Medical & Pharmacy Delivery Setup

Medical and pharmacy deliveries require special compliance, security, and documentation. This guide shows you how to configure DeliverNorth for healthcare delivery requirements.

HIPAA Compliance Overview

DeliverNorth is designed to support HIPAA compliance requirements for healthcare deliveries:

• Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
• Access Controls: Role-based permissions limit who can view delivery information
• Audit Trails: Complete logs of all access and changes to delivery records
• Secure Storage: Data stored on HIPAA-compliant AWS infrastructure
• BAA Available: Business Associate Agreements provided for covered entities

Step 1: Understanding Proof of Delivery Options

When creating deliveries in DeliverNorth, you can dynamically select what proof of delivery is required for each delivery. This allows you to customize requirements based on the type of medication or medical item being delivered.

Available Options During Delivery Creation:

• Signature Required: Capture digital signature from recipient
• Photo Required: Take photo of delivered package or location
• ID Verification Required: Capture government-issued ID information (for controlled substances or age-restricted medications)
• Recipient Name: Record who received the package
• Relationship to Patient: Record relationship (self, spouse, caregiver, etc.)
• Age Verification: Verify recipient is of legal age

Check the appropriate boxes when creating each delivery based on your pharmacy's policies and regulatory requirements.

Recommended Settings by Delivery Type:

Step 2: Train Your Drivers on Medical Delivery Procedures

Ensure your drivers follow proper procedures for medical deliveries:

Driver Checklist:

1. Verify recipient identity (check ID if required)
2. Confirm recipient relationship to patient (self, spouse, caregiver, etc.)
3. Capture digital signature on mobile device
4. Take photo of package at delivery location
5. Provide any required instructions (e.g., refrigeration, handling)
6. Complete delivery in app immediately

Privacy Training:

• Do not discuss patient health information
• Keep packages concealed during transport
• Never leave medications unattended
• Follow HIPAA privacy rules at all times

Step 3: Set Up Access Controls

Limit who can view sensitive delivery information:

1. Go to Settings → Users
2. Assign roles with minimum necessary access:
   • Pharmacist/Manager: Full access to all deliveries
   • Dispatcher: Create and assign deliveries, view delivery status
   • Driver: View only assigned deliveries (not other deliveries)
3. Enable two-factor authentication (2FA) for all accounts

Step 4: Understand Audit Logging

DeliverNorth automatically logs all delivery activity for compliance audits. You don't need to configure this - it happens automatically.

What's Logged:

• Delivery creation (who created it, when)
• Delivery assignments (which driver, when assigned)
• Status changes (picked up, in transit, delivered)
• Proof of delivery capture (signature, photo, ID verification)
• User logins and access to delivery records
• Any modifications to delivery information

Accessing Audit Logs:

1. Go to Reports → Audit Logs
2. Filter by date range, user, or delivery
3. Export to PDF or CSV for record-keeping

Step 5: Handle Failed Deliveries

For medical deliveries, failed delivery procedures are critical:

Configure Failed Delivery Settings:

1. Require reason for failed delivery:
   • No answer
   • Recipient refused
   • Unable to verify identity
   • Incorrect address
2. Set return-to-pharmacy protocols:
   • Driver marks delivery as failed
   • Package returned to pharmacy same day
   • Pharmacy logs return and contacts patient
3. Document failed delivery attempts:
   • Timestamp of attempt
   • Reason for failure
   • Notes from driver
   • Photo of location (if applicable)

Step 6: State Pharmacy Board Compliance

Most state pharmacy boards require similar delivery standards:

• Patient Verification: Confirm identity at delivery
• Signature: Obtain signature from recipient
• Audit Trail: Maintain records of all deliveries
• Privacy: Protect patient confidentiality during delivery
• Timely Delivery: Deliver within appropriate timeframe

DeliverNorth's default settings meet most state pharmacy board requirements. Check your state's specific regulations and ensure your drivers are trained accordingly.

Step 7: Temperature-Controlled Deliveries

For medications requiring temperature control:

1. Mark delivery as temperature-sensitive:
   • Add special handling flag in delivery notes
   • Set tight delivery window (e.g., 2-hour window)
2. Provide driver instructions:
   • "Keep refrigerated during transport"
   • "Deliver within 2 hours of pickup"
   • "Do not leave unattended"
3. Document cold chain compliance:
   • Pickup time (when removed from pharmacy refrigerator)
   • Delivery time (when handed to patient)
   • Total time in transit

Step 8: Request Business Associate Agreement (BAA)

If you're a covered entity under HIPAA, you need a BAA with DeliverNorth:

1. Email support@delivernorth.com
2. Request a Business Associate Agreement
3. Provide your organization name and contact information
4. We'll send you the BAA for review and signature
5. Return signed BAA via email or mail

Best Practices for Medical Deliveries

• Minimize data collection: Only collect the minimum information necessary
• Train drivers regularly: Conduct HIPAA privacy training at least annually
• Secure devices: Ensure driver phones have passcodes and encryption enabled
• Review audit logs: Regularly check for unusual access patterns
• Document procedures: Maintain written policies for medical deliveries
• Incident response: Have a plan for data breaches or lost packages
• Patient consent: Obtain patient consent for delivery (your responsibility, not captured in DeliverNorth)

Compliance Checklist