Information security is vital in many firms especially pharmacies and other sensitive fields. Security officers are, therefore, necessary to ensure both physical and logical safety. The Information Security Officer/Manager (ISO) will have different duties such as managing the information security functions in according to the firm's established guidelines and provisions/policies, providing reports to the firm's management at reasonable intervals, establishing and ensuring implementation of information security procedures and standards, according to the state's provisions regarding risk management policies, consulting and recommending to the pharmacy on issues of security enhancement, conducting information security analysis and assessment programs and many others.
Protecting medication, funds and health information
According to statistics, many health firms such as pharmacies and hospitals have adopted the electronic health records (EHR) model to store their information. However, these firms still use physical records such as filing to store their information. In adopting the EHR, pharmacies usually aim at improving the coordination with patients, reducing disparities, improving public health and enhancing privacy of information through secure data protection. Medication, funds and also information have to be protected to encourage quality service deliverance to the firms.
Access to the pharmacy
According to the Joint Commission on Accreditation of Healthcare Organizations (1998), a pharmacy is a designated security sensitive area. This calls for a well established security plan that will cover both the access measures and policies that will control movement within the building. In developing a plan, the information security officer will consider issues like the hours and durations of operation, accountability of access cards, lock combinations and keys, availability of physical security guards, authorized accesses, transportation and release of drugs, reporting in case of losses and replacement of security gadgets.
At the customer entrance, patients will not be allowed in after working hours and the security guards should emphasize on working hours especially if the pharmacy does not work 24 hours. Only licensed pharmacists will access the premises through the entrance after working hours, and not all nurses will be allowed to access after working durations, unless they are certified. Dual loch systems are recommended for the entrance, to assure security during the non-working time. The windows should be grilled and situated strategically to avoid access to the building through the windows. The backdoor is to be used by employees only, and non-employees should be restricted from using the door to ensure information is not discarded and that no materials are carried from the pharmacy through the back door (Joint Commission on Accreditation of Healthcare Organizations, 1998).
Physical Vulnerabilities and Threats
Because of the services provided in the pharmacies, there is a probability that the pharmacy premises and staff will be exposed to intrusion, bearing in mind the locations of the premises. Mostly, the buildings will be located in cities and towns that are vulnerable to crime and violence. There are many reasons that will lead to outsiders intruding into pharmacy buildings. In most cases, the intruders have malicious motives when accessing the pharmacy and this necessitates the need to adopt and implement physical security measures. Some of the examples of physical vulnerability and threats include; manual operations of equipments within the building. In such cases, when the movements are unavoidable such as the pulling and pushing of items using trolleys, thus steps ought to be followed in ensuring safety and reduce injury risks.
Lack of protective dressing could also be a physical risk in the pharmacy. In some instances, staff usually works without gloves, dust masks and goggles. Lack of first aid kits within the pharmacy is also a physical risk, especially to patients and staff. Other threats that require physical security enhancement may include; power loss, armed attack by intruders in the premises, disorderly conduct, assault on the staff, burglary and robbery, internal diversion and theft and many others (Fennelly, 2012).
Examples of intruder scenes/scenarios
Many reasons might lead to intruder entrance into the pharmacy. In most circumstances, the intruders have negative motives. To begin with, the intruder may be a disgruntled employee of the pharmacy, who was fired and is seeking revenge. After they are sent away, some of the employees usually surface back to bring restlessness and cause havoc to patients and in the current staff. Disgruntled families and family to the patients could also intrude the pharmacy with intentions of hurting people. Drug related invasions are the most common in pharmacies. However, inside the pharmacy, mentally challenged patients can also cause havoc, especially for patients that react negatively to certain drugs. Random violence could also be experienced though, not in frequent sequences (Fennelly, 2012).
Logical vulnerabilities and threats
Logical risks or threats are those that are likely to affect the information that is sensitive and has to be protected. Logical security not only provides a remedy for protecting information, but also ensures the location of the information is equally protected. Precisely, this information that needs to be protected is diverse and in most cases confidential. This information may range from patient identifications that are personal, details of the pharmacy firm including its insurance data, history that is written especially regarding patient prescriptions, patient information that is sensitive in case it is exposed to the public, access codes and numbers and others. This information could be protected in different ways such as adoption of either electronic or procedural security measures (Finefrock, 2008).
Implications of threats and vulnerabilities on networks and pharmacy
In order to protect the client data, the pharmacy networking and systems have to be secured and compliant to the set standards by the relevant governing bodies. Networks have proven to be the easiest targets for unauthorized persons when they need to access confidential information such as client identities and accounts/funds information. Hackers have severally been charged in courts of law over their malicious intentions of accessing firm data by cracking the firm's secret codes. Pharmacies are not an exception and are more vulnerable due to the many activities going on in the pharmacy. Implementation of logical systems for security will be addressed in the proceeding paragraphs.
Also, threats and risks lead to urgent security integrations that may be expensive to implement. After threats are realized or detected, an assessment of the vulnerabilities need to be done. Solutions then need to be reached. In many circumstances, these risks need to be countered immediately due to their urgency. Ignorance of this risks and failing to take precautionary measures may cost the pharmacy's management a fortune. Administrative, preventive and corrective control measures are required to safeguard both the networks and the premises infrastructure. Control strategies will contain an assessment of risks, detection and protection, and also response to the risks (Finefrock, 2008).
Strategic dealing with vulnerabilities and risks
Mitigation happens to be the most common strategy for risk management and control. In this strategy, the pharmacy is expected to fix any flaws that are involved with the physical and logical risks. This could be done easily by developing compensatory control, which will assist in reducing the possibilities and implications leading to the flaws. Mitigating risks is also known as control analysis in some cases because it entails control measures as opposed to corrective ones. This method is recommended because it is cost friendly when compared with other strategies (Flammini, 2012).
Transference of risks and threats could also be an option. This strategy involves the procedure of accepting a different party to be liable in case of any situations arising from the risks. Though this strategy is uncommon for the logical risks, it is almost compulsory for physical risk management. Examples of transference strategies include property and life insurances. Insuring equipment involves the transfer of risks to other parties. The risk is moved from the pharmacy owners and shifted to the insurance companies. Essentially, this strategy does not reduce the risks in any way, but it reduces the overall burden/impact in general. In most cases, the insurance company is expected to pay certain agreed amounts of funds to the pharmacy in case of fire, burglary, robbery and many others as per the agreed contractual terms (Flammini, 2012).
Acceptance happens in scenarios where the pharmacy or any other firm, accepts the risks to operate within their system. Low rated risks are usually tolerated, because of mild implications that can easily be handled. Ironically, high cost risks are also tolerated, but this is very difficult to notice. In case a high cost risk is accepted, then it has to be in writing and managers need to ratify it after they make the decisions. Often, in many pharmacies, high cost risks are accepted but after penetrations to the systems, the security officers are made responsible. As the security officer, another obligation that not indicated in the preceding paragraphs is to take part in analyzing risks and determining whether they can be accepted (Flammini, 2012).
This entails the process or eradicating the vulnerability aspects in relation to the pharmacy's system. If the risk seems to be so…