Add to collection(s) Add to saved
  1. Science
  2. Health Science

Pharmacy policy for participation in the National eHealth record

advertisement 
DEC
2013
Pharmaceutical Society of Australia
V00.0
2012
Pharmacy policy for participation in
the National eHealth record system
© Pharmaceutical Society of Australia Ltd., 2013
This document contains material that has been provided by the Pharmaceutical Society of Australia (PSA), and
may contain material provided by the Commonwealth and third parties. Copyright in material provided by the
Commonwealth or third parties belong to them. PSA owns the copyright in the policy template as a whole and all
material in the template that has been developed by PSA. In relation to PSA owned material, no part may be
reproduced by any process except in accordance with the provisions of the Copyright Act 1968 (Cth), or the
written permission of PSA. Requests and inquiries regarding permission to use PSA material should be
addressed to: Pharmaceutical Society of Australia, PO Box 42, Deakin West ACT 2600. Where you would like to
use material that has been provided by the Commonwealth or third parties, contact them directly.
The Pharmaceutical Society of Australia has developed a draft policy template for pharmacy organisations to
adapt to their individual practice needs when registering for participation in the National eHealth record system.
These policies are to be used as a guide and must be individualised to suit your organisation’s needs. Do not
implement these policies without first considering the specific needs of your organisation. Read this policy
document in conjunction with the Pharmaceutical Society of Australia National eHealth record system guidelines
for pharmacy.
The policy template has been developed with current knowledge as of 20 August 2013. Regular review of this
policy may be required if new information is released.
Disclaimer
Neither the PSA, nor any person associated with the preparation of this document, accepts liability for any loss
which a user of this document may suffer as a result of reliance on the document and, in particular, for:

use of the policy template for a purpose for which it was not intended

any errors or omissions in the policy template

any inaccuracy in the information or data on which the policy template is based or which is contained in
them

