Electronic Prescriptions, Proxy Collection and Privacy Issues for Pharmacists

The Electronic transfer of prescription information is in the first stages of implementation, with most of us who work in community pharmacy having access to (most likely) the eRx system. In this program, electronically dispensed (not hand written) prescriptions can be scanned by the bar code on the bottom of  a new script, or at the top of a repeat form and the information  contained on this prescription is safely and accurately downloaded into our dispensing software. This is a handy tool as it ensures continuity between what has been prescribed, quantity and instructions when prescription information is entered, reducing human data entry errors.

The eventual product of this program will involve a paperless system where prescriptions are “written” and connected to a patients ehealth record, this script information will then be held in a secure database until the time that the patient would like it to be dispensed. This information would then be downloaded securely to the pharmacies dispensing software through access to the patients ehealth record. This will be of such great importance when/ if the system gets off the ground and will help it work as a well oiled machine.

But I had a thought when I was driving home from University today. This paperless system sounds fantastic and will relieve some of the paperwork headaches that we all face when working in pharmacies…however, in terms of patients and the collection/request for scripts to be dispensed, privacy issues for Pharmacists may come to light.

When a doctor sees a patient, access to that patients health record is all they will need..they would not under any circumstances need to access this persons husband,brother, mother’s record if that person was not present with the original patient. Essentially doctors are not to access someones health information on the request of another patient. Even more, a doctor would never prescribe a medication for someone on the request of someone else (family, friend etc.)

The situation presented in a pharmacy is really quite different, and it opens the pharmacist profession up to more risks than they already face. Say for example, Mrs Jones comes into your pharmacy now, she has a pile of prescriptions for her and also another list for her husband. You would not think twice about dispensing these items and allowing her to collect her husband’s items on his behalf. His consent to have her collect his prescriptions is implied to us by her bringing them in along with hers- and if they are elderly/on concession they would have the same benefit number so we understand they have family connection.

Scenario Two: Mrs and Mr Jones have signed themselves up for eHealth records and are now excited about not having remember where all of their prescriptions are, they can simply go to any pharmacy and have them filled no paperwork required. Mrs Jones comes in to your pharmacy and requests 3 scripts for herself and 2 for her husband. In order to have access to this information you need to access their ehealth records, but only Mrs Jones is present. So accessing her information is no problem as you have consent from her, however how is it justified to access her husbands ehealth record on her request when he is not present? They are family yes, and previously we would have assumed implied consent, but is that really in line with the privacy principles regarding healthcare providers access to eHealth records? A doctor would not do this..so why should pharmacists be put in the risky situation this involves?

If the patient is unknown to us this could be even more awkward and lead to anger on the patients side, if they feel as though pharmacists are keeping them from information they are entitled to.

I am unsure how much thought and planning has been put in to this dilemma, however I did notice that according to the PCEHR Act (2012), commanding access over ehealth records can be granted to an authorised or nominated representative of the consumer, such as a parent of a child under 18 years, or a carer for someone with disabilities or an elderly family member/patient. However, does this mean that when signing up for an ehealth record, in order to avoid these kinds of issues consumers need to name a proxy who can request access to health information and scripts on their behalf? If this is the case, family members would be the most easily serviced, but how about that new couple who haven’t really been dating very long and the last thing that they would think of would be ehealth records. Then one gets sick and needs a script filled..how would this person go about accessing this script on their partners behalf? Through a phone call sure, but this may not be the most effective answer…how can we be sure this person is who they say they are when we cannot see them in front of us?

Further, how can we be certain that our customers will even think to name family members as authorised individuals who can ask for such things as their scripts being filled? Pharmacists cannot allow themselves to be in a situation where liability due to unauthorised access to a patients ehealth record is suspected, even if this may not be the case, if consent cannot be determined than access cannot be granted. And thus could potentially lead to anger on the part of the customer which could negatively impact the business.

Customers need to be adequately  informed of what is expected of them in regards to this before this program were to get up and running on a large scale!

