Some of you may have seen my previous posts about my confidential prescription information being released by Shoppers Drug Mart, apparently without my authorization, to a third party relationship marketing fulfilment organization, Rx Canada. I contacted their Privacy Officer, Wendy Nelson, (who is also the President of the company according to her voice mail message - an appropriate place for the role of Privacy Officer to reside). She informed me that there is supposed to be a procedure in place that required the pharmacist to obtain a written consent before enabling the transfer of prescription information. She also said that in the few cases she has seen previously, the pharmacy did indeed have a signed consent form, and that the patient had forgotten about. Ms. Nelson offered to follow up with my local Shoppers store and report back. She also said that my information was completely purged from their database, with no trace remaining. (She was most emphatic about the purge, as opposed to a mere deletion of index pointers, for example. Points for a good understanding of the technical issue.)
Today, I heard back from Wendy Nelson. I am apparently the first patient who has reported a concern about this program for whom there was not a signed consent. No big surprise to me - I wouldn't sign such a thing. But she did say that Shoppers (presumably corporate) is taking this breach very seriously as a procedural and systems problem in their organization. Apparently for most pharmacies that participate in the Rx Canada program, registering a patient is a two-step process, requiring extra work for the pharmacist, but necessitating the explicit systems entry of the informed consent information. In the Shoppers system, enabling the transfer of information is a one-step process that accompanies prescription order entry, making it easy to omit the necessity of obtaining the patient's consent. In a busy dispensary, or with inadequately trained staff, or in a moment of lapsed concentration... *poof* Confidential prescription information magically reappears on another company's computer, just like, well, magic.
Wendy Nelson lit a fire under Shoppers to address this problem, and to do it quickly. She takes this issue very seriously, as it potentially undermines both the basis of her business, and a useful mechanism to provide patient support and information to those who want it. She promises to follow up with Shoppers - including mounting an examination of other patients whose information may have been passed without consent - and to keep me informed on the progress, as she (correctly) perceives that my concern is systemic, and not merely personal. Kudos to a responsive, and responsible, organization.
[Technorati tags: rx canada | shoppers drug mart]
1 comment:
I'm writing this from another part in the world (The Netherlands) which is supposedly doing worse than Canada in Privacy issues according to Privacy International and now I see their concern in a concrete way. I would never expect a company in the Netherlands to take action and stand up like RX did and I sure wish they would.
Post a Comment