The Medical Republic has published a very interesting report on Friday.
18 September 2020
TMI? Privacy concerns over eScripts
The RACGP has expressed concerns over the Active Script List, which could allow any participating pharmacy to see medications a patient may want to keep discreet.
The purpose of the ASL is for patients to be able to have their medicines dispensed at a pharmacy, without the need to present their paper or digital script.
The system will use the existing eScripts token model to enable consenting patients to have their digital scripts show up on a single list displaying all active scripts waiting to be dispensed.
But a recent meeting of the Australian Digital Health Agency (ADHA) and key stakeholders some including the RACGP, AMA, Pharmaceutical Society of Australia and the Pharmacy Guild of Australia has revealed some conflict about how the technology should populate patient medications.
To have an ASL created in the first place, patients would consent to have the live record created, likely through their community pharmacy.
But the difference in opinion comes down to whether, at the time an ASL is created, it should begin blank or populate the list with any historical eScripts or electronic transfer of prescriptions that have been generated.
Dr Rob Hosking, chair of the RACGP expert committee of practice technology and management, said the college had concerns about the risk of GPs inadvertently breaching their patient’s privacy if the latter model was adopted.
“Currently the patient has control over who views their token (script) as it resides on their phone or in their email,” he said.
But if a new ASL was to populate with all previous scripts that patient has received electronically up until that date, it had the potential to expose a patient list of all medications to any pharmacy participating in ePrescibing and electronic transfer of prescriptions, Dr Hosking said.
Dr Hosking said it would be akin to a patient leaving their paper scripts at the pharmacy, as some patients do now.
“However, currently the patient chooses which scripts to leave at which pharmacy,” he said.
“In some communities (particularly small ones) patients may not want some pharmacists knowing what scripts they are getting dispensed elsewhere.
“We would be very disappointed if the roll out of ePrescribing is impacted negatively by the implementation of the ASL if it has not been thoroughly assessed and understood by all involved.”
More here:
http://medicalrepublic.com.au/tmi-privacy-concerns-over-escripts/34588
It seems that an apparently good idea, the ASL, has a very nasty sting in the tail of removing patient control as to which pharmacists are able to know which eScripts have been filled where.
When you think about scripts that come from STD or HIV clinics it is clear patients need to have control of and consent to information flows outside the single patient and a single pharmacy.
To be privacy protective and to allow for properly obtaining patient consent will require re-design of how the ASL is derived and may require both some software re-design and process re-design. Patient education regarding their available choices will also be vital.
It certainly seems there is a lot of work to do here!
It is much more important to get the ASL right rather than rush and get it wrong.
We have seen the ADHA rush with things like opt-out and have to be pushed back by the public – it should not happen again!
What do you think?
David.
What do I (you) think?
ReplyDeleteIt will happen again, repeatedly. Too many cooks, scope too big, too much government involvement, too much peak body meddling, too much effort to satisfy everyone's wishes and biases.
ASL is yet another simple answer to a complex problem.
ReplyDeleteAnd as it says at the top:
H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."
Sadly the cooks consistently burn the salad and deliver unappetising gruel.
ReplyDeleteAnother example that highlights the fact that the ADHA know nothing about interoperability.
ReplyDeleteThree things:
ReplyDeleteAnon Sept 20 7:36 PM - do please expand - interested if you think ADoHA got any layers of interoperability right (by Accor dent or others means)
There now seems a lot of instances where encrypted data becomes unencrypted as it passes through or is picked up by various systems and varying quality. Has a end to end threat and risk assessment been conducted?
I would be interested if anyone know if a full evaluation of the consent model has been undertaken and what use and misuse cases and scenarios might have been applied.