Privacy Awareness Week held from 3 – 9 May emphasised the need for organisations to embed privacy practices into business as usual processes – privacy everyday!
You as pharmacists have access to privileged and confidential patient information everyday, it’s important to know how privacy laws affect your pharmacy.
The Guild has produced a set of key guidance resources that assist members with their privacy obligations. Our new privacy resource, Privacy and pharmacy: What does it mean for you? is available on the Guild website. Members can log in to access this resource.
An important aspect to privacy and pharmacy is disposal and retention of patient records.
What are the legal requirements covering the disposal and retention of patient records?
Pharmacists handle personal and sensitive health information of their patients. Legal requirements affecting what can and can’t be done with this information changed last year with the introduction of the Australian Privacy Principles (APPs)[i].
Pharmacists including community pharmacies, pharmacist consultants and other pharmacy businesses are considered a ‘health service’ under the Privacy Act according to the Australian Government’s Office of the Australian Information Commissioner.
Pharmacists are required to take ‘reasonable steps’[i] to destroy or de-identify personal information about patients while meeting specific other legal requirements to retain records of prescriptions for varying lengths of time.
Once there is no longer a legal requirement to retain documents then reasonable steps should be taken to dispose of the documents. This raises the question of what regulations and legislation governs the retention and disposal of information by pharmacists in Victoria.
How long should pharmacies keep specific information?
- Pharmaceutical Benefits Scheme prescriptions must be kept for at least two years after supply.[i]
- Records of each controlled drug, poison and controlled substance transaction must be kept in a readily retrievable form for three years from the date of the transaction.[i]
- The record of the prescription must be retained in a secure place at the pharmacy or pharmacy department for at least three years. This ordinarily will apply to computer records.[i]
Introduce Best Practice Principles for Disposal
Introduce best practice principles for your pharmacy’s document disposal processes.
Correct disposal of information can prevent business from being fined or receiving negative publicity.
The risks of identity theft and corporate espionage have ended the days of throwing everything in the rubbish or recycle bin.
If any confidential information was to end up in the wrong hands there are fines of up to $1.7million for a breach of the Privacy Act 2012.
A ‘shred-all’ policy has become world’s best practice for business for all information that does not have to be stored for legal or business reasons. This takes the guesswork out of decisions that employees make on a day-to-day basis.
A business is responsible for personal and health information from creation to destruction, even if the destruction process is conducted by a third party at another location. In order to eliminate the risk of misuse or disclosure of information during the disposal process you can engage a shred on site service where all documents are destroyed before they leave your business.
Visit www.shredonsite.com.au or call 1300558876 to find out more.
[i]Australian Privacy Principles, Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which amends the Privacy Act 1988. Details of each APP are available from the Office of the Australian Information Commissioner (OAIC) www.oaic.gov.au
[i]Australian Privacy Principles (APP 11) Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012
[i]National Health (Pharmaceutical Benefits) Regulations 1960, regulations 32, 32A and 32B
[i]Drugs, Poisons and Controlled Substances Regulations 2006, regulation 41(3)
[i]Pharmacy Regulation Act 2010, section 32(4)(a)
