Are you sure your pharmacy is HIPAA Compliant?

Recently, HIPAA has made its way back into the news with new court rulings on regulations and enforcement. I was asked to write an article for the February issue of NCPA’s America’s Pharmacist explaining the impact of the rulings on the pharmacy industry. If you are an NCPA member, be sure to read Thin Ice Ahead: Four Rulings That Increase Your HIPAA Liability. If you aren’t a member, notify us via email at to request a PDF copy.

As a sidebar to the article, I wrote a HIPAA Readiness Survey, asking nine questions about your understanding of HIPAA and the strength of your HIPAA compliance program. In this HIPAA Readiness blog series I elaborate on one question a week to discuss how each impacts your pharmacy.

So, let’s get started.

#1—Computer Viruses and Malware


Has a computer virus or malware program ever appeared on any computer that houses or has access to protected health information (PHI) entrusted to your pharmacy? That could be very, very bad. Hackers can slip spyware programs onto your computer and steal or destroy patient information. You must do all you can to keep that from happening. HIPAA requires that you put in place practices, policies and procedures, and security measures to ensure the confidentiality, integrity and availability of electronic PHI.

The best solution would be to keep PHI only on computers or devices that are not connected to the internet, but that is impossible in today’s environment. At a minimum, use the very best anti-virus and anti-malware software available. Malicious software, or malware, can slow down your computer or network access, damage your hardware, deliver viruses, and steal information. It can be spread by opening e-mail attachments, visiting unreliable websites, using infected USB flash drives, CDs, or DVDs, playing infected media files, or even by using programs from unscrupulous sources that claim to provide protection from malware while actually infecting or spying on your computer. anti-malware is not meant to be a replacement for anti-virus software; it is essential to have both.

Choose a well-reviewed anti-virus/anti-malware solution that prevents all types of malware infections, automatically scans any downloads and automatically delivers updates for its anti-virus database at least once a day (preferably every few hours), and includes good malware removal capabilities. Since few pharmacies have an IT department, make sure the product you choose has stellar customer service.

A good program, when configured properly, has the ability to send an alert if an attempt was made to infect your computer. It will tell you what action it took to prevent the download or to remove or quarantine the file. Pharmacy employees should report any alerts to your designated Security Officer who can then make sure that no breach took place.

Remember, you’re not paranoid if they really are out to get you—and they are.

For more information about HIPAA and other pharmacy compliance solutions for your pharmacy, call PRS at 1-800-338-3688 and speak with one of the Specialists. Please visit the Blog for additional posts on compliance issues and what you need to know as a pharmacy owner.