APRIL,Edition # 24, 2001

In April 2000, the Privacy Amendment (Private Sector) Bill 2000 was introduced into Federal Parliament. It was passed by the House of Representatives and the Senate in early December 2000.
It comes into effect on the 21st December 2001.
The Act amends the federal Privacy Act of 1988 to extend coverage to the private sector in Australia. It is supposed to be a "light touch" legislative regime based around National Privacy Principles.
However, there are some limitations, and the Act does not extend to the handling of all personal information by the private sector, examples being:

* Small businesses with a turnover of less than $3 million per annum.
* Employee records (including health information stored on those records).
* Media
* The collection, use and disclosure of information by political parties.

Of special note for pharmacists is the fact that the small business exemption does not extend to providers of health services.
All health services holding health information will have 12 months (from last December) to ensure they comply with the new scheme. All other small businesses covered by the new provisions, will have to comply by December 2002 i.e. they get an extra 12 months.
Over the course of 2001, the Privacy Commissioner, Malcolm Crompton, will be consulting with health consumers and professionals to develop guidelines in regard to the accessing of health information.
"The Privacy Act will give Australians greater control over the use of their personal information when they deal with government, business and other private sector organisations, while providing the regulatory tools to build a culture that respects privacy", said Mr Crompton.
"Some businesses and organisations are already in a strong position to comply with the Act, while others may need to do some work to get their privacy house in order to conform to the Act", stated Mr Crompton
It is the latter statement that should be galvanising pharmacists into action, because a quick audit of most community pharmacies would reveal glaring breaches, which will become actionable.
That action could come at a high cost in monetary terms.
One expert opinion provided by Roger Clarke, a Visiting Fellow attached to the Department of Computer Science, at the Australian National University, describes the Act as "not a privacy protection instrument", that it is "an attempt to legitimise a vast array of privacy-invasive activities of corporations", that it is "extraordinarily complex" and that the "intended and accidental loopholes it contains will excite lawyers for many years".
While I am not in a position to debate the accuracy or otherwise of Mr Clarke's statements, one thing I am sure of is that excited lawyers are expensive lawyers, no matter which side of the fight you are embroiled in.

What the Act will allow, includes the storage of electronic lists.
People will have the legislative framework to stop their details being included, but may need tenacity to defend themselves. Organisations asking for personal details must take "reasonable steps" to seek permission to gather, use or on-sell. Competitions offering expensive prizes in return for a mass of personal detail, will no longer be able to be used as a means of compiling commercial data, unless the entry form carries a warning.
Sensitive information, such as ethnicity or sexual preference, which has the capacity to be used in a discriminatory manner, is disallowed.
There is one area that will not be corrected.
Many people are already on databases without their knowledge.
They are unaware of how accurate the information previously compiled is, and therefore cannot challenge the record.
These databases are allowed to remain unchallenged.
Future data collection will still be able to occur, so long as the fine print contains a warning. As many Internet based services require the giving of personal details before accessing the service, it is likely that the collection of personal data will continue without impediment.
Many will assume aliases and provide false details in an attempt to avoid the dinnertime phone call from your local, but friendly, telemarketer. If such calls continue to interrupt the privacy of too many households, there will be further activity to stiffen the laws.
The information superhighway has brought many benefits to society, but has come with a high price tag...a continuing and increasing assault on individual privacy.
Never before has there been such a capacity to collect, store, manipulate and mobilise personal data on such a grand scale.
While the collection of medical data is generally beneficial for the individual, other forms of data collection are not, and create nuisance and pressure.
Just another form of stressful manipulation in an already overstressed society.

In a management article written a few editions back, I pointed out that an entirely new breed of managers is being trained and developed in corporations, to handle the management problems of the new millennium.
One of these management designations was the Privacy Manager.
It is the function of this manager to ensure that there are written policies setting out how the organisation develops procedures to protect individual privacy.
This manager will also conduct regular audits to ensure that the policies are working and will periodically arrange for an external audit by a specialist consultant to ensure there are no blind spots. He will ensure that privacy agreements are signed by all staff.
Most pharmacy proprietors will be the designated privacy managers for their own business, adding to an already complex array of procedures that have to be endured.
Endure it you must, because the consequence can be financial and professional ruin, even if accusations made against you prove to be false.

