When you protect patient data, stay alert and create a plan

When you protect patient data, stay alert and create a plan

Patient data is essential for providing coordinator care, but more data also creates greater risks.

With the rise of malware and ransomware attacks, being aware of the dangers and proactively creating a plan to manage problems is essential to protect patient data, according to a session of the Asembia 2022 Specialty Pharmacy Summit entitled “Drugs, Data , and Defense: Protecting Patient: Data Providing Safer Care “.

According to presenter Shawn Griffin, MD, FAAFP, president and CEO of URAC, patient data is essential to providing coordinator assistance, but more data also creates greater risk. Data security carries both legal and reputational risks and new systems are needed for healthcare to evolve; however, these new systems also entail new risks.

One of the most notable security risks is cyber attacks, which have increased significantly in recent years. Griffin pointed out that cyber attackers are smart, so educating employees on what to keep an eye out for is an important step in ensuring data security.

“This is getting big and this is getting serious,” Griffin said. “Medical service providers have been dealing with this problem for decades now, and to be honest, they’re not doing a great job with it.”

The main aspects to consider with data security include physical risks, backup systems, technical precautions, malware or ransomware and various types of systems and their respective security. With all these concerns, Griffin said it’s critical to proactively consider both how to protect your data and what to do if it gets compromised.

Physical risks can include both protecting pharmacy servers and ensuring offsite data storage in the event of a fire or other disaster. Minimizing the number of people who have access to the server room is important, and servers should be treated with the same caution and safety as controlled substances, Griffin said.

Additional technical precautions can be encrypting data, even on computers or devices that employees bring home, and designating clear roles for anyone with access to the data. Regular risk assessments should also be conducted, although the frequency depends on the type of software and systems used by the pharmacy.

Developing and regularly testing a business continuity plan is also an essential step in ensuring that patients still receive the care they need if data is compromised or systems go offline.

Finally, Griffin discussed the interoperability of systems and the benefits it brings along with the risks. Whenever internal systems are connected to a partner’s systems, Griffin said the risks of data breaches increase. If a cyber-attacker were to access the partner’s system, he could make his way into other connected systems. Despite these risks, however, recent legal developments require interoperability.

For example, Griffin said the 21st Century Cares Act includes a requirement for interoperability because the data is owned by the patient, so it cannot be held solely by a single health care provider. Pharmacists’ eCare plan is not widely used, but Griffin said it also includes requirements for interoperability and could emerge in state regulations or through encouragement from the pharmacy organization.

Griffin noted that there are also significant fines for non-compliance with interoperability due to federal laws with these requirements. Though smaller organizations may feel under the radar, Griffin said it won’t last.

When considering data security in general, Griffin said the ultimate goal is to have a more complete picture of the patient in order to provide better care. The tools needed to be a high-performance vendor pose new risks to any business, but ensuring security by updating and modernizing systems at the same time is essential.

Finally, Griffin encouraged pharmacists and pharmacy managers to seek help when needed, because data security is a complicated and ever-changing field.

“You know what you know and admit what you don’t know,” he concluded.


Griffin S. Drugs, Data, and Defense: Protecting Patient Data by Providing Safer Care. May 3, 2022. Presented at Assembly 2022 Specialty Pharmacy Summit.

Leave a Comment

Your email address will not be published.