Share
PRP Insights: Privacy, Confidentiality and Security of Patient Health Information
The Practice Review Program is fully underway in community pharmacies across the province. As Compliance Officers conduct more practice reviews, they are noticing opportunities for the College to provide clarification to pharmacy professionals on selected areas of common concern.
This installment of Practice Review Program Insights focuses on properly maintaining patient information in accordance with College standards.
The patient health information that pharmacists and pharmacy technicians collect, use, disclose, store, and dispose of is considered confidential. In addition to requirements set out in the Bylaws, the College’s Code of Ethics states that registrants must respect their patient’s right to privacy and confidentiality.
Compliance Officers have seen the following examples of non-compliance related to confidentiality during a Pharmacy Review:
- Pharmacy Pick-Up Counter
Patient health information (on a prescription) is visible to the public from outside of the pharmacy. In addition, the filled prescriptions are stored in clear bags/bundles and – despite being stored behind the pharmacy counter – are visible to the public.
This pharmacy is not compliant as HPA Bylaw Part VII – 74(a) states that a registrant must ensure that all records pertaining to his or her practice, and containing personal information about patients are safely and securely stored at the pharmacy, and are not visible by the public.
- Dispensary Area
Registrants would regularly have conversations about a patient and/or prescription within the dispensary that was clearly heard by the public. In addition, registrants would also continue conversations at the Drop-Off and Pick-Up counter.
This pharmacy is not compliant as HPA Bylaw Part VII – 77(1) states that a registrant must make reasonable security arrangements to protect personal information, including ensuring that dispensary staff are aware of the level of volume of conversations and cannot be heard from outside of the dispensary area.
Be mindful when speaking with patients about their medications. If a patient is hard of hearing, it would be best to take them aside or to a more private area.
- Transferring Patient Health Information
A pharmacy uses an external document disposal / shredding service for all pharmacy generated documents that are discarded. The pharmacy manager was unable to produce a contract for the processing, storage or disposal of the transferred patient’s personal health information.
This pharmacy is not compliant as HPA Bylaw Part VII – 78 states that a registrant must ensure that a contract is made when transferring patient information, which includes an undertaking by the recipient that confidentiality and physical security will be maintained.
- Receipts and Mini-Medication Profile
A pharmacy provides receipts to all patients with a mini-medication history and profile.
While this practice may be helpful, it is important to consider the following questions:
- Is this mini-medication profile provided directly to the patient or to the patient’s representative?
- Has the patient given consent to provide such information?
This pharmacy would be compliant with College standards as long as, under HPA Bylaw Part VII – 72(a), a registrant maintains confidentiality of the patient’s health information and may disclose that information only if the patient has consented to the disclosure.
Privacy, confidentiality and security go hand-in-hand when it comes to protecting a patient’s personal health information. In pharmacy practice, pharmacists and pharmacy technicians provide vital services to the public on a daily basis and need to ensure that they protect confidential patient information at all times.
- Practice Review Program, PRP Insights
