Array ( [b67c82b4d2174f499b95c16148a18a28] => 6bgb3mugqku0istn0jeibq7f46 [option] => com_content [Itemid] => 661 [id] => 641 [lang] => en [view] => article [layout] => default )
Articles / Case Studies

Legal Liability and the Pharmacist

The number of enquiries received by the Victorian Branch of the Pharmacy Guild of Australia concerning data sharing and allowing third party access to pharmacy computers is on the increase. Recently a question posed concerned what were the legal implications of allowing a third party access to the pharmacy computer to identify patients who may benefit from the HMR program. As a result the Pharmacy Guild sought a legal opinion from Paul Baker, Managing Principal of Meridian Lawyers who heads up the legal team handling legal liability claims for Guild Insurance Limited. The following is an outline of his response to this particular query.

Under no circumstances should a third party be allowed access to a pharmacy computer or for that matter any dispensary or business records which may identify a patient including in relation to a patient's medication history without the express consent having been obtained from the patient. I am aware of the fact that there have been instances recently where requests have been made of pharmacists to review dispensing data with a view to identifying patients on multiple medications who may benefit from the HMR program. My understanding is that once these patients have been identified contact is then made with the relevant general practitioner with a view to facilitating the patient being placed on the scheme.

While the thinking behind such a course of action may have health benefits for patients such conduct is in flagrant breach of a number of laws including the Privacy Act 1988 (Cth) and the Health Records Act 2001 (VIC). Significant penalties apply for such breaches and my view is that if such conduct was proven there would be the potential for civil action to be brought against the pharmacist for breach of confidentiality as well as disciplinary action by the professional body (i.e. the Pharmacy Council). I should also add that even if this information was obtained by a pharmacist or one of their employees contacting the general practitioner or using that information in any way without the patient's consent also constitutes a breach of the legislation and gives rise to the same legal consequences applying to third party access in the circumstances referred to in the question posed.

Pharmacists should also be aware of the fact that insurance protection is unlikely to arise in such circumstances given the conduct involves what is essentially tantamount to a criminal act.

Over the past decade there has been significant developments in the law concerning privacy which has resulted in strict obligations on health professionals concerning patient confidentiality. As such the law now stringently regulates the collection, storage, use, access, disclosure and destruction of a patient's personal information. The laws reflect the general principle that an individual has a right to privacy and that no third party should be entitled to access any personal information including pharmacy records without the express consent of the patient/s concerned.

There are now Commonwealth and state privacy laws that apply to pharmacists. Generally speaking the laws mirror and complement each other.

If a pharmacist breaches the legislation a patient can complain to either the Commonwealth Privacy Commissioner or the Health Services Commissioner. As indicated the Commissioners are able to impose significant penalties on offenders and their investigation will entail a review of the nature of the breach, the frequency and what action has flowed as a result of access to such information.

In my view allowing third party access to pharmacy records without patient consent in circumstances where not only the names of the patients are accessed and utilised but also where the access provides full medication histories and general practitioner contact details is at the higher end of the severity scale.

Under the Victorian legislation where a breach is established and a compliance notice issued a failure on the part of a pharmacist to comply with that notice can result in a fine of up to $300,000.

As stated my view is that such conduct would likely to be deemed to be tantamount to professional misconduct which also would expose a pharmacist to various sanctions including the potential for an additional financial penalty.

So in conclusion this is certainly conduct which is contrary to the law and gives rise to serious potential ramifications for an offending pharmacist.

 

Prepared by Paul Baker on behalf of Guild Insurance Limited for the Pharmacy Guild of Australia Victorian Branch May 2011

Guild Insurance Limited AFS Licence No. 233791
Subscribe to our email newsletter!

Want to know more?

Guild services for Pharmacy

For details on Guild Insurance services for Pharmacy, visit our website.

Next Steps

Get in contact with Guild or find a Pharmacy Guild of Australia branch.