Recently cybersecurity has become a hot topic within the pharmacy sector. As such, as we intend to be responsive to any new emerging threat to pharmacy technological or otherwise we have created a Standard Operating Procedure to manage Pharmacy Cybersecurity, this is free to access, however if you would like access to our suite of 150+ template SOPs for traditional bricks and mortar and internet pharmacies consider signing up to our GoPaperless solution.
To allow for safe and secure transactions over the internet, applying the utmost care to patient safety and data security.
Our organisation is committed to and is responsible for ensuring the confidentiality, integrity, and availability of the data and information stored on its systems.The main scope of this SOP covers data security of pharmacy systems.
1. Vulnerability testing.
Before training can be given to staff about data security, management must first understand the key risks to their organisation in respects to cybersecurity. A vulnerability assessment should be produced to evaluate information system vulnerabilities and the management of associated risk. A vulnerability assessment should include the following:
2. Ensure that all staff understand the main cybersecurity threats, more specific detail can be seen below.
Either create your own course for your staff or use a reputable provider like Voyager Medical (courses can be found within the hubnet.io). Within a high-quality cybersecurity course staff will learn about the importance of using two-factor authentication, enabling automatic updates and the use of anti-virus software / ad-blocking browser plugins.
3. Protection from Malware.
4. Limiting Operation Software.
The installation of software on production information systems must be controlled. To protect the general cybersecurity health of the organisation when installing new software responsible persons should ensure:
5. Limiting patient wifi access.
Some pharmacies offer patients free access to their wifi network. The pharmacy should ensure that this wifi network sits separate from the mechanism by which they communicate patient medical records to the central health authority. If the pharmacy offers a separate wifi access point, the password for guest access should be rotated at a minimum of once a month and staff should be trained to spot potential "man in the middle attacks".
Backup copies of information, software and system images must be made, secured, and be available for recovery. More specifically:
7. Event logging.
All staff should be appropriately trained to constantly monitor for cybersecurity threats. In the event that an event occurs this should be reported directly to the staff members line manager. This should be done using the hubnet.io error reporting system, an event should be logged and details recorded. This log for every location within an organisation should be monitored by an authorised management team. Once an event has been identified appropriate corrective action should be taken which includes a report which details:
This SOP will be reviewed in the event that there are any changes to best practice concerning pharmacy cybersecurity or in the event of staff changes. It will also be reviewed in the event of incidents or errors that have been logged. In the absence of any of these events, it will be reviewed yearly from the date of publication.
Hubnet is an online pharmacy information system. We intend to provide healthcare professionals with an online ecosystem to allow for better communication between each other and their patients. Protected by law, the data you enter into this site remains your intellectual property and cannot be used by us. Our goal is to enable you to do more, if you like it you can subscribe for more!