It’s not enough to just make sure your pharmacy’s computer system and electronic health information are secure. You need to be sure that all the data you transmit is secure, too.
The U.S. Department of Health and Human Services (HHS) includes transmission security as part of its technical safeguard standards, a set of guidelines designed to help businesses, such as independent community pharmacies, comply with the Health Insurance Portability and Accountability Act (HIPAA).
Transmission security measures ensure that electronic protected health information transmitted over an electronic communications network is secure.
The best transmission security measures will protect against unauthorized access to the data being transmitted, but the methods you need to implement depend on how your pharmacy transmits electronic protected health information.
There are two implementation specifications regarding transmission security: integrity controls and encryption. Both are addressable, and may or may not be appropriate for your pharmacy. Here’s what you need to know.
Integrity controls
Integrity controls for electronic transmission ensure that electronic protected health information can’t be improperly modified during transmission.
The most common measures for protecting the integrity of transmitted electronic health information are the use of network communications protocols and data or message authentication codes.
You should consider integrity controls for transmission security if a risk analysis of your pharmacy, which identifies threats to your system, shows possible scenarios for the unauthorized modification of electronic protected health information during transmission.
Encryption
Encryption converts an original message of regular text into encoded or unreadable text, which is then decrypted back to the original message once received. To properly implement encryption practices in your pharmacy, you should consider how, and how often, you transmit electronic protected health information.
And, if you find encryption is necessary for your pharmacy, also consider the receiver of your transmitted data. There are several types of encryption technology available, but for the measure to work properly, both the sender and the recipient must use compatible technology.
Don’t forget to look back at your risk analysis. It could quickly point you to encryption best practices for your pharmacy.
Take a look at the electronic transmissions taking place to and from your pharmacy. Once you have identified internal and external risks, talk to your pharmacy software vendor about what transmission security measures you need in place in your pharmacy.
Follow our series!
Stay up-to-date with our series on electronic security. Each installment discusses a different aspect of electronic security for pharmacies.
Pharmacy Electronic Security Part 1: Audit Controls
Pharmacy Electronic Security Part 2: Integrity
Pharmacy Electronic Security Part 3: Person Authentication
Pharmacy Electronic Security Part 4: Transmission Security
