implement a training program for your staff and ensure that they understand their privacy obligations in your workplace.
seek a consumer’s consent before using or disclosing their personal or health information, except where this is not required by law (e.g. PBS-related processes) (see Privacy form templates: Collection and disclosure of information (for the provision of health services) and Collection and disclosure of Information (for direct marketing purposes)).
take immediate corrective action if there is a data breach of personal information held by you or your pharmacy. (Refer to the data breach response process on the Office of the Australian Information Commissioner web site: www.oaic.gov.au)
discuss a consumer’s personal or health details in open or public areas or in an indiscreet manner (e.g. loud voice).
discuss details of medicines or treatment regimens with anyone other than the consumer’s treating practitioner.
leave a consumer’s personal or health information (including medicines awaiting collection) in a way where it can be seen (e.g. on a pharmacy counter) or heard (e.g. leaving a telephone message on an impersonal number) by others.
automatically provide details of a consumer’s medicines or medication history to family members who might request the information.
use a consumer’s personal information for direct marketing activities (e.g. promotions) by your pharmacy without the consumer’s consent.
disclose a consumer’s personal details to direct marketing companies, pharmaceutical companies or research organisations without the consumer’s consent.