The expectation of privacy in today’s world is becoming increasingly difficult. Everything is becoming electronic; online banking, online shopping, email lists and profiles built on computer system are common in every business nowadays. Pharmacy is no different. With the advent of the Personal Information Protection and Electronic Documents Act (PIPEDA), ground rules are in place for private sector businesses to collect, maintain and disclose any type of personal information contained in a database. Obtaining consent is essentially the gateway to collection;  if we are not able to collect, maintain and use the information for the purpose of filling prescriptions, it’s very difficult to  provide service, if at all. Having accurate allergies and diagnoses can definitely impact the appropriateness of a new therapy or dose change.

The issue of consent can be a minefield. For instance, the Personal Health Information Act (PHIA) in Nova Scotia doesn’t specify an age of consent. The individual must have the capacity to provide informed consent, that is to say that when given all of the pros and cons of allowing personal information to be used in a given situation, they  have a choice to provide that authority, limit the scope, or revoke their previous permissions. In 2008, the criminal code of Canada raised the age of consent in sexual matters to 16, with exemptions down to 14 and in some cases if two minors are involved, even as low as 12. This is important because pharmacists need to determine whether a protective parent should be included within a young patient’s circle of care. As an example, a new birth control prescription is presented by a teen, but her mom picks it up. It’s not always straightforward. The same thing goes for those suffering from mental illness or cognitive decline. A spouse or other family member may be a more reliable source of information when making clinical decisions, but the patient has every right to keep information from being shared with them.

Even with safeguards in place, breaches have happened and will happen from time to time. Faxes sometimes end up at the wrong office or two people with similar names pick up each other’s prescriptions. Nobody intends for these incidents to happen, but the reality is that systems can fail. Perhaps an address wasn’t confirmed or was misheard at pickup. Maybe a large order accidentally included someone else’s bottle during the bagging process. As mentioned above, a counsel session could be initiated with someone who is not within the patient’s circle of care. With expanded scope of services, pharmacists have a heavier burden to communicate any injections or prescribing activities to the primary care-provider. We may not necessarily have longstanding relationships with everyone that receives a flu shot, so while faxing is more convenient than calling an office, we are relying on the patient to specify their family doctor and the potential for error is real. It happens in the other direction as well. Our site has received patient profile requisitions from hospital units intended for other locations, or transfers intended for other pharmacies.

I believe we do an admirable job at upholding these responsibilities. Use of personal information is appropriate to properly advise and advocate for patient care and we’re about to receive more of it in the form of the Nova Scotia Drug Information System (DIS). Other provinces are in various stages of integration; examples include H-Link in Alberta, the Pharmacy Network in Newfoundland and Labrador, PharmaNet in British Columbia and Health PEI. They all currently feed data from institutional and community settings into a central database. While this endeavour is aiming to provide a comprehensive patient profile of all provided health services, it also poses challenges to maintaining privacy. More information will be available to more people in real-time. Applications for this information will be new to many users and perhaps mistakes will be made with security permissions and protocols. Perhaps a look-up with a misspelled name results in accessing the incorrect profile, and adding a care note that doesn’t pertain to that individual. Lab values may be routed to the wrong ‘Dr. Smith’ and communications end up at the wrong office as a result.

At the end of the day, we will continue to apply due diligence in all cases to protect and maintain the integrity and security of the database. The additional information will be available so we can make better, well-rounded clinical decisions for our shared patients. Connecting healthcare providers in community and institutional settings is a huge positive. We can speak the same language based on the same complete profiles. Frankly, many patients seem to assume we already have this access when caring for them, so when we finally do, let’s make the most of it shall we?

Disclaimer: The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of any agency, employer or affiliation.