Note: Sample below may appear distorted but all corresponding word document files contain proper formattingExcerpt from Essay:
Pharmacy Information Security
Information Security in Pharmacies
Information security is vital in many firms especially pharmacies and other sensitive fields. Security officers are, therefore, necessary to ensure both physical and logical safety. The Information Security Officer/Manager (ISO) will have different duties such as managing the information security functions in according to the firm's established guidelines and provisions/policies, providing reports to the firm's management at reasonable intervals, establishing and ensuring implementation of information security procedures and standards, according to the state's provisions regarding risk management policies, consulting and recommending to the pharmacy on issues of security enhancement, conducting information security analysis and assessment programs and many others.
Protecting medication, funds and health information
According to statistics, many health firms such as pharmacies and hospitals have adopted the electronic health records (EHR) model to store their information. However, these firms still use physical records such as filing to store their information. In adopting the EHR, pharmacies usually aim at improving the coordination with patients, reducing disparities, improving public health and enhancing privacy of information through secure data protection. Medication, funds and also information have to be protected to encourage quality service deliverance to the firms.
Access to the pharmacy
According to the Joint Commission on Accreditation of Healthcare Organizations (1998), a pharmacy is a designated security sensitive area. This calls for a well established security plan that will cover both the access measures and policies that will control movement within the building. In developing a plan, the information security officer will consider issues like the hours and durations of operation, accountability of access cards, lock combinations and keys, availability of physical security guards, authorized accesses, transportation and release of drugs, reporting in case of losses and replacement of security gadgets.
At the customer entrance, patients will not be allowed in after working hours and the security guards should emphasize on working hours especially if the pharmacy does not work 24 hours. Only licensed pharmacists will access the premises through the entrance after working hours, and not all nurses will be allowed to access after working durations, unless they are certified. Dual loch systems are recommended for the entrance, to assure security during the non-working time. The windows should be grilled and situated strategically to avoid access to the building through the windows. The backdoor is to be used by employees only, and non-employees should be restricted from using the door to ensure information is not discarded and that no materials are carried from the pharmacy through the back door (Joint Commission on Accreditation of Healthcare Organizations, 1998).
Physical Vulnerabilities and Threats
Because of the services provided in the pharmacies, there is a probability that the pharmacy premises and staff will be exposed to intrusion, bearing in mind the locations of the premises. Mostly, the buildings will be located in cities and towns that are vulnerable to crime and violence. There are many reasons that will lead to outsiders intruding into pharmacy buildings. In most cases, the intruders have malicious motives when accessing the pharmacy and this necessitates the need to adopt and implement physical security measures. Some of the examples of physical vulnerability and threats include; manual operations of equipments within the building. In such cases, when the movements are unavoidable such as the pulling and pushing of items using trolleys, thus steps ought to be followed in ensuring safety and reduce injury risks.
Lack of protective dressing could also be a physical risk in the pharmacy. In some instances, staff usually works without gloves, dust masks and goggles. Lack of first aid kits within the pharmacy is also a physical risk, especially to patients and staff. Other threats that require physical security enhancement may include; power loss, armed attack by intruders in the premises, disorderly conduct, assault on the staff, burglary and robbery, internal diversion and theft and many others (Fennelly, 2012).
Examples of intruder scenes/scenarios
Many reasons might lead to intruder entrance into the pharmacy. In most circumstances, the intruders have negative motives. To begin with, the intruder may be a disgruntled employee of the pharmacy, who was fired and is seeking revenge. After they are sent away, some of the employees usually surface back to bring restlessness and cause havoc to patients and in the current staff. Disgruntled families and family to the patients could also intrude the pharmacy with intentions of hurting people. Drug related invasions are the most common in pharmacies. However, inside the pharmacy, mentally challenged patients can also cause havoc, especially for patients that react negatively to certain drugs. Random violence could also be experienced though, not in frequent sequences (Fennelly, 2012).
Logical vulnerabilities and threats
Logical risks or threats are those that are likely to affect the information that is sensitive and has to be protected. Logical security not only provides a remedy for protecting information, but also ensures the location of the information is equally protected. Precisely, this information that needs to be protected is diverse and in most cases confidential. This information may range from patient identifications that are personal, details of the pharmacy firm including its insurance data, history that is written especially regarding patient prescriptions, patient information that is sensitive in case it is exposed to the public, access codes and numbers and others. This information could be protected in different ways such as adoption of either electronic or procedural security measures (Finefrock, 2008).
Implications of threats and vulnerabilities on networks and pharmacy
In order to protect the client data, the pharmacy networking and systems have to be secured and compliant to the set standards by the relevant governing bodies. Networks have proven to be the easiest targets for unauthorized persons when they need to access confidential information such as client identities and accounts/funds information. Hackers have severally been charged in courts of law over their malicious intentions of accessing firm data by cracking the firm's secret codes. Pharmacies are not an exception and are more vulnerable due to the many activities going on in the pharmacy. Implementation of logical systems for security will be addressed in the proceeding paragraphs.
