The Privacy Act 1988 (Privacy Act) provides protection to individuals against the mishandling of personal information and applies to organisations which include individuals, partnerships, corporations and unincorporated associations. It does not apply to individuals in a non-business capacity.
Implement a training program for your staff and ensure that they understand their privacy obligations in your workplace.
Seek a consumer’s consent before using or disclosing their personal or health information, except where this is not required by law (e.g. PBS-related processes) (see Privacy form templates: Collection and disclosure of information (for the provision of health services) and Collection and disclosure of Information (for direct marketing purposes)).
Discuss a consumer’s personal or health details in open or public areas or in an indiscreet manner (e.g. loud voice).
Discuss details of medicines or treatment regimens with anyone other than the consumer’s treating practitioner.
Leave a consumer’s personal or health information (including medicines awaiting collection) in a way where it can be seen (e.g. on a pharmacy counter) or heard (e.g. leaving a telephone message on an impersonal number) by others.
Automatically provide details of a consumer’s medicines or medication history to family members who might request the information.
Use a consumer’s personal information for direct marketing activities (e.g. promotions) by your pharmacy without the consumer’s consent.
Disclose a consumer’s personal details to direct marketing companies, pharmaceutical companies or research organisations without the consumer’s consent.