You and your staff access your pharmacy’s computer system every day. Do you have policies and procedures in place to make sure the electronic protected health information your pharmacy stores is protected?
If you don’t, you need to. The U.S. Department of Health and Human Services (HHS) requires person authentication as part of its technical safeguard standards, a set of guidelines designed to help businesses, such as independent community pharmacies, comply with the Health Insurance Portability and Accountability Act (HIPAA).
Person authentication involves verifying the identities of those accessing your electronic protected health information.
Here’s how to implement the person authentication safeguard in your pharmacy.
Implement procedures
Your written policies and procedures need to include person authentication. That way, you have a system to verify the identity of those accessing your protected data. HHS suggests methods such as fingerprint scanning, a personal identification number (PIN), a telephone callback or token system, or a password system.
Generally, passwords and callback or token systems are considered the least secure, and biometrics or PINs are considered the most secure. When writing your policies and procedures, consider which system will be able to protect your pharmacy from potential security breaches, but will still provide convenient usability.
Follow through
After your policies and procedures are set, you must adhere to them in your day-to-day practice. This means no password sharing and never using your own password to log someone else onto your system.
In a typical independent community pharmacy, it’s rare than an unauthorized person would need to access your electronic protected health information. But you should still be ready to verify their identity in the times when they do.
When allowing someone new, such as a computer repairman, access to your system, don’t take shortcuts. Make sure you verify their identity and document their activity so that your pharmacy is protected in the event of a breach.
HHS guidelines give you freedom to select the safeguards that work best for your pharmacy, but it’s important to make sure that your system is compliant to protect your pharmacy against audit fines and litigation.
Follow our series!
Stay up-to-date with our series on electronic security. Each installment discusses a different aspect of electronic security for pharmacies.
Pharmacy Electronic Security Part 1: Audit Controls
Pharmacy Electronic Security Part 2: Integrity
Pharmacy Electronic Security Part 3: Person Authentication
Pharmacy Electronic Security Part 4: Transmission Security
