Best Practices For Managing and Preventing Security Breaches

Written by Dr David Chatterton

Dr David Chatterton, CTO at MedAdvisor would like to share some of our best practices for managing patient information and preventing security breaches within a pharmacy. 

A good starting point is to have a mindset that you are the custodian or guardian of your customer's data. The EU General Data Protection Regulation (GDPR) is considered best practice with eight consumer rights, including:

• The right to be informed: Individuals need to be clearly informed how their information is being collected, how it is being used, how long it will be kept and if it would be shared with third parties.You should have a visible privacy policy that states how you will and will not use their information.
• The right to be forgotten: Individuals may also request organisations to erase their data in certain circumstances, such as when data is no longer necessary, has been unlawfully processed or no longer meets the lawful ground for which it was collected. You should delete information when it is no longer required, reducing the risk and exposure of a breach. 

The Verizon 2017 Data Breach Investigations Report states that 68% of the data breaches in the past 12 months in healthcare we as a result of internal staff. Training your staff to be security aware so that they understand their responsibilities and can detect fake emails, attachments and websites, is often a very cost-effective investment in preventing a security breach. The Stay Smart Online Small Business Guide has some great tips to help you get started. 

Security does not have to impact your workflow and the less impact they have, the more likely staff will observe those processes. Restricting physical access behind the counter will limit access to pharmacy systems, physical prescriptions and other sources of information. Ensuring prescriptions are securely stores and not left lying around and locking a computer when it is left unattended are also common-sense precautions. 

With technology, there are some relatively quick ways to help protect your pharmacy:

• Running Windows 10 with the latest security patches is a great place to start. If you are still running unsupported and insecure operating systems like Windows XP, consumers and the Information Commissioner will not presume you have taken reasonable steps to protect patient data.
• Run up-to-date anti-virus and anti-malware software on all computers.
• If you offer free WIFI to customers, ensure this network is isolated from the network used for your dispense and POS systems.
• Avoid non-work related emails and web browsing on all pharmacy systems.
• Be aware of what third-party software is running on dispense systems and how they manage the security of patient information, including dispense, customer loyalty and professional service vendors. 

All of the above recommendations address examples of actual security issues that have occurred at pharmacies within Australia. 

MedAdvisor understands the importance and needs of our customer, and we would like to offer our expertise in this area should your organisation seek further clarification. We have set up an exclusive email - privacy@medadvisor.com.au and one of our experts will be on hand to answer your enquiries. 

Read our previous post: Prevention is Better Than Cure When it Comes to Data and Breaches