Preventing Prescription Drug Thefts from Pharmacies

A look at recent crimes and what every pharmacy security director should think about when planning security, access and response plans for their pharmacies


In another burglary, this time in Lincoln, Nebraska, burglars broke out a back-door window to get into the store. The building alarm went off, but police said the crooks apparently knew exactly what they were after, and were gone before police could respond. The theft netted over 700 tablets of OxyContin.

To properly address the burglary threat, there is a simple formula for achieving a successful physical security program. The time it takes to commit the crime must be greater than the time it takes the intrusion to be detected and assessed, and response forces (i.e. police) to be deployed and the adversary neutralized. The program at the Lincoln store was not effective, but a very common deficiency in pharmacy security programs. The use of an additional barrier such as a vault would likely have provided a sufficient delay for the criminal from reaching the target, and it might have tipped the scales back in the favor of the "good guys" and permitted police response to effectively intercept the criminals.

And then there are the armed robberies, which are more serious and can result in serious employee injury or death. Police in New Kensington, Penn., recently investigated an armed robbery at a pharmacy on a Sunday afternoon. According to police, the suspect entered the store and went to the pharmacy counter and at gunpoint ordered the pharmacist to give him all of the OxyContin. In another pharmacy incident early last month, an armed robber made off with thousands of dollars worth of OxyContin after a pharmacy heist where he simply pointed a shotgun at a clerk and demanded drugs.

While there are differing opinions on the value of panic alarms that can transmit a silent call to police in the event of an interior robbery, when properly installed, they have been effective in some instances. If you go this route, train your employees to only activate a panic alarm if it is safe to do so. Panic alarms should always be armed and there should never be any local audible activation after the panic alarm is sounded. Designers and installers must be cognizant of UL Standard 636, if panic alarms are used. Essentially this standard requires the appropriate devices, installation and monitoring of panic alarm devices. See http://ulstandardsinfonet.ul.com/scopes/0636.html. The full standard can be purchased from underwriter's laboratories.

Planning for Effective Security

Comprehensive security risk analyses are sometimes overlooked in the healthcare industry. A security risk analysis is the industry-accepted practice to determine the effort and energy required of one's security program to mitigate security risks to an acceptable level. A component of a risk analysis is a threat assessment. In a threat assessment it is critical to quantify the general threats to determine the probability that an adversary (internal or external, armed or unarmed) may be a concern to the healthcare setting under study. The risk analysis should result in a carefully defined set of security measures that mitigate the risks posed by the adversaries present in the local environment. Clearly, the criminal threat of burglary and robbery is more prevalent in certain locations, therefore it is important to conduct a study that looks at the local conditions to determine how likely the incident is to occur at the facility under study. The general steps for an effective risk assessment include:

* Identifying critical assets
* Conducting the threat assessment
* Examining safeguards and vulnerabilities
* Assessing the effectiveness of the current security program
* Developing loss event scenarios
* Developing mitigating recommendations
* Conducting a cost benefit analysis for implementation