Shelf Obsessed

What Impact do HIPAA Laws Have on Pharmacy Construction?

Written by Robert Walthall | Tue, Jul, 28, 2015 @ 01:00 PM

With more restrictive HIPAA regulations in effect since September 2013, independent pharmacy owners have a greater responsibility than ever to protect their patients' personal information, also known as PHI. Any new pharmacy construction or remodeling you do must take these new regulations into account.

So what do the new regulations mean?

Patients now control who sees their personal health information

In essence, you need strict controls to protect patients' privacy. Patients themselves now can control who sees their PHI, and they must be given access to their own files. Health professionals will still be given access to PHI in regard to specific patients for particular allowable reasons. Privacy requirements remain unchanged for anything allowed under the privacy rule.

You must now report all security breaches

Under the old rules you only had to report a breach if it represented a significant threat to those affected. Now, however, the Department of Health and Human Services has to be notified if any breach happens. Again, disclosures that are allowed under the privacy rule are still acceptable. Business associates and subcontractors will need to have privacy agreements in place – updated on a regular basis – and they must also agree to abide by the HIPAA security rules as established in September 2013.

How do the new HIPAA regulations affect pharmacy construction and design?

In essence, you will need to redesign your pharmacy with your patients' privacy in mind. Because you must report every security breach, your reputation may suffer if you don't put the proper safeguards in place.

Physical safeguards specific to pharmacy construction and remodeling include:

  • The installation of lockable cabinets, fixtures, and other components to store portable devices

When patients' PHI is accessed on portable devices like tablets and laptops, those devices must be securely locked away when not in use. Any new pharmacy construction or design should include fixtures or shelving that secure. Locking cabinets placed behind the counter, for example, will protect PHI from unauthorized access.

  • A pharmacy layout that accommodates centralized workstation(s)

Any new pharmacy construction or design should place workstations centrally so that they can be carefully monitored at all times, thus discouraging protocol missteps that could cause a personal health information breach.

Part of this monitoring will include new protocols that specify how workstations can be used. The workstations should be set up so that it is impossible to remove PHI electronic media, hardware, storage devices, or any other devices used for access. If such devices are to be moved, implement policies that specify how these devices can be moved, reused again, or replaced/eliminated. Establish an audit trail for any equipment that is recycled, used, or moved to another building or facility. All of this is to make sure that patients health information is protected and not accessed by anyone without authorization.

  • A privacy wall(s) to separate work areas from customer areas

If your pharmacy doesn't already have one, any remodeling or new pharmacy construction should include a privacy wall that separates prescription filling and other work areas from the pharmacy floor and customer areas. A wall helps prevent prescription errors because it eliminates unnecessary distractions, but it's also essential to prevent the accidental "sharing" of PHI. Patients and customers will not be able to overhear any sensitive information not meant for them, and you can conduct business secure in the knowledge that you are not violating HIPAA regulations.

September 2013's new HIPAA regulations seek to protect your patients' privacy by requiring you to stringently protect patients' privacy, particularly their PHI. Any pharmacy construction or remodel must be done with these regulations in mind.