Privacy chief urges random audits of
– Saskatchewan’s privacy commissioner is recommending random audits of
pharmacies to ensure that pharmacists are observing the province’s
privacy laws when accessing the Pharmaceutical Information Program
(PIP), an electronic system that contains the medication histories of
The recommendation came after the commissioner, Gary Dickson (pictured), issued a
report finding that a Melville, Sask., pharmacist had improperly
accessed the records of a former friend and patient, as well as the
medication histories of two other people.
In his report, issued earlier this month, commissioner Dickson said that
L & M Pharmacy in Melville breached the province’s Health Information
Protection Act (HIPA), primarily by failing to adopt policies and
procedures to protect the personal health information in its control.
His investigation stemmed from a complaint that a pharmacist had
improperly viewed information by using the PIP. According to the
commissioner’s investigation, the pharmacist entered the PIP database
using his home or work computer on four dates in January 2009 to view
the drug profiles of an individual and two of that individual’s family
Previously, the individual had been a patient of the pharmacy and friend
of that pharmacist, but the two had a falling out before the privacy
breach, due to the dissolution of a business arrangement.
“After carefully considering the evidence and submissions from (the
pharmacist), I have no hesitation in finding that his viewing of PIP
information about his former patients was done not for a professional
reason but rather for his own personal interest,” Dickson wrote, adding
that even if the records were accessed out of genuine concern for the
individual, it does not excuse or justify a HIPA breach.
It was the first formal investigation the privacy commissioner has
conducted into any part of Saskatchewan’s electronic health record
system, which is being developed in stages.
In addition to random checks of pharmacists’ use of PIP, Dickson said
the province should also develop a policy to revoke or suspend access
for registered users of the system who view personal health information
for reasons contrary to HIPA.
The College of Pharmacists could also improve its privacy training,
Darryl Leshko, a managing partner of L & M Pharmacy, described the
breach as an isolated incident that has been taken “very seriously.”
A consultant has already been brought in to help the pharmacy craft a
written policy and procedure manual for issues of privacy and
confidentiality, Leshko said.
As a result of the report, the Saskatchewan College of Pharmacists is
now discussing what improvements it can make, said registrar Ray Joubert.
The college didn’t discipline the pharmacist involved, accepting that it
was a one-off error of judgement and that steps have been taken to
prevent such breaches from happening again.
Posted April 22, 2010