In this week’s special feature, writer Rima Evans explores the dangers of cyber attacks on pharmacies. Read today’s episode to find out more about fraud prevention.
Missed yesterday’s instalment? Click here
The UK’s fraud prevention service CIFAS reminds businesses to put in place a staff fraud prevention strategy. For example, running background character or criminal record checks on potential employees during the recruitment process may prevent a person that poses a high risk being hired in the first place.
For pharmacies working in an online environment, security measures need to be more far-reaching and meticulously planned.
Daniel Lee, managing director and superintendent pharmacist at Pharmacy2U, the first online provider of pharmacy services in the UK, says that in an internet pharmacy where a much larger proportion of patient interaction is electronic, the need for appropriate IT to protect patient data and confidentiality is greater.
He says his organisation is stringent in its defences against hacking.
“Patient data is entered using SSL encryption [this allows sensitive information to be transmitted securely during online transactions] and data is stored in a database that is separately firewalled with restricted access. All email and passwords are stored encrypted in the database.”
In respect of payment systems Lee recommends there should be encryption technology, robust firewalls and compliance with the Payment Card Industry Data Security Standards (PCI DSS) to protect financial data.
“All this is becoming more commonplace but if these aren’t in place there is a high risk of fraud. Most sites will probably link out to standard payment card industry methods such as Sage Pay or Worldpay.
“Each year we have to undertake a PCI DSS assessment, which includes running security tests all our systems against all known security threats.”
Pharmacies should have the necessary protocols to ensure the appropriate sale of medicines. Lee explains how Pharmacy2U captures vital information to be able to refuse a sale of a pharmacy only medicine.
“Specific dynamic protocols questions related to the medicine have been created that allow our pharmacists to ensure the suitability of a product for a patient. Any queries or uncertainties are passed to a pharmacist who will contact the patient to get more information or offer advice.
Systems are in place to ensure patients who may be presenting multiple times from different accounts are captured and accounts closed. We would suggest a similar protocol is a requirement of any internet pharmacy.”
There are a large number of regulations or standards that are relevant to the safe operation of internet pharmacies – for example, the information security standard ISO/IEC 27001, distance selling regulations or Data Protection Act.
It can be overwhelming. To encourage compliance and raise industry standards the General Pharmaceutical Council (GPhC) is developing prescriptive guidance in this area. Guidance for registered pharmacies providing internet and distance sale, supply or service provision is still in draft format although due to be published in the Spring.
Lee says: “We have lobbied for this so we are pleased about it but we need this to be published. The industry wants to move forward. In any business there are always potential risks but these can be managed through strict adherence to the right checks and audits.”
Come back tomorrow for the final part of our weekly feature, where we reveal the essential fraud facts.