Pharmacy Portal and PHI Security

For security reasons, Rx Mobility uses a highly secure login system to help protect Protected Health Information (PHI).

The security at login is similar to that used by the banks. When using your banks website, the bank will ask for your password. Then, the bank sometimes asks you to enter a code that gets texted to your cell phone. Once entered the bank lets you access your account. The code you receive is effectively confirming you have access to the cell phone listed on your bank account. This betters secures the account by proving 2 things: (i) you know the password and (ii) you have access to the listed cell phone. The technical jargon for proving these 2 things is known as two factor authentication.

Rx Mobility also uses two factor authentication to secure the PHI data in the Pharmacy Portal.

We offer 2 methods of two factor authentication:

  1. The 1st methods uses a password plus a text message sent to a cell phone - the same as the bank example above. When logging in, the pharmacist enters the password and then is asked to enter the code that is sent in a text message to your the pharmacist's cell phone. This is the default method of security and has been present since the launch of Rx Mobility.

  2. The 2nd method uses a password plus a USB security key that you plug into a USB port on your computer. When logging in, the pharmacist enters the password and then presses the button on the plugged-in USB security key .
    USB Security Key

The following video from Google (1st 60 seconds) outlines how this security system works for Google services. It would operate in the same manner for you.

There are 3 ways to assigns USB security keys within the organization.

  1. Each staff member is given a USB security key. In this scenario,
    • Only 1 person's email address is associated with each USB security key.
    • The pharmacist carries the key on their person eg with car keys.
    • When accessing the Pharmacy Portal, the pharmacist plugs the USB security key into the computer.
  2. Each computer has a USB security key permanently plugged in. In this scenario,
    • A unique email address must be assigned to each computer.
    • The USB security key is permanently left plugged into the computer.
    • When logging in, the pharmacists uses the email address and password for that specific computer and and presses the button on the USB security key.

If you wish to avail of the USB security key login method, please follow these steps:

  1. Decide how you wish to assign USB security keys within the organization. i.e. permanently plugged into each computer or a different key for each staff member.

  2. Order third party USB security keys. AT the time of writing, the keys cost $18 each. This is the USB security key we have tested and recommend.

  3. Advise us that you have received the USB keys, because setting up staff with access to the Pharmacy Portal involves using the USB key during the account setup.

The account security with either method is excellent. Which method you choose is your choice and depends on your business policies and computer hardware. For example, some compounding pharmacies do not allow cell phones in the lab. Whereas others are running computers that don't have USB ports.

The only issue with the USB key is that login would need to occur through Google Chrome or Firefox browsers. Other browsers don't yet implement it, but that will likely change in the future.

Our new product has launched. Digital Compounder is the industries only digital marketing platform dedicated to compounding pharmacies. Digital Compounder is about getting your compounding pharmacy new patients. If interested, please click the image below.

Digital Compounder

Desmond Byrne

Read more posts by this author.

Subscribe to Rx Mobility Blog

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!