strengths & recommendations presented by steve mcclain & james hanson

Strengths & RecommendationsStrengths & RecommendationsPresented By Steve McClain & James HansonPresented By Steve McClain & James Hanson

Executive SummaryExecutive Summary

The purpose of this document is to communicate with the Curry Health Center Pharmacy (CHCP) the strengths, as well as areas for recommended improvement, discovered during the analysis performed of the software systems and related operational processes. The areas for recommended improvements section identify the specific area, the possible threat, as well as recommendations on how to improve each area including the rationale behind the recommendation. The strengths section highlights areas of the existing systems and processes that are particularly beneficial to the operation of the CHCP.

StrengthsStrengths

PioneerRx System– Strength:

• Has an RxNotify with an automatic prescription refill process (which helps maximize revenues).

• Provides great customer service by sending out emails and text messages to customers when their prescriptions are ready.

• The PioneerRx allows for less mistakes by having the ability to add prescribers, or updating prescribers information from the National Provider Registry and DEA database;

• Has the ability to add hard copy images into customers’ master files, and documents into the systems database.

• Automatic Medicare and commercial insurance lookup verification.• Inventory system restocks via suppliers.• Perpetual inventory system is maintained-improves reliability of detailed inventory

records.• Biometric finger security scanning system.

StrengthsStrengths

PioneerRx System Cont.– Strength:

• PioneerRx Advanced Searching.– Medication, Customer, Information, and Employee

• PioneerRx Drug interaction.– Screen that scans for possible negative drug effects

• Alert pharmacists when duties are changed in POS.– System notification of customer or employee master file changes

• POS System kept up to date and multiple backups are maintained:– Onsite– Offsite

» Louisiana• Profit margin per inventoried item based on insurance and no insurance is

automatically available for management evaluation purposes (should we carry/not carry certain inventory items?).

StrengthsStrengths

Interdepartmental billing – Strength:

• Each transaction requires approval by a pharmacy manager:

– Great internal control to catch any mistakes; and

– Great internal control to prevent approvals being made by any unauthorized users

Notification of bad checks– Strengths

• Allows the department to control the number of bad checks received

– Fewer uncollectable accounts

» Increase in operating and net profits

StrengthsStrengths

Passwords Changed– Strengths:

• Great internal control – Decreases potential for

password theft– Creates a strength for

restricting unauthorized former employees from having access to the system

Access Control Matrix– Strengths:

• This allows the pharmacy manager to control who has authorization to different areas and functions within the PioneerRx system.

RecommendationsRecommendations

Deposits are not made on a regular schedule– Threats:

• Possible/increased potential for theft or loss of cash/deposits• Loss of deposit package audit trail:

– Paperwork could be misplaced.– Paperwork could be stolen.

• Memory of different day’s transactions are not as strong:– If paperwork is lost, and it is required to recall a particular day’s

reconciliations from multiple days prior, your memory of the events is not as strong as if it is from the same day you lost the paperwork.

– Recommendations:• CHCP should make deposits each day.

– Rotating times to prevent predictability


Steve McClain was not asked for identification– Threats:

• Social Engineering– Someone could impersonate a different customer with the intent of obtaining

an Rx illegally. • Unintentional Error

– The employee could access the incorrect person in the POS system– Give person wrong prescription

» Danger to customers if they are allergic to medication» Possible harmful unanticipated (for that particular patient) drug

interactions

– Recommendations:• The POS system should ask the user if they have asked for the customer’s ID

– If this function is not available in the system, a memo could be placed near the register that reminds each employee to check accepted forms of customer identification.


Cash drawer is not counted upon opening of the store– Threats:

• Theft and/or Loss– Making reconciliation for end of day transactions incorrect

– Recommendations:• The cash drawer should be counted at the end of shift and

recounted at the start of each new shift.


Reconciliation is not done at the end of the day’s transactions

– Threats:• Incorrect recording of the day’s transactions

– If you are required to recall anything from previous day’s transactions, your memory decreases due to the passage of time.

– Recommendations:• The reconciliation should be performed at the end of each shift.

– It is easier to remember the same day’s transactions and problems.


Door to pharmacy was not locked when we performed the initial walk through

– Threats:• Unauthorized physical access

– Less safe for staff » If robbery is the person’s intention, the staff has the potential to be

harmed. – Less safe for customers

» Opportunities are present that may lead to customer temptation.

– Recommendations:• Make it a policy to have someone make sure the door is locked continuously

throughout the day, every day the pharmacy is open for business.• Install automatic door locks with key code entry or ID card scan.


PioneerRx computer screen timeouts seems to be too long.

– Threats:• An employee may access unauthorized areas of the system.

– Employee logged in may have view, edit, and delete access, but the person who is using the computer may not.

– Recommendations:• Talk to PioneerRx staff and see if they have the ability to reduce

the inactive computer time out rates.


Lead Pharmacist segregation of duties issues– Threats:

• Lead Pharmacist has view, edit, and delete privileges– There are not any notifications sent to anyone besides lead

pharmacist upon deletion.

– Recommendations:• The computer software should send notices to the lead

Pharmacist’s supervisor whenever changes are made.


Keys are inventoried annually– Threats:

• If someone with key privileges loses his/her key but is too afraid to say something, a long period of time could pass before becoming aware of the potential problem a missing key could cause.

– Recommendations:• The keys should be inventoried at the same time as the safe combination is being

changed or even done on a surprise basis periodically.• The keys should be re-tooled and changed

– Every six months• Every time an employee is dismissed or resigns that had a key


Different person making deposits– Threats:

• If a disgruntled employee makes changes to the deposit, or takes an item from deposit packet, it is difficult to track who the culprit is if you have different people making the deposits.

– Recommendations:• Have the same person make the deposits on a daily basis-this

person should be different from the person counting and recording the deposit.


Bad check list done on a quarterly basis– Threats:

• Multiple bad checks– A person can write as many bad checks to the department as they

want in a quarterly period before their check writing privileges are taken away.

– Recommendations:• Receive a bad check report no less than a weekly basis• Receive a bad check report update on customers who have more than

two bad checks before the weekly report is received• Consider linking to other University systems tracking bad checks or

bounced checks to identify faster potential problem customers before they try to buy products from the pharmacy.

ConclusionConclusion

CHCP has a multitude of strengths within its software systems and operational processes. However, both the systems and processes have the potential to improve. By instituting the recommendations found in this report , CHCP software systems and operational processes will become even more efficient, accurate, and secure in the future.

strengths & recommendations presented by steve mcclain & james hanson

Documents