Is Your Information Safe?: ePHI and HIPAA Security Risk Assessment

Many Americans don’t understand what a tightly regulated industry pharmaceuticals are; as a matter of fact, it’s the most regulated industry in the country. There is a reason why the pharmacist takes a while to get your prescription, it’s due to privacy laws put in place by the government. Lots of Americans think their information is secure; but ask someone who works in a pharmacy just how insecure your personal information is, even with privacy rules designed to protect it.

HIPAA (Health Insurance Portability and Accountability Act) was enacted in 1996, and the Privacy Rule was enacted shortly thereafter. This rule gives you as a patient a certain degree of privacy when collecting your information. The personal information that a pharmacist takes–your name, your date of birth, address, types and dosage of prescription, Social Security Number, driver’s license information, doctor’s information and so on-comprises a category that is called PHI, for Protected Health Information. Portions of this information are printed on the prescription inserts located in your prescription bag.

Unfortunately, IT security risk assessment teams only test for ePHI–the collecting of PHI electronically. If you’ve ever had to give your consent and sign your name on an electronic device at the pharmacy counter, that’s ePHI. Certain doctors also send prescriptions electronically to a pharmacy of your choice. That prescription is ePHI. IT security risk assessment teams try to plan for every possible scenario, but their scope of protection falls under information collected electronically, not by paper.

IT security risk assessment teams test for breaches in ePHI security all the time. They must determine the level of risk, how it will be breached and constantly test their systems to keep thieves and hackers from stealing your personal information. On the whole, this makes a pharmacist’s job easier. But because portions of PHI are printed on those pharmacy inserts, it’s not a good idea to throw them out. Identity thieves can steal identities with as little as a name and phone number.

Your privacy is not just important to your pharmacy for moral reasons, but the government will heap thousands of dollars in fines if your privacy is infringed upon. IT security risk assessment teams have made the job easier by protecting the pharmacy from electronic attacks.

0