. Of course they made all of the obligatory conciliations, like credit monitoring and such. But there was no undoing the damage that was already done. Even years ago, I knew that she’d made a big mistake and been far too carefree with how she treated private patient information.
As a pharmacy, you have access to large amounts of personal, potentially sensitive, information about your patients. And you have a responsibility to protect it. And physical theft is probably the least of your worries as most data thefts today happen in the virtual world. So what do you need to do? Well, the list is pretty long, but here are a few things that can get you started.
Anti-Virus: Every system in your pharmacy network needs to be running anti-virus/anti-malware software. This helps to protect you from malicious software that can do all kinds of unpleasant things. Talk with your technology providers to see what they might be able to install and manage for you and make sure that there won’t be any conflicts with any third party services you utilize. Also, if you think you can get away with using the free services, think again. There’s usually usage agreements that prevent those free applications from being utilized for businesses.
Firewall: A firewall is a software solution or a hardware device that prevents incoming communication from unknown sources, but still allows outbound communication. Any Windows based system has a basic software firewall already in place, but a hardware firewall is also a necessity. Firewalls come in a range of levels. PCI requirements dictate you need a firewall geared specifically towards small businesses. If you’re not familiar with firewall technology, we recommend engaging the services of a local technician who can help to evaluate your needs and set up your network securely. Again, make sure you also talk with your pharmacy service providers to make sure you don’t shut down any necessary communications.
Updated systems: One of the most common vulnerabilities that many businesses have is utilizing outdated operating systems. Make sure you’re allowing Windows updates to occur on a regular basis so that hackers can’t exploit vulnerabilities in your operating system. You also need to make sure that you are on a currently supported version of your OS. Some merchants still operate using Windows XP, which hasn’t received support or updates from Microsoft since April of 2014, meaning that any vulnerabilities discovered stay open and unresolved, leaving your pharmacy open to attack.
Passwords: This is one of the easiest security necessities to understand, but one of the hardest to enforce. In today's world, strong passwords are so important to the security of your pharmacy. The easiest way to handle this is by using biometric fingerprint readers for login access. I recommend you read this article about biometrics and password policies.
Training: If you don’t make time to train your pharmacy staff on policies and procedures, you may as well not even have them. Document all of your policies and make sure that your staff can easily access that documentation. Make sure they know who to go to if they have any questions.
Pharmacy data security is a much bigger topic than just this short blog article discusses, so I encourage you to download our free E-Book on Pharmacy POS security for more detailed information. Remember that a data breach is more than just a breach of compliance. It’s risking the confidence that your customers and patients have in your pharmacy.