There are so many unanswered questions in this area of eHealth, in some ways it seems that by making life easier in some ways we will also be making life harder in other ways….a double edged sword one might say.  No matter which way it goes more problems arise, but there is a need to bring our healthcare system into the 21st Century.

I am interested to know your thought on this topic…how would Pharmacists maintain the integrity of patient privacy if this new system was implemented on a large scale?

 

 

Tips for Maintaining Privacy with Ehealth

New developments and programs bring the need for new privacy laws and regulations. This is the case with eHealth in Australia.

From the 12th March 2014 the privacy laws and guidelines in Australia will be receiving a sort of make over and upgrade. Bigger changes than have previously been made to the Privacy Act (1988) will be implemented. The changes include the creation of 13 Australian Privacy Principles which will replace the current National Privacy Principles (for the private sector) and Information Privacy Principles (for the public sector).

These new principals include new regulations to encompass eHealth, such as the PCEHR Act 2012.

Information that is important for the public about their privacy and eHealth records can be sourced from the new Office of the Australian information Commissioner (OAIC) Website under Pubications and Resources. Factsheets number 13,14 and 15 are explicitly related to ehealth privacy, two sheets for healthcare professionals and the public. http://www.oaic.gov.au/ is a good place to start!

Tips for maintaining privacy with your Personally Controlled Electronic Health Records include:

• You are in charge of how much influence you have over the information that can be accessed by specific healthcare providers.
• Decide upon what access settings you would like as soon as you sign up, and regularly check and update these. Keep up to date with who is on your ‘access list’.
• You can organise an access code to further restrict access to your record by certain healthcare providers, or even restrict access to particular  documents if  you do not want them to be accessed. This access code would ensure that only healthcare professionals that you approve of can access your eHealth record.
• It is recommended that those who sign up or are thinking of signing up read the eHealth record System Operators privacy notices and policies to further their understanding about how their information will be handled.
• If you do not want certain information or a certain document uploaded to your eHealth record by a particular healthcare professional, you should let them know. If it has already been uploaded and they refuse to take it down you can organise for the documents removal through medicare.
• Always be sure to think it through and decide upon the importance of a document before removing or requesting its removal, as once it is removed from you eHealth record, it will not be available during an emergency.
• Remain vigilant about checking to make sure no unauthorised access to your eHealth record has occurred.
• Check your record frequently to be sure that information held on the record is up to date, correct and complete.
• One of the most important aspects of keeping your health information secure and private is by making sure you protect your record with a strong password.
• The new system is protected by the PCEHR Act (2012) which limits how information may be collected, used and disclosed. If information is not collected within these regulations then this is an interference with privacy.
• You may opt-out at any time.

Important privacy information tips for Healthcare providers include:

• Heathcare providers need to know what is expected of them under the PCEHR Act as there are serious penalties for non-compliance, (information can be collected, used and disclosed to provide healthcare to the patient)
• Develop robust practices for using the PCEHR system and be sure all staff are adequately trained
• Inform patients of any information that you will be adding, do not add information that you have not previously discussed with them.
• Do not collect more information from someone’s Ehealth record than is necessary
• Be professional and practice responsibly when collecting, using and disclosing information from a patients eHealth record.
• Understand how an eHealth record can be used in the case of an emergency

It is important that all parties involved know what their role is in maintaining privacy when it comes to eHealth records. It really is a situation where patients are just as crucial to the maintenance of their private health information as healthcare providers. One of the interesting aspects of the system where the patient seems to have the majority share of power.

Pharmacists need to be sure that they are completely up to date with current privacy laws surrounding eHealth, and understand the new changes coming in to force next year. Maintaining the integrity of our patients privacy is always paramount, and thus this new age of IT and Health collaboration means that Pharmacists need to ensure a complete understanding of their role when it comes to privacy and patient health. Pharmacists remain the middle man between doctors and patients (especially when it comes to medications), therefore they will have to learn to balance their information share between collection for healthcare reasons and collecting/ accessing more than is required.

These are interesting  times in which we do live!