any interpretations or opinions stated in, or which may be inferred from, the policy template.
Notification of any inaccuracy or ambiguity found in this document should be made without delay in order that the
issue may be investigated and appropriate action taken. Please forward your notification to:
Policy and Practice Group
Pharmaceutical Society of Australia
PO Box 42
Deakin West, ACT 2600
Pharmacy policy for participation in the National eHealth record system DEC I © Pharmaceutical Society of Australia Ltd. I 2
Pharmacy policy for participation in the National eHealth
record system
The National eHealth record system was previously known as the Personally Controlled
Electronic Health Record system (PCEHR)
Purpose
This policy is designed to ensure that this pharmacy organisation, ________________________,
has registered and obtained appropriate authorisation to participate electronically in the National
eHealth record system and is utilising conformant pharmacy software for access.
This pharmacy organisation is committed to addressing specific matters for our participation in
the National eHealth record system (in accordance with the legislative requirements for the
PCEHR system). This pharmacy organisation will seek to communicate and enforce this policy to
all its employees as well as any organisations with whom it engages under contract.
Policy manager
Name:
(person nominated to implement and maintain the policy
e.g. pharmacy manager)
Tel:
Fax:
Email:
Approval authority
Name:
(person with authority to sign off on content and updates
e.g pharmacy owner)
Tel:
Fax:
Email:
Review
This policy will be reviewed when material is updated, changed, or risks are identified and at least
annually as indicated in the log below. This will include identification of new risks and
consideration of anything that may result in unauthorised access, misuse or unauthorised
disclosure of information or accidental disclosure of information, and of any changes to the
National eHealth record system or relevant PCEHR legislative framework since the last review.
Review log
Review period
Monthly/quarterly/six monthly/yearly
Next review due date
Review reference
number
Approved/amended/
rescinded
Date
Approved by
Pharmacy policy for participation in the National eHealth record system DEC I © Pharmaceutical Society of Australia Ltd. I 3
Terminology
Term
Definition
Authorised healthcare
provider
A healthcare provider who has been authorised by a registered healthcare provider organisation to access the
National eHealth record system on their behalf
Authorised representative
A person authorised under a law of the Commonwealth, a state or a territory, or a decision of an Australian court
or tribunal, or otherwise deemed an appropriate person by the System Operator, to act on behalf of an individual
Conformant software
Software that can interact with the National eHealth record system allowing the viewing, adding and retrieving of
documents
Default access control
Consent given by the consumer, at the point of registering with the National eHealth record system, for their
information to be uploaded to their eHealth record by healthcare providers involved in their health care
eHealth record
A sharable record of a consumer’s health information maintained by the System Operator
Episode of care
A consultation or clinical event involving the care of a consumer
Event summary
A clinical document that may be uploaded to a consumer’s eHealth record summarising one or more healthcare
events
Healthcare Provider
Identifier for Individuals
(HPI-I)
A unique 16 digit number used to identify individual healthcare providers who deliver health care in the Australian
healthcare setting e.g. pharmacist, general practitioner
Healthcare Provider
Identifier for Organisations
(HPI-O)
A unique 16 digit number used to identify organisations which deliver health care in the Australian healthcare
setting. e.g. community pharmacies, pharmacy service organisations
Health Identifier (HI) Service
Provides unique identifiers for consumers, individual healthcare providers and organisations. These identifiers
are used in electronic health communications to ensure information is matched to the right consumer and shared
between the right healthcare providers
Healthcare provider
organisation
An entity, or a part of an entity, that has conducted, conducts, or will conduct, an enterprise that provides health
care (including health care provided free of charge) e.g. a community pharmacy, pharmacy service organisations
Individual Healthcare
Identifier (IHI)
A unique 16 digit number used to identify individuals who receive or may receive health care in the Australian
health system
Nominated healthcare
provider
A healthcare provider who has been nominated by the consumer to prepare, create, upload and manage the
shared health summary in the consumer’s eHealth record. It must currently be a general practitioner, registered
nurse or Aboriginal and Torres Strait Islander health practitioner
Nominated representative
A representative nominated by the eHealth record holder or their authorised representative to access their
eHealth record. A nominated representative can view their health information and but may not add to or edit an
eHealth record e.g. family member/carer
Organisation Maintenance
Officer (OMO)
A person or persons registered under the HI Service with authority to act on behalf of a healthcare provider
organisation in its interaction with the System Operator of the eHealth record system. The OMO’s primary role is
to undertake the day-to-day administrative tasks in relation to the HI Service and the eHealth record system
Personal health summary
A document created by the consumer that includes medicines, allergies and adverse reactions. This section of
the eHealth record is accessible to healthcare providers
Pharmacist
For the purpose of these Guidelines, pharmacist will include all registered pharmacists working in community
pharmacy and all pharmacists working in primary care
Pharmacy
For the purpose of these Guidelines, pharmacy will include community pharmacies and consultant pharmacists
with an ABN
Provider portal
The website through which healthcare provider organisations can access the eHealth record system and view an
individual’s eHealth record without having to use conformant software. The provider portal is a view and
download only service
Responsible Officer (RO)
A person registered under the HI Service and has authority to act on behalf of healthcare provider organisations
in its interaction with the System Operator e.g. owner/managing partner
Shared health summary
A clinical document summarising a consumer’s health status and includes information such as allergies/adverse
reactions, medicines, medical history and immunisations. There is only a single shared health summary in
existence at any one time. Only a nominated healthcare provider can create or update the shared health
summary
System Operator
The person with responsibility for establishing and operating the eHealth record system. The System Operator is
currently the Secretary of the Department of Health
Adapted from the Department of Health and Ageing Personally controlled electronic health record system glossary of terms. Feb
2013
Pharmacy policy for participation in the National eHealth record system DEC I © Pharmaceutical Society of Australia Ltd. I 4
Background and rationale
Pharmacy organisations need to have met all the legal requirements to participate in the National
eHealth record system and installed conformant pharmacy software to ensure that dispensing
records and clinical documents such as referrals and event summaries can be uploaded to
consumers’ National eHealth record, when applicable.
Legal requirements
Evidence of the submission of the completed National eHealth record system Participation
Agreement and the HPI-O registration is retained: ________________________________
(List location of Participation Agreement and HPI-O here)
Software requirements
The conformant pharmacy software used in this organisation is: _______________________
(List pharmacy software here)
Team member responsibility
It is the responsibility of all pharmacists and pharmacy staff in our organisation to understand the
legal and compliance responsibilities related to our participation in the National eHealth record
system. It is the responsibility of all pharmacy staff, who are authorised staff members for
National eHealth record system purposes, to provide support for the use of the system by
undertaking any administrative tasks involved in the maintenance or use of the pharmacy
software. If problems arise, the appropriate software vendor and/or the company providing IT
support for the organisation will be contacted to assist in resolving the problem in a timely
manner.
List the name of the staff member and their responsibility in the table below.
Responsibility
Name
Responsible officer (RO)
Organisation maintenance officer (OMO)
Authorised contact person
National eHealth record system
administration officer
National eHealth record system training
officer
National eHealth record system IT officer
Pharmacy policy for participation in the National eHealth record system DEC I © Pharmaceutical Society of Australia Ltd. I 5
Policy and procedures
PHARMACY ORGANISATION PROCEDURE
Yes/no
Completed and submitted the National eHealth record system Participation Agreement
Completed and submitted the application to register as a healthcare provider organisation and
to obtain a Healthcare Provider Identifier – Organisation (HPI-O)
Completed and submitted the application to request a National Authentication Service for
Health Public Key Infrastructure (NASH PKI) Certificate for healthcare organisations to gain
access to the conformant clinical software
Completed the application to establish a list of authorised provider individuals for access to
National eHealth record system via the provider portal, if applicable
Retained evidence of the submitted Participation Agreement and application to register as a
healthcare provider organisation
Uses compliant pharmacy software for accessing the National eHealth record system to post
dispensed medicines and create and post clinical documents
Installed and configured compliant pharmacy software according to vendor’s implementation
guidelines for accessing the National eHealth record system
Provides practice-based education and skills-based training to all our pharmacists and staff to
ensure compliance with the policy and competency in the use of the technology
Pharmacy policy for participation in the National eHealth record system DEC I © Pharmaceutical Society of Australia Ltd. I 6
PHARMACY ORGANISATION POLICY
Note: The pharmacy organisation can amend this policy based in their individual circumstances. However, any
omission from this policy will need to be justified if queried.
1. This organisation will communicate this policy, and ensure that this policy remains readily accessible,
to all its employees and to any healthcare providers to whom this organisation supplies services under
contract. [PCEHR Rules 2012 No. 25 (2)]
Action
Responsibility
This policy will:
RO or OMO

