Section 856 IAC 1-42-4 - System, access, security, and privacy requirementsAuthority: IC 25-26-13-4
Affected: IC 25-26-13
Sec. 4.
Pharmacists that provide or engage in remote practice of pharmacy services must employ security and privacy standards and protocols that adequately protect patient privacy and health. Accordingly, a pharmacist must satisfy the following requirements:
(1) Utilize a system that is capable of the following: (A) Real-time access and exchange of live patient data.(B) Secure and encrypted mediums of exchange.(C) Limited access portals with rigorous authentication and identification protocols.(D) Providing back-up or disaster recovery capability in the event of failure or loss of service.(2) Utilize a system or program that at a minimum is capable of maintaining the following information on each transaction, service, prescription, or drug order reviewed, entered, or provided by the pharmacist performing the service: (A) An electronic record that can be reproduced in electronic or manual format for inspection or review at any point within the scope of the appropriate record retention requirement as stipulated by either state or federal law.(B) Track the identity of the individual pharmacist that took an action and the date and time at which this action took place.(3) Utilize a system capable of maintaining compliance with HIPAA and other state or federal, or both, laws and regulations that relate to patient privacy.(4) Utilize a system approved and reviewed by the board or board staff following a personal appearance or petition to the board.Indiana Board of Pharmacy; 856 IAC 1-42-4; filed Jun 19, 2013, 10:06 a.m.: 20130717-IR-856120619FRAReadopted filed 2/15/2024, 1:16 p.m.: 20240313-IR-856230795RFA