These new HIPAA relations really boil down to two words: "patient privacy." Specifically, you must protect patient health information or PHI; if any breach occurs, patients must be instantly notified. Under the old rules, that only needed to happen if the breach was seen as posing a significant risk to individuals who were affected. It is still true that any allowed under the privacy rule are still acceptable.
In order to be in compliance with these new regulations, you must protect patient information from the risk of security breach. That means you must:
To that end, you should use security measures that protect any portable device used to store patients' health information. By doing so, you can completely protect information from breach even when devices aren't in use. so that it is kept out of unauthorized hands always. You can lock portable devices like tablets and laptops. for example. The pharmacy shelving you use could be secure enough in that locking cabinets kept behind counter tops could lock these repositories of sensitive information. In other words, if you use a device to access your patients' PHI, lock it away behind the pharmacy counter, in lockable pharmacy fixtures, and restrict access to these with strict login procedures and protocols, and secure authentication methods.
Strict protocols and controls must be implemented to restrict personnel access to the hardware and media that store patient health information or PHI:
Workstations are centralized
Policies restrict when workstations can be accessed
Authentication measures implemented with every login
Devices that are mobile, such as laptops, must have restricted locations where personal information can be accessed
Specific protocols must be implemented to reduce, eliminate, or reuse components that are used to store PHI
Pharmacy shelving and fixtures that lock, such as under the counter pharmacy cabinets, can provide storage whereby you can lock away mobile hardware that can be used to access patient PHI. Laptops and other access and storage devices should be locked away securely when they're not in use to protect this sensitive information.
Because workstations must now be centralized in that personnel access is strictly controlled, you may need to set up a specific area with new pharmacy shelving and fixtures to fulfill that need.
The centralized workstation means that you can keep the workstation area under closer watch; breaching the protocol will be that much more difficult. In addition, because authenticated logins will also now be required, you have yet another layer of protection to protect patients' PHI.
While new pharmacy shelving and fixtures are always welcome, in that they can truly provide a "fresher" look that brings you into the 21st Century, they can also be used to meet new HIPAA requirements.
Specifically, the protection of patients' PHI is now imperative. Implementing these new protocols will keep you in compliance – as will any new pharmacy shelving you had to buy in order to protect patient PHI.