- 1. Collection
- 2. Use and Disclosure
- 3. Data Security
- 4. Data Quality
- 5. Openness
- 6. Access and Corrections
- 7. Identifiers
- 8. Anonimity
- 9. Transborder Data Flows
1. Collection:
The personal information of an individual is only collected by HPS Pharmacies where it is necessary for the provision of services by the organisation.
To be able to provide a complete and appropriate pharmaceutical service to the patients and residents of our Hospital, Aged Care and Correctional Services clients, as well as individual customers, HPS Pharmacies must collect the individuals' relevant personal health information.
Certain personal information is required by law when dispensing a prescription for an individual, and the following information will automatically be collected by HPS Pharmacies as result of this requirement.
• Doctor's name, address and provider number;
• Patient's name and address;
• Patient's pension/concession number (if any);
• Name of medication prescribed, strength, quantity, number of repeats, directions for use;
• Patient's Medicare number
2. Use and Disclosure
HPS Pharmacies does not use or disclose personal health information about an individual for a purpose other than the primary purpose of collection, or where an individual would reasonably expect the organisation to use or disclose information for secondary purposes.
Circumstances in which HPS Pharmacies will use and disclose personal health information are:
• Dealings with the Health Commission
• Billing and debt recovery
• Statutory/Public Health reporting requirements
3. Data Security
HPS Pharmacies has a number of policies and procedures in place safeguarding the use of health data. These include policies covering Data Security and Use and Disclosure.
Paper Based and Hard Copies:
• All paper based and other hard copy documents containing personal health and/or sensitive information are stored securely with access only to authorised personnel.
• HPS Pharmacies adopts a 'clean desk policy' whereby all staff are responsible for ensuring that documents containing sensitive information are not left lying about or accessible to unauthorised individuals. Employees are also encouraged to report to management any security issues so that these may be dealt with immediately.
Computer and Network Security is Achieved Through:
• Access control for authorised employees through the application of user passwords and screen saver passwords;
• Limited access to shared network drives;
• Virus checking;
• Policy on disclosing computer information.
Monitoring the Flow of Information
The transfer of personal health information must be undertaken in a secure manner that protects the privacy of patients and clients. Care is needed concerning all communications of personal and/or sensitive information about individuals to third persons.
HPS Pharmacies has implemented procedures to deal with the transfer of personal health information to ensure that every effort is made to protect this information when being transferred. Where the transfer of personal health information is necessary, this is undertaken in a secure manner that ensures the protection of the privacy of patients and clients.
These policies have been written and implemented in accordance with the National Privacy Principles (Schedule 3 - Data Security).
4. Data Quality
Records collected and stored by HPS Pharmacies are kept in accordance with National Privacy Principles (Schedule 3 - Data Quality). Every effort is taken to ensure all personal records kept by HPS Pharmacies are accurate and up to date.
5. Openness
HPS Pharmacies adopts a policy of openness required under the National Privacy Principles. Materials relating to the management of personal information is available to all clients and, upon request, HPS Pharmacies will disclose the type of personal information held, its collection, purpose and how it is used and disclosed.
6. Access And Correction
Wherever possible, an individual will be provided access to their personal health information, and the opportunity to amend any incorrect information held by HPS Pharmacies. Where access and correction is denied due to certain circumstances, a reason for denial will be given.
7. Identifiers
The use of identifiers assigned to clients and individuals by Commonwealth Government Agencies is limited to activities necessary to fulfil HPS Pharmacies obligations in prescribed circumstances.
8. Anonymity
Wherever it is lawful and practicable, clients and individuals have the option of not identifying themselves when entering transactions with HPS Pharmacies. However, due to the primary function and responsibilities of the organisation the right to remain anonymous will be limited.
9. Transborder Data Flows
HPS Pharmacies will take all reasonable steps to ensure the protection of all personal health information that is sent interstate or outside Australia. Every effort will be made to ensure that the information transferred will not be held, used or disclosed by the recipient of the information in a manner that is inconsistent with the National Privacy Principles.
Ensuring Employees Are Aware Of Their Privacy Requirements
All current employees at HPS Pharmacies undertake Staff Development Sessions informing them of the requirements of the Privacy Act 1988 and their responsibilities as a result of the Act.
New staff members are educated on the subject as part of the induction process and privacy obligations outlined and agreed to as a component of the employment contract.
At HPS Pharmacies we recognise our responsibility to educate staff adequately to enable them to meet their requirements under the Act and therefore every effort is made (through inductions, ongoing staff development sessions, memos and monthly newsletters etc) to ensure staff are kept informed about Privacy requirements.