Privacy requirements governing the use of PHI (protected health information) have become extremely stringent, especially since the 2013 Final Omnibus Rule Update to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The rules regarding the security and privacy of health information and data are not only now being much more tightly enforced, but penalties for breaching these standards are significant, carrying fines of up to 1.5 million dollars.
As a pharmacy owner, it's your legal obligation to ensure that you and your staff adhere completely to the privacy requirements of HIPAA. A great deal has changed since HIPAA was first enacted in 1996, especially in the area of digital data processing and transmission of patients' medical information. Patient privacy and the safeguarding of patient medical information are now at the forefront of every pharmacy business, or should be, and failure to adhere to these stringent regulations could spell disaster not only to the noncompliant business but also the owner and/or errant staff member(s) as well.
New Fixtures, Workstations, and Rx Shelving May Be Needed
With most of the activity regarding prescription fills and patient counseling occurring at or around your drugstore's pharmacy counter, it's important for patient privacy and medical information security that this area be designed specifically to facilitate compliance with HIPAA and its requirements for strict confidence in the transmission of medical-related data, whether by computer, by telephone or in face-to-face communications between a client and a member of your workforce.
Since HIPAA regulations require that workstations be centralized and only accessible by authorized personnel following specific sign-on protocols and login authentication measures, certain types of pharmacy shelving, fixtures, and locking cabinetry may be utilized to increase protections. Your back end work area should include at least one private space where patients can be afforded the privacy to discuss their health conditions with pharmacy staff members without being overheard by other customers within earshot.
Telephone communications referring to any client medical condition or personal information, such as billing or insurance payment data, must also be kept in strict confidence without risk of being overheard by any third party. All of this requires that certain workstations be available apart and away from the eyes and ears of the public. This may require the purchasing of specialized pharmacy shelving or other fixtures capable of affording the privacy needed, perhaps with locking compartments for the secure storage of all hard-copy PHI.
Necessary Steps Must Be Taken
New regulations require that changes be made in nearly every pharmacy setting in order to come into compliance with both federal and state laws governing the handling of protected health information. This will likely require alterations to your internal store infrastructure as well as thorough training of all personnel responsible for the maintenance of ongoing client privacy regarding their medical information.
Penalties for failure to comply are stiff and, since the Final Omnibus Rule Update came out, inspectors are out in force trying to ensure compliance is being taken seriously. Civil and criminal penalties have been levied in the past, with the decade from 2003-2013 seeing a total of 91,000 complaints received by the U.S. Department of Health and Human Services, 22,000 of which led to some type of enforcement action.
It is a huge burden on pharmacy owners to learn everything they need to know about the current PHI privacy regulations and to enforce compliance within their organizations. There is, however, no other option. Whatever can be done to further ensure patients' privacy and medical data security must be done. This is critical to your ongoing business success.