be communicated to all staff (including contractors e.g. locums) on a regular basis as well as
when updated
(circle nominated
officer)

will be communicated in full (or sections within) within 7 days of receiving such a request from the
System Operator as received in writing

be readily accessible to all existing members of our staff to whom we give authorisation to access
the National eHealth record system on our behalf

be made available to any organisation with whom we engage under contract (where applicable)
e.g. locums and IT service providers
2. This organisation will enforce this policy in relation to all its employees and any organisation with
whom we engage under contract. [PCEHR Rules 2012 No.25(3)] This includes:
(a) the manner of authorising persons accessing the National eHealth record system via or on behalf of
our organisation. [PCEHR Rules 2012 No.25(4a)]
Action
Responsibility
Our organisation will authorise the staff members within our team that require access to the National
eHealth record system by:

generating and maintaining an authorised employee register, which includes the name and HPI-I
for all pharmacists working in our organisation that we authorise to access the National eHealth
record system on our behalf

registering both our HPI-O and the HPI-Is of those pharmacists, who have opted into the National
eHealth record system, for publication in the Healthcare Provider Directory (HPD)

recording and keeping current the credentials of all pharmacists who require access to the
National eHealth record system

ensuring pharmacists who are authorised to access the system are logged in under their user
identity (i.e. initials in the system) prior to accessing a National eHealth record (refer to Appendix
A). This is required for the PCEHR system audit log requirements

determining access restrictions for individuals in the organisation with HPI-Is e.g. only
pharmacists with a HPI-I stored and validated in this organisation’s dispensing software will
access the National eHealth record system
OMO
OMO
OMO
RO or OMO
(circle nominated
officer)
(b) the manner of suspending and deactivating the user account of any authorised person who leaves our
organisation. [PCEHR Rules 2012 No.25(4a)(i)]
(c) the manner of suspending and deactivating the user account of any authorised person whose duties
no longer require them to access the National eHealth record system. [PCEHR Rules 2012. No.25 (4a)(iii)]
Action
Responsibility
For a staff member who leaves our organisation we will deactivate their account by:
OMO

de-activating the HPI-I in our dispense software and removal of individual login details

changing the password on the dispensing personal computer, as outlined in Appendix A

revising our Authorised Employee Register

keeping a local record of the revised Authorised Employee Register for audit trail purposes
Pharmacy policy for participation in the National eHealth record system DEC I © Pharmaceutical Society of Australia Ltd. I 7
(d) the manner of suspending and deactivating the user account of any authorised person:- whose
security has been compromise. [PCEHR Rules 2012. No.25(4a)(ii)]
Action
Responsibility
For a staff member whose security has been compromised we will immediately deactivate their
account by:
OMO

de-activating the HPI-I in our dispense software and removal of individual login details

