Prince Edward Island Drug Information System Privacy and Security Awareness Training
Purpose of the DIS The purpose of the PEI Drug Information System is established in section two (2) of the Pharmaceutical Information Act. 1) Electronically link authorized health care professionals with a database of patient medication profiles. 2) Provide information to support patient care. 3) Provide information to for administration government drug benefit programs. 4) Provide information for approved health reporting, evaluation, planning and research. One of the reasons for creating the Pharmaceutical Information Act was the need to focus on privacy and confidentiality because of the increased amount of information stored in the provincial wide DIS. There are several sections in the Act and Regulations that address the importance of protecting patient information. Pharmaceutical Information Act (PhIP Act) The PhIP Act outlines the reasons to access information in the DIS: Dispense a drug Counsel a patient Consult with a health care professional Conduct drug utilization review Check for interactions, duplications, or unusual dosages Determine if a prescription is consistent with accepted pharmacy practice. Consulting when carrying out a review of a patient profiles, pharmacists, prescribers and health care professionals can with their patient s consent, consult with other health care professionals. Users of the DIS are required to protect patient information. The DIS Provider Portal gives the user the ability to add the Reason for accessing a patient s profile in the DIS. Adding the reason for accessing a patient s profile is there to serve as a reminder note in case any questions arise regarding your access
of a profile. Patient Rights Passwords A patient can request to have their DIS profile password (keyword) protected. This will put them in full control of who has access to their personal health information. When a DIS profile is password protected, demographic information is still visible, however no clinical information can be viewed. Patient passwords are not auto assigned and cannot be stored. The PhIP Act and Regulations do stipulate that a password can be overridden in an emergency situation where the patient is not able to provide the password (i.e. presents to the ER unconscious). Patients requesting to have their profile password protected must do so by filling out the appropriate form (Pharmaceutical Information Program Application for Password) and submitted to the PhiP Coordinator via an Access PEI site. Identification is required. Disclosure A patient can request an access history of his/her profile. This will list all DIS users who have viewed the profile and the date of each access. Patients requesting this type of information must do so by filling out the appropriate form (Application for Disclosure) and submitted to the PhiP Coordinator via an Access PEI site. Identification is required. Application to Correct Inaccuracies If a patient requests a change to his/her information and it is decided (by the PhIP Director at the discretion of the health care professional involved) not to make the change, the PhIP Director will notify the patient and place a statement of disagreement on file. Patients requesting this type of information must do so by filling out the appropriate form (Application for Correction) and submitted to the PhiP Coordinator via an Access PEI site. Identification is required. Consent The Regulations establish implied consent, in most instances, for accessing patient information in the
DIS. For example, when a person (18+), parent or guardian requests a prescription to be filled, if the person is requesting treatment, or the person provides a password, it is considered implied consent. Implied consent is not established when a third party requests a prescription or information for another person. For these instances, you must obtain written consent from the patient (obtained once and then kept on file) or attempt to contact the patient. The exception to this is where a password exists; consent can be given by the third party by providing you with the patient s password. Please note that the issue of consent with a third party does not refer to third party picking up a prescription on behalf of the patient. If the patient has requested the prescription him/herself, you can release the filled script to a third party using your professional judgment. Third party consent requirements do not apply to nursing homes or other care facilities where health care professionals request the filling of a prescription. Communication of DIS Use Similar to FOIPP, participating DIS users must post a sign that informs the public of the purpose of DIS, define consent, rights to request information, password, and legal obligation of pharmacist, prescribers, and health care professionals. Confidentiality There are two different confidentiality forms for the DIS. Form 4, Confidentiality Undertaking must be signed by all users of the DIS. These forms are to be kept on site by the pharmacist-in-charge or owner/manager. By signing this form, the health care professional agrees to collect, access, and use DIS information only for the purposes allowed by the Act and Regulations. Form 5, Confirmation of Confidentiality Undertaking is to be signed by the pharmacist-in-charge or owner/manager and kept on file by the Health PEI, Pharmaceutical Information Program Coordinator. By signing this form, the pharmacist or owner/manager accepts responsibility for the security of the DIS within their place of business. (for example, ensuring computers with access to the DIS are not accessible by the public).
Security Measures Every approved user of the DIS shall ensure that their place of business has security measures sufficient to prevent unauthorized collection, retention, maintenance, alteration, use or disclosure of information including: computer terminals are inaccessible to anyone other than the approved user; and confidentiality forms are completed and signed. Government employees who have access to the DIS for the purpose of administering government drug benefit programs and PhIP can only access profiles as they pertain to the programs. Technical Support and maintenance follow these same parameters. Penalties and Exclusion There are penalties for violating any provision or requirement of the PhIP Act which include suspension or exclusion from the DIS, and fines ranging from $15,000 - $50,000. Just cause for suspension or exclusion includes such things as: Access of information for purposes not listed in the PhIP Act Use of information for advertising Intentional input of false or incorrect information Improper dispensing or prescribing practice for which user has been disciplined by a professional body Illegal acts involving prescription or use of medication.