Cyber Security for Retail Pharmacies
Comply with retail pharmacy regulatory requirements
Retail pharmacies are in the uncomfortable position of needing to comply not only with PCI DSS standards but also the need to comply with other regulations like HIPAA/HITECH as well as protect their organizations from violation of State, Federal and Local data breach statutes. Entrust nShield® HSM data protection solutions help retail pharmacies secure their data and comply with regulatory requirements through data-at-rest encryption and secure access controls to the encrypted information.
PCI DSS Compliance
The Payment Card Industry Data Security Standards (PCI DSS) mandates that all organizations that accept, acquire, transmit, process, or store cardholder data must take appropriate steps to continuously safeguard all sensitive customer information.
The HIPAA Security Rule requires covered organizations to implement technical safeguards to protect all Electronic Personal Healthcare Information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information.
The HITECH act then expands the compliance requirement set, requiring the disclosure of data breaches of “unprotected” (unencrypted) personal health records (PHR), including those by business associates, vendors and related entities. Finally, the “HIPAA Omnibus Rule” of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule.
International, Federal and State Regulatory Compliance
Data breach notification requirements on loss of personal information have increasingly been enacted by nations around the globe as well as by US State governments. Data breach disclosure laws and notification requirements vary by jurisdiction, but almost universally include a “safe harbor” clause if the data lost was in encrypted form.
The DEA’s requirements for EPCS include that the cryptographic module used to digitally sign data elements be at least FIPS 140-2 Level 1 validated and that the pharmacy application’s private key must be stored encrypted.
Entrust nShield HSM Key Management
Entrust nShield HSMs and our technology partner key management solutions enable centralized management of encryption keys for environments and devices including Key Management Interoperability Protocol (KMIP) compatible hardware, Oracle and SQL Server TDE master keys, and digital certificates.
Quick and Easy to Install
Entrust nShield HSMs and technology partner key management solutions work with most major operating systems, including Linux, UNIX and Windows servers in physical, virtual, cloud and big data Cardholder Data Environments (CDE).
Doesn't Slow System Performance
Customers typically report no perceptible impact to end-user experience when using Entrust nShield HSM solutions. Entrust nShield HSMs perform encryption and decryption operations at the optimal location of the files system or volume manager taking advantage of hardware cryptographic acceleration, such as Intel® Advanced Encryption Standard-New Instructions (Intel® AES-NI) and SPARC Niagara Crypto, to speed the encryption and decryption of data.
Research and Whitepapers: A Coalfire White Paper: Using Encryption and Access Control for PCI DSS 3.0 Compliance in AWS
Compliance and security continue to be top concerns for organizations that plan to move their environment to cloud computing. Besides that, achieving PCI compliance is not a simple task.