[yourapostasy]

Going to need some much stronger proof than hearsay.

My clients in the financial services industry take their PCI and critical risk data access very seriously. Those clients had to share with me the software, controls and training they put into place to enforce those access rules, and I confirmed with long-time employees they've walked staff out of call centers summarily fired for joy-riding the data. I can believe the situation at hospitals can be looser, but financial services being more strict than pharma fulfillment or PBM's would be news to me. I've only had two clients in the PBM space, and they didn't seem to take their infosec lightly either, but that is a much smaller sample space so I'd be interested to hear from those who work in the trenches in PBM's or pharma fulfillment what it is like for them.