Executive Summary: A National Retail Pharmacy Chain uses privacy filters to comply with healthcare industry regulations and provides privacy training and education to employees to ensure these standards are upheld.
Organization Overview: This leading retail pharmacy chain operates more than 1,000 stores throughout the U.S. Each store has both a pharmacy and retail store operation. Most stores have a drive-through window service where customers can pick up and pay for prescription drugs.
Business Case: A main concern for this National Retail Pharmacy Chain is the industry regulations that must be complied with, namely HIPAA and other state laws regarding the protection and handling of protected health information (PHI). In addition to PHI, employees also work with confidential information including:
• Credit card information protected by Payment Card Industry (PCI)
• Prescription history
• Recent purchases (i.e. loyalty card usage)
• Physician information
• Additional Personal Identifiable Information (PII)
Working in an open retail environment raises the level of concern for upholding visual privacy. The Chief Privacy Officer (CPO) notes, “It’s not just the pharmacy staff that sees sensitive information. Everyone from the people who stock the shelves to those behind the counter can be involved in transactions that are extremely private and sensitive for our customers.”
Furthermore, store customers are often within close proximity to sensitive information and the company is particularly concerned with ensuring that the customers do not have the opportunity to view these details through drive-through windows.
This National Retail Pharmacy Chain has been using privacy filters on an opportunistic basis since the mid-2000s, beginning in the pharmacies as well as finance and legal departments. Today, while not mandatory company-wide, the use of privacy filters is required for device screens within pharmacy locations with pharmacy managers tasked with ensuring their proper use.
Additionally, the National Retail Pharmacy Chain holds privacy education trainings that are mandatory for all clinical employees and management. Within these trainings, the focus is on communicating policies and procedures for data protection. A visual privacy-specific component to this training will be included in the future, according to the CPO.
3M™ Privacy Filters are distributed during training sessions and an online order form is available for managers to receive product at any time, making managing visual privacy at individual locations easy and straightforward.
According to the Chief Privacy Officer:
“For us, customer trust is critical. We are in a highly competitive and regulated industry. It is important that we demonstrate to our customers that we understand the information they are sharing is extremely personal. Trust should be integral to our culture. Based on the feedback I am receiving, the store personnel see that from the top down visual privacy is important and the use of privacy filters makes our employees more aware that the data on their screens is sensitive.”
With the use of privacy filters coupled with employee training and education, this National Retail Pharmacy Chain manages the risk of a non-compliance issue with HIPAA and other state laws protecting PHI and other sensitive information.
3M is a trademark of 3M Company. ©2015, 3M. All rights reserved.