About

DrugSource, Inc., established in 1994, is a Mail Order Pharmacy and fulfillment company based on the principles of integrity, respect, honesty and family. These principles have allowed DrugSource to grow with the industry in the last 20 years.

Our facility is located in Elk Grove Village, IL.

 

VIPPS CERTIFICATION

DMEPOS ACCREDITATION

SECURITY

BREACH NOTIFICATION 

INNOVATIVE OVER-THE-COUNTER (OTC) PROGRAM

 

 

 

VIPPS CERTIFICATION

DrugSource became a VIPPS certified pharmacy in February 2005.

To become VIPPS certified, a pharmacy must comply with licensing and inspection requirements of their state and each state to which they dispense pharmaceuticals. In order to display the VIPPS seal, pharmacies must have demonstrated to the National Association of Boards of Pharmacy (NABP) compliance with VIPPS criteria including:

  • Patient rights to privacy
  • Authentication and security of prescription orders
  • Adherence to a recognized quality assurance policy
  • Provision of meaningful consultation between patients and pharmacists


 (Back to the Top) 
 

 

 

DMEPOS ACCREDITATION

Our DMEPOS Accreditation is for Diabetic Supplies for Medicare Part B Billing through the National Association of Boards of Pharmacy (NABP).

Under strict guidelines, the Centers for Medicare and Medicaid (CMS) work with the NABP to review DrugSource's:

  • DMEPOS policies and procedures
  • Business Services Quality Standards
  • General Product-Specific Standards

(Back to the Top)


  

SECURITY

DrugSource utilizes the utmost, secured, private cloud solution available.

The cloud infrastructure is:

  • Certified by the Health Information Trust Alliance (HITRUST) that addresses HIPAA compliance requirements
  • Validated compliant as a Level 1 Service Provider (highest level) by the Payment Card Industry Security Standards Council (PCI SSC).
  • Built to uphold data sovereignty requirements for the PATRIOT Act and EU Data Protection directive

 

Sensitive and regulated data is secured in the infrastructure that includes:

  • Intrusion Detection
  • Web Application Firewalls
  • Patching
  • Malware protection
  • Log Management
  • Vulnerability monitoring
  • Hypervisor Firewalls

(Back to the Top)  

 
 

Breach Notification

A. Notification to Individuals

Standard:

1. General Rule: 
   a. DrugSource, Inc. shall, following the discovery of a breach of unsecured protected health information, notify each individual whose unsecured protected health information has been or is reasonably believed by the DrugSource to have been, accessed, acquired, used, or disclosed as a result of such breach.
2. Breaches treated as discovered.
   a. A breach shall be treated as discovered by DrugSource as of the first day on which such breach is known to DrugSource. DrugSource shall be deemed to have knowledge of a breach if such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is a workforce member.

B. Implementation specification - Timeliness of notification:

1. DrugSource shall provide the notification required by paragraph (a) of this section without unreasonable delay and in no case later than 60 calendar days after discovery of a breach.

C. Implementation specifications - Content of notification:

1. Elements
   a. The notification required shall include, to the extent possible:
      i. A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known;
      ii. A description of the types of unsecured protected health information that were involved in the breach (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved);
      iii. Any steps individuals should take to protect themselves from potential harm resulting from the breach;
      iv. A brief description of what the covered entity involved is doing to investigate the breach, to mitigate harm to individuals, and to protect against any further breaches; and
      v. Contact procedures for individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
   b. Plain language requirement. The notification required under Paragraph A-1 described above shall be written in plain language.