Also, threats and risks lead to urgent security integrations that may be expensive to implement. After threats are realized or detected, an assessment of the vulnerabilities need to be done. Solutions then need to be reached. In many circumstances, these risks need to be countered immediately due to their urgency. Ignorance of this risks and failing to take precautionary measures may cost the pharmacy's management a fortune. Administrative, preventive and corrective control measures are required to safeguard both the networks and the premises infrastructure. Control strategies will contain an assessment of risks, detection and protection, and also response to the risks (Finefrock, 2008).
Strategic dealing with vulnerabilities and risks
Mitigation happens to be the most common strategy for risk management and control. In this strategy, the pharmacy is expected to fix any flaws that are involved with the physical and logical risks. This could be done easily by developing compensatory control, which will assist in reducing the possibilities and implications leading to the flaws. Mitigating risks is also known as control analysis in some cases because it entails control measures as opposed to corrective ones. This method is recommended because it is cost friendly when compared with other strategies (Flammini, 2012).
Transference of risks and threats could also be an option. This strategy involves the procedure of accepting a different party to be liable in case of any situations arising from the risks. Though this strategy is uncommon for the logical risks, it is almost compulsory for physical risk management. Examples of transference strategies include property and life insurances. Insuring equipment involves the transfer of risks to other parties. The risk is moved from the pharmacy owners and shifted to the insurance companies. Essentially, this strategy does not reduce the risks in any way, but it reduces the overall burden/impact in general. In most cases, the insurance company is expected to pay certain agreed amounts of funds to the pharmacy in case of fire, burglary, robbery and many others as per the agreed contractual terms (Flammini, 2012).
Acceptance happens in scenarios where the pharmacy or any other firm, accepts the risks to operate within their system. Low rated risks are usually tolerated, because of mild implications that can easily be handled. Ironically, high cost risks are also tolerated, but this is very difficult to notice. In case a high cost risk is accepted, then it has to be in writing and managers need to ratify it after they make the decisions. Often, in many pharmacies, high cost risks are accepted but after penetrations to the systems, the security officers are made responsible. As the security officer, another obligation that not indicated in the preceding paragraphs is to take part in analyzing risks and determining whether they can be accepted (Flammini, 2012).
This entails the process or eradicating the vulnerability aspects in relation to the pharmacy's system. If the risk seems to be so…[continue]
"Pharmacy Information Security Information Security In Pharmacies" (2012, December 19) Retrieved October 24, 2016, from http://www.paperdue.com/essay/pharmacy-information-security-83619
"Pharmacy Information Security Information Security In Pharmacies" 19 December 2012. Web.24 October. 2016. <http://www.paperdue.com/essay/pharmacy-information-security-83619>
"Pharmacy Information Security Information Security In Pharmacies", 19 December 2012, Accessed.24 October. 2016, http://www.paperdue.com/essay/pharmacy-information-security-83619
Pharmacy Career Info. As if the pharmaceutical companies and the pharmacists at drug stores need something more to worry about, the latest issue is drug counterfeiting. While this issue in the United States is still rare, the number of investigations are on the rise. According to the Food and Drug Administration (FDA), the number of counterfeit drug investigations has risen from an average of five per year in the 1990s to
Health Care IT Health Care Information Technology The days of paper-based records in health care are fading. It is widely believed that the broad adoption of clinical applications such as computerized physician order entry (CPOE) can lead to major health care savings, help eliminate medical errors, and improve healthcare outcomes for patients (Lynn, 2011). Because of such benefits, the Obama administration included automated adoptions in health care as a part of its
CIO Briefing: Process of Health Care Information System Selection and Organizational Goals Process of Selection of Health Care Information System In order for the organization to begin the selection of a health care information system, it is necessary that a records committee be formed for this purpose. The general staff for such an initiative will include the CIO along with a cochair of records and content management and other members which may
Security in Healthcare The recent advances in technology -- databases that store personal medical records and information -- are bringing tools to patients, doctors and other healthcare professionals that were simply not available just a few years ago. There is hope that eventually, a doctor in Hawaii that is treating a medical emergency for a tourist from Florida, will be able to access the digitally kept medical and healthcare records
Acquistion of Information Systems Selection and Acquisition of Information Systems Selection and acquisition of information systems could involve an enormous investment for a healthcare organization. Besides the initial costs that organizations need to incur, there are also long-term costs associated with maintenance, support and enhancement of the information system. Selecting the right information systems that would meet the need of an organization is a critical step to consider when selecting and
Others include delays in data accessibility, albeit shorter delays and the continued need for source data verification (Donovan, 2007). Other obstacles have occurred in the developing of mobile healthcare applications. These have included mobile device limitations, wireless networking problems, infrastructure constraints, security concerns, and user distrust (Keng and Shen, 2006). A third problem that has been encountered is that of a lack of education on not only the importance of the
" (MediLexicon International, Ltd., 2006). The PCIP was formed from the recognition that high costs and low quality inherent in the Healthcare system of the U.S. is largely due to a system that is antiquated and fragmented (DOHMH, 2006a). The inability to properly collect and use health information is one of the primary problems associated with proper health care maintenance. The PCIP. was formed in response to this need. The primary