changing the password on the dispensing personal computer, as outlined in Appendix A

revising our Authorised Employee Register

keeping a local record of the revised Authorised Employee Register for audit trail purposes

keeping record of the details surrounding the event (e.g. who and why)

pursuing the necessary disciplinary action
(e) the training that will be provided before a person is authorised to access the National eHealth record
system, including in relation to how to use the National eHealth record system accurately and
responsibly, the legal obligations on our organisation and our staff members using the National eHealth
record system and the consequences of breaching those obligations. [PCEHR Rules 2012 No.25(4b)]
Action
Responsibility
As part of the staff induction process and for all existing staff to whom we give authorisation to access
the National eHealth record system on our behalf, we will provide full National eHealth record system
training. The training will include how to use the National eHealth record system accurately and
responsibly. Training will also be conducted as new functionality is introduced into the system. We will
utilise the training resources made available by the System Operator as a minimum.
RO or OMO
To assist in ensuring training completion and for audit purposes, a record will be kept confirming the
training completed by each authorised staff member and the date completed. Training will be
completed before a member of the organisation is authorised to access the National eHealth record
system.
RO or OMO
The legal obligations on our organisation and our authorised staff members using the PCEHR system
and the consequences of breaching these obligations can be viewed in full in the PCEHR Rules 2012
At: www.comlaw.gov.au/Details/C2012A00063
RO
(circle nominated
officer)
(circle nominated
officer)
This policy specifically relates to Rule 25 of the PCEHR Rules 2012. We also acknowledge the
PCEHR Act 2012 and Terms of Participation, which also outlines the legal obligations of this
organisation when using the system.
Notwithstanding any action the System Operator may take with regard to breaches of the PCEHR Act
2012, the organisation will continue to implement local staff conduct and disciplinary policies with
regard to any staff unauthorised access to the National eHealth record system.
RO
e) the process for identifying a person who requests access to a consumer’s National eHealth record and
communicating the person’s identity to the System Operator so that the healthcare provider organisation
is able to meet its obligations under section 74 of the PCEHR Act 2012. [PCEHR Rules 2012 No.25(4c)]
Identification of a staff member who is authorised to access the National eHealth record system will be
confirmed in the following ways:

collecting and recording (in both our dispense software and our internal records) the Healthcare
Provider Identifier – Individual (HPI-I) for all pharmacists working in our organisation

allocating and recording internal staff member identification codes

recording in our dispensing software a unique individual identifier each time a record is accessed
(including write, read and download of documents)

keeping a local record of the revised authorised staff member’s start and finish work times.
Keeping payroll/timesheets for the required timeframe (7 years) will fulfil this requirement
OMO
Pharmacy policy for participation in the National eHealth record system DEC I © Pharmaceutical Society of Australia Ltd. I 8
f) the physical and information security measures that are to be established and adhered to by the
healthcare provider organisation and people accessing the National eHealth record system via or on
behalf of the healthcare provider organisation, including the user account management measures that
must be implemented under rule 27. [PCEHR Rules 2012 No.25(4d)]
Action
Responsibility
Staff members that this organisation authorises to access the National eHealth record system will be
allocated a login for access to the dispense software. This will be managed within our IT management
processes, as outlined in Appendix A, with the aim of:
RO or OMO

ensuring the staff members that are authorised to access the system can be identified by either a
unique local identifier or system log-in

ensuring our organisation has current and adequate IT system anti-viral software

ensuring our disaster recovery policies and procedures are current and executable

ensuring our IT systems and hardware are physically protected against unauthorised access or
hacking

ensuring that each authorised user of the system has a secure password
(circle nominated
officer)
This will be complied with by implementing the requirements in Appendix A.
g) mitigation strategies to ensure National eHealth record system related security risks can be promptly
identified, acted upon and reported to the healthcare provider organisation’s management. [PCEHR Rules
2012 No.25(4e)]
Action
Responsibility

This organisation will regularly review our security and procedures for accessing the National
eHealth record system, report the findings to management and revise our procedures accordingly
RO or OMO

This organisation will set out a risk reporting procedure to allow staff to inform management
regarding any suspected security issue or breach of the system

In addition, this organisation may employ other mitigation strategies where relevant including:

suspending or deactivating a user account

changing a user password and/or login information

where relevant report a security breach to the System Operator
(circle nominated
officer)
Pharmacy policy for participation in the National eHealth record system DEC I © Pharmaceutical Society of Australia Ltd. I 9
APPENDIX A
