Fred IT Group Pty Ltd ACN 109 546 901 (Fred IT) built and runs MedView. This policy sets out how we (Fred IT), through MedView, manage the personal information we collect and the steps we take to ensure that MedView complies with the Privacy Act and the Australian Privacy Principles.
What is MedView?
MedView is an online system that enables health professionals such as General Practitioners (GPs), hospitals and pharmacists to have better access to the medication information of patients they are caring for. If the health professional and patient are registered with MedView they have access to medication information which is:
- Electronic prescription information and
- Information about the medication the pharmacy gave the patient to fill the prescription (dispense information).
MedView’s purpose is to help improve patients’ health. For example, health professionals can more easily check that a patient is not taking medications that conflict with each other, or medications that they don’t need any more. It can help a hospital if it needs to know about a patient’s medications in an emergency.
What kind of personal information does MedView hold?
MedView collects medication information from eRx with patient consent. A patient consents by registering with MedView. eRx is an electronic prescription service (built and run by a related company of Fred IT) which health professionals (such as GPs and pharmacists) use to exchange prescriptions and dispense information.
MedView also will hold medication ‘reconciliation’ documents which list the specific medications a patient is taking at a particular time. Health professionals caring for the patient use MedView medication information to create this list.
A patient wishing to use MedView must register via health professionals or individually and provide the following information:
- Name details
- Medicare number or DVA Number
- Date of birth
Patients can choose to provide:
- Email address or mobile number
We use patient registration information to make sure that we correctly identify each patient and that a health professional giving a patient care sees the correct medication records. We don’t use patient registration information for any other purpose, such as adding to a mailing list, unless the patient expressly agrees.
Health professional registration
A health professional registering to participate in MedView must provide the following information:
- AHPRA number
- Prescriber number (where applicable)
- Phone number
- Primary place of practice
- Primary practice address
- Pharmacy approval number (where applicable)
We use the information to:
- Establish that that the registrant is an authorised health professional that is entitled to access patient records
- Verify that the person is who they say they are
- Enable health professionals such as GPs and pharmacists to contact each other if they need to check on the information in MedView and
- Enable us to contact healthcare providers.
We also collect personal information when a health professional or patient makes inquiries or lodges a complaint about MedView and we use the information to handle the inquiry or complaint.
How do we share information held in MedView?
MedView shares a patient’s
Medicare information including their Medicare number with the Healthcare Identifiers Service to enable us to identify the patient and to get the patient’s individual healthcare identifier (IHI). This helps ensure that we link medication records to the correct patient.
Medication information with registered MedView health professionals including pharmacists who are caring for that patient and seek access to those records through MedView.
Health professional information
MedView enables health professionals such as GPs and pharmacists to see each other’s prescription and dispense information relating to a particular patient they are caring for. They can also see the health professional’s practice contact and email information associated with those records so that they can contact each other if necessary.
To be registered, a health professional must agree that they will only look at the medication records of a patient they are caring for and that they will only use or share the information for the purpose of providing health care to that patient. We will de-register a health professional that does not comply with this agreement.
Research and marketing – de-identified
We share de-identified medication information with third parties for the research and marketing purposes of those third parties. We are guided by the Office of the Australian Information Commissioner’s (OAIC’s) resource on de-identification and confidentialisation Privacy business resource 4: De-identification of data and information. For example, we conduct a privacy risk assessment and build in privacy protection measures that ensure the information cannot be linked back to an individual before we share medication information with third parties for research and marketing purposes.
Other uses and disclosures
We do not use or share personal information about a patient or health professional for any other purpose unless:
- That patient or health professional explicitly agrees
- The use or disclosure is required or authorised by law – for example, for law enforcement purposes, or other public interest reasons such as serious and imminent threat to somebody’s life, or it is necessary to resolve a complaint or conduct a judicial review.
Can a patient stop being registered with MedView?
A patient can decide to stop being registered with MedView by contacting us using the Contact Us information below. We will then stop collecting the patient’s medication information and health professionals won’t be able to see it any more. We will delete their medication and registration records within a reasonable period after de-registration.
How do we keep personal information held in MedView secure?
We have a number of measures to ensure that only MedView registered health professionals and the patient can access a patient’s files. This includes password protection, strict role based access controls and measures that only allow health professionals to access medication information through a health professionals’ portal accessed through a private URL link, and patients to access their medication information through the secure patient portal.
We encrypt medication information travelling from eRx to MedView.
We audit MedView files to ensure that the system operates properly and for security and privacy purposes. This includes to check that health professionals are only accessing MedView files for providing healthcare to their patients.
The patient portal logs the following information:
- When a user registers (user, date, time, location)
- When a user logs in (user, date, time)
- When a patient record was viewed (by who, date/time, location at time of viewing)
- When patient connects an app to MedView or consents to third party access to their MedView (by patient, date/time, location at time of consenting).
The health professional portal logs the following information:
- When a user registers (user, date, time, location)
- When a user logs in (user, date, time)
- When a patient is searched (who was searched, by who, date/time, location at time of searching)
- When a patient record was viewed (who was viewed, by who, date/time, location at time of viewing)
- When a patient has a medications reconciliation done (name of person who did the reconciliation, date/time role and location to be displayed against the reconciliation).
Where is personal information on MedView stored?
MedView information including back up versions is stored on servers in Australia.
How long do we keep medication and registration information?
We keep medication information as long as it remains relevant for the purpose of improving a patient’s health. This is likely to be for a significant period (at least 7 years). We delete registration contact and audit information when it becomes out of date or irrelevant. Where a patient decides to stop participating in and de-registers from MedView we delete their medication and registration records within a reasonable period after the date of de-registration.
Can I see and correct my personal information?
If a patient has registered on the MedView patient portal they can see medication and registration information through the MedView patient portal.
A patient can update through the portal all their registration information except their email address (which is their MedView user name). But to successfully change these details through MedView, a patient may need to update the details, such as Medicare details, with the relevant agency first.
Medication records in MedView cannot be altered. The information comes unchanged from eRx and MedView is designed to show medication records as issued by the health professional. If a patient thinks there is an error in the information they should talk to the person who prescribed or dispensed the information. If necessary, the GP will reissue the prescription or the pharmacist will provide new dispense information. The new information will then reach MedView via eRx.
Health professionals can see the registration information that is held in MedView by logging into their MedView portal account. The portal will not show in one place all the prescriptions or dispense information a health professional has issued. This is available through their own systems. MedView only permits a health professional to see medication information relevant to a particular patient they are caring for.
A health professional can alter all their registration information except their email address (which is their MedView user name). However, they cannot alter their own prescription or dispense information through MedView. They need to issue a new prescription or provide new dispense information through their own systems. The new information can then arrive in MedView via eRx.
If you have questions about accessing or correcting the information MedView holds about you, you can contact us using the Contact Us information below.
What can I do if I have a complaint?
If you think there has been a privacy breach or wish to make a privacy complaint about MedView you can contact us using the Contact Us details below. We will try to handle your complaint as soon as possible.
If you are unsatisfied with our response you can complain to the Office of the Australian Information Commissioner Telephone: 1300 363 992. Email: firstname.lastname@example.org
For patients: email@example.com
For health professionals: firstname.lastname@example.org
Post: MedView Support, 20 Trenerry Crescent, Abbotsford, Vic 3067.