I would like to describe two recent privacy events that I have had personal knowledge of.
One involved a complaint made by two HIV positive patients against a local rural hospital.
The other involved a cynical political beat-up by the federal Shadow Minister for Health, against a progressive Australian company.
The reason?
The need to fill some media coverage for that week.
The president of the Australian Medical Association, Kerryn Phelps, simultaneously made some highly inaccurate claims, and without checking facts with the company, gave the media a field day.
Through no fault of its own, this progressive Australian company had to rally very quickly to defend itself.
Even as I write, discussions are going on with Privacy Commissioner Malcolm Crompton,and the AMA. The discussions were initiated by the company.
Because the company is an ethical company and has a history of successful alliances it will recover.
But the cost has been management anguish, a substantial drop in share price, and a dose of public criticism that should never have occurred.

I will describe the events around the HIV patients in this article, and in a separate article following on from this, I have invited the company to give its own version of events.

Recently, a local rural hospital received a telephone complaint about the non-delivery of some HIV medication involving two outpatients. The complaint was made with the chief pharmacist, and after a lot of heated comment, where the words "official complaint" and "discrimination" were bandied about, tempers cooled and an offer was made, and accepted.
Both patients were invited by the chief pharmacist to address all the pharmacy department staff, to give an insight into what life was like being HIV positive, the difficulties of medication compliance, illustrations of discrimination, the lack of privacy and the support systems the "gay" community utilised to survive.
The address duly took place, with pharmacy staff asking many questions.
The discussion on privacy was revealing.
Both patients lived one hour's driving time from the hospital, but five minutes away from their own local hospital, where their HIV medications could be dispensed.
They would not patronise their local hospital because too many of the staff knew them in their social setting within the local community, and they feared discrimination. The structure of their local hospital pharmacy was not "privacy-friendly", as they had to stand shoulder to shoulder in front of a narrow doorway containing an open panel, and virtually shout their requirements to the pharmacist on the other side.
So they drove one hour to the next hospital pharmacy.
Here, the front access was a little less restrictive, but they had to share the space with other patients, visiting hospital staff and a waiting room full of pregnant women.
Privacy here was given a very low score by these patients.
The point of this narrative is that it was only the diplomatic handling by the chief pharmacist that averted an official complaint, which could have been turned into an action for breach of privacy, by an astute lawyer.
These patients were intelligent and were political activists within the gay community. They described to staff how they "networked like mad" with other members of their community and that basically Australian pharmacy was divided into two camps in their view..."gay friendly" and "all the others".
Only "gay friendly" pharmacies receive support from the gay community, and their business is quite substantial, even though their S100 medication was generally obtained from hospitals. With the rules now relaxed for S100 supply, those "gay friendly" pharmacies will be the recipient of an astounding dollar volume of business.

Now the above events could have happened in your community pharmacy.
Are you equipped to handle a legal action from an HIV patient?
Would you have been able to handle it as diplomatically?
And what about the second instance involving the company, where you might find yourself embroiled in a political controversy around privacy?
Could you have handled it?
There have already been reported instances where pharmacy patient records and prescriptions have appeared in the local rubbish dump, probably resulting from a clean out of old files. Good fodder for the local politicians.
Would you be this careless?
Honestly?
And what about the areas in your pharmacy designated for handing out medicines and for counselling/consulting patients.
Are these areas really private?
Have your staff signed privacy agreements and do you separate your information internally on a "need to know" basis?
Are your computers password protected and do you have differing levels of security within those passwords?
Are you certain that non-clinical staff are quarantined from clinical information?
Does your account information disguise medication details so that your bookkeeper cannot deduce patient treatments?
Start answering some of these questions and invest in privacy management.
You have only until the end of this year to work it out.
Click on the "Next Article" link below to read Part2, illustrating the second case history.
ends

Previous Article

Next Article

The comments and views expressed in the above article are those of the author and no other. The author welcomes any comment and interaction that may result from this and future articles.

* If you have found value in this newsletter, please share it with a friend, or alternatively, encourage a colleague to subscribe at neilj@computachem.com.au .
* Don't forget to advise of any change in your e-mail address so that your subscription may be continued without interruption.
* Letters to the editor are encouraged, or if you have material you would like published, please forward to the editor.
* You are invited to visit the Computachem web site at http://www.computachem.com.au .
* Any interested persons who would like to receive this free newsletter on their desktop each fortnight, please send a single word e-mail "Subscribe" to neilj@computachem.com.au .
* Looking for an organised reference site for medical or other references? Why not try (and bookmark) the Computachem Interweb Directory , for an easily accessed range of medical and pharmacy links, plus a host of pharmacy relevant links.
The directory also contains a very fast search engine for Internet enquiries

Back to Article Index
Article Archive 2000
Article Archive 2001
Home