D. Implementation specifications: Methods of individual notification.

1. The notification shall be provided in the following form:
   a. Written notice.
      i. Written notification by first-class mail to the individual at the last known address of the individual or, if the individual agrees to electronic notice and such agreement has not been withdrawn, by electronic mail. The notification may be provided in one or more mailings as information is available.
      ii. If the covered entity knows the individual is deceased and has the address of the next of kin or personal representative of the individual written notification by first class mail to either the next of kin or personal representative of the individual. The notification may be provided in one or more mailings as information is available.
   b. Substitute notice.
      i. In the case in which there is insufficient or out-of-date contact information that precludes written notification to the individual, a substitute form of notice reasonably calculated to reach the individual shall be provided. Substitute notice need not be provided in the case in which there is insufficient or out-of-date contact information that precludes written notification to the next of kin or personal representative of the individual.
      ii. In the case in which there is insufficient or out-of-date contact information for fewer than 10 individuals, then such substitute notice may be provided by an alternative form of written notice, telephone, or other means.
      iii. In the case in which there is insufficient or out-of-date contact information for 10 or more individuals, then such substitute notice shall:
         (A) Be in the form of either a conspicuous posting for a period of 90 days on the home page of the Web site of the covered entity involved, or conspicuous notice in major print or broadcast media in geographic areas where the individuals affected by the breach likely reside; and
         (B) Include a toll-free phone number that remains active for at least 90 days where an individual can learn whether the individual's unsecured protected health information may be included in the breach.
   c. Additional notice in urgent situations.
      i. In any case deemed by DrugSource to require urgency because of possible imminent misuse of unsecured protected health information, DrugSource may provide information to individuals by telephone or other means, as appropriate, in addition to the written notification described in Paragraph D.1 described above.

E. Notification to Individuals

Standard:

1. For a breach of unsecured protected health information involving more than 500 residents of a State or jurisdiction, DrugSource shall, following the discovery of the breach, notify prominent media outlets serving the State or jurisdiction.

Implementation specification: Timeliness of notification.

2. Except as provided in §164.412 of the Privacy Rule related to law enforcement delays (see Paragraph H below), DrugSource shall provide the notification described in this Paragraph E without unreasonable delay and in no case later than 60 calendar days after discovery of a breach.

Implementation specifications: Content of notification.

3. The notification to be provided hereunder shall meet the requirements of §164.404(c) of the Privacy Rule related to the content of notifications to be provided to individuals in the event of a breach.: Content of notification under Notification to Individuals.

F. Notification to the Secretary

Standard:

1. DrugSource shall, following the discovery of a breach of unsecured protected health information, notify the Secretary of Health and Human Services (HHS).

Implementation specifications - Breaches involving 500 or more individuals:

2. For breaches of unsecured protected health information involving 500 or more individuals, DrugSource shall provide the notification contemporaneously with the notice given to Individuals and in the manner specified on the HHS Web site.

Implementation specifications: Breaches involving less than 500 individuals:

3. For breaches of unsecured protected health information involving less than 500 individuals, DrugSource shall maintain a log or other documentation of such breaches and, not later than 60 days after the end of each calendar year, provide the notification for breaches discovered during the preceding calendar year, in the manner specified on the HHS web site.

G. Notification by a Business Associate

1. Standard:
a. A business associate shall, following the discovery of a breach of unsecured protected health information, notify DrugSource of such breach.
b. A breach shall be treated as discovered by a business associate as of the first day on which such breach is known to the business associate or, by exercising reasonable diligence, would have been known to the business associate. A business associate shall be deemed to have knowledge of a breach if the breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is an employee, officer, or other agent of the business associate (determined in accordance with the Federal common law of agency).
2. Implementation specifications: Timeliness of notification.
a. Except in the event of a delay under §164.412 related to law enforcement under Paragraph H below, a business associate shall provide the notification without unreasonable delay and in no case later than 10 calendar days after discovery of a breach.
3. Implementation specifications: Content of notification.
a. The notification to be provided by the Business Associate shall include, to the extent possible, the identification of each individual whose unsecured protected health information has been, or is reasonably believed by the business associate to have been, accessed, acquired, used, or disclosed during the breach.
b. A business associate shall provide DrugSource with any other available information that DrugSource is required to include in a notification to the individual at the time of the notification or promptly thereafter as information becomes available.

H. Law Enforcement Delay

1. If a law enforcement official states to DrugSource or its business associate that a notification, notice, or posting required under this subpart would impede a criminal investigation or cause damage to national security, a covered entity or business associate shall:
   a. If the statement is in writing and specifies the time for which a delay is required, delay such notification, notice, or posting for the time period specified by the official; or
   b. If the statement is made orally, document the statement, including the identity of the official making the statement, and delay the notification, notice, or posting temporarily and no longer than 30 days from the date of the oral statement, unless a written statement is submitted during that time.
 
Employees must cooperate with federal or state investigations when needed. Employee must follow the direction of law enforcement.  
 
(Back to the Top)
 
 
 

INNOVATIVE OVER-THE-COUNTER (OTC) PROGRAM

DrugSource, Inc. has developed an innovative program to administer an Over-the-Counter (OTC) benefit to members.

The benefits of this program include:

  • Home delivery to each member
  • Customer service center available to assist members in ordering, tracking of orders, etc.
  • Proprietary software developed with the end user in mind as well as focusing on Client needs
  • Automated processes are used to maintain and track eligibility files, member balances and member purchases
  • Program is tailored to each plan to fit their needs Website developed to the specific needs of client
  • Website and software can handle multiple groups, varying benefit amounts, etc. DrugSource tracks monthly/quarterly benefits amounts, delivery confirmations, benefit rollovers
  • Ability to track retail purchases; Reimbursaement program available via admin tool
  • Upon request, POS option may be available with ability to interface
  • Eligibility can be downloaded multiple times per month through our secure FTP site Client can choose and select products from approved CMS product categories
  • Client can designate specific limitations on a product level (for Fraud, waste and abuse monitoring)
  • Member orders through the customized website or contacts a member of our customer service team
  • Program can consist of accumulated monthly/quarterly benefit or “use-it-or-lose it” benefit;
  • Electronic Billing
  • Designated account representative will be available to respond to grievances, Client questions
  • Survey reporting is available; customizable to Client specifications
  • Phone reporting is available to maintain compliance with CMS guidelines
 
(Back to the Top)  
 
 

PROS & CONS OF MAIL vs RETAIL

Pros – Utilizing Mail Order

  • Convenient shopping online and delivery to home
  • Privacy shopping for personal items, such as Incontinence supplies
  • Easy to use web-based program
  • Pharmacist available for consultation for both prescriptions and OTCs
  • Customer Service representatives are available to assist with ordering; website available to member to purchase products
  • Representatives available for questions on orders and the tracking of packages
  • Product availability; member is aware of every product that is available for purchase using the benefit
  • Higher value/cost savings to member
  • Reporting Capabilities

 

Cons – Utilizing Retail

  • Cards issued for retail purchases must be fully funded
  • Upfront costs are continuous to Plan, along with a per member / per month fee
  • Potential for Fraud & Abuse is higher because retailers do not want to be bothered with member verification
  • Product Availability and member questions what Plan covers

 

(Back to the Top)
 
 
 

OTC WEBSITE FEATURES

Ordering is as easy as 1-2-3!

  1. Log into your account
  2. Add items to your shopping cart
  3. Check out using your accumulated funds

 

  • Member eligibility will be monitored by typing in a user name and password
  • Displays the benefit allowed, the available benefit, and how many orders the member has placed that month
  • Member can check and reorder from orders in their history

 

OTC WEBSITE ADMIN TOOL

  • Admin tool is securely accessed by using a user name and password
  • Eligibility files are uploaded at designated times
  • Client can be emailed when DrugSource receives files
  • Displays allotted benefit, used benefit, eligibility dates, when member was created Can search by ID number, First Name, Last Name • Reports are easily downloaded directly from admin tool

 

OTC PROGRAM REPORTING

Product and order reports include:

  • Member information
  • Date of order
  • Tracking numbers
  • Amount of funds allotted/utilized
  • Products ordered (displayed only on product report)
  • Reports are line-by-line data pulled directly from the database of all information
  • Utilization reports can be created using this data to report on trends and dollar usage
  • Order and Product reports are available for download
  • Customer contact data update reports which supplies client with updates in customer’s demographics if it is modified by the customer during the check-out process
  • Customer modifications reports, which include all changes to customer by client or DrugSource as tracked via the admin tool (modification to a customer’s account balance, etc.)
  • Data exports such as product UPCs and NDCs can be downloaded to PBM for integration

(Back to the Top)

DrugSource, Inc. is changing the face of mail order pharmaceuticals, OTC, and DME. Growing through customer satisfaction since 1994.

Print This

HITRUST
pharmacy
NAPB
Verified Internet Pharmacy Practice Site