The Drug Enforcement Agency (DEA) requires all pharmacy registrants and applicants for registration to provide effective physical security controls and operating procedures to guard against theft and diversion of controlled substances.
Security requirements and standards include:
- Key and lock control with adequate accountability, routine changing, issuance and control procedures, logging, central repository, and combination security.
- Alarm Systems with adequate supervision, method of signal transmission, proprietary vs central station vs police connection, adequate standby power sources, maintenance and testing, signal and response time.
- Public access/perimeter fencing with adequate of gates and fencing, if any, control at entry/exit points, parking location and proximity to facility, extent of unsupervised public access to the facility.
- Supervision of employees with access control to manufacturing and storage areas, identification media and systems, control of and accountability for identification.
- Guest/Visitor procedures with access control, logging procedures, identification media, and internal movement control.
In the event of theft or loss of significant quantities, DEA provides the following guidelines for reporting the incident:
- When in doubt, registrants should err on the side of caution in alerting the appropriate law enforcement authorities including DEA, of thefts and losses of controlled substances.
- Provide information on quantity lost in relation to the type of business.
- Provide a pattern of such losses and the results of efforts taken to resolve them, and if known provide local trends and other indicators of the diversion potential of the missing material.
HIPAA is not just about electronic Data.
HIPAA requires healthcare providers and companies to protect patient health information—there is patient health information data in plain sight in your pharmacies
Are your physical access controls compliant with DEA and HIPAA requirements?
- Can your current physical control system provide information on who has access to controlled substances and patient information in your pharmacy?
- Can you easily change or terminate access to your pharmacy areas?
- Can you monitor access to the pharmacies from a central location?
If the answer is no to any of these questions, then it is time to implement Reach Access Control.
Reach Systems is a keyless entry, access control system uniquely designed for retail environments where there is limited IT infrastructure and limited IT staff.
The combination of Reach’s unique architecture and integration with Assa Abloy’s wireless electronic locks enables retailers to increase security and get in compliance with federal mandates at a significantly reduced investment compared to traditional access control implementations.
The Reach ACS is an integrated solution with Assa Abloy’s Sargent v.S2 locks including ReachNet, a web-based management application. All user interaction with ReachNet takes place through a standard web browser, so authorized users may login to the system over the Internet from anywhere, anytime. ReachNet is built on an enterprise class Oracle database and utilizes open source software and operating systems wherever possible. ReachNet is designed to be highly scalable and because there is no on-site software to install, it can be deployed cost effectively for a single door access system or for an enterprise-wide system that spans the globe.
Reach enterprise ACS features include:
- Role Based access to ReachNet
- Remote enrollment of employees
- Remote termination of access permissions
- Automated Notifications based on specified events
- Automated Reporting based on specified events
- Scheduling of doors and users
- Real-time monitoring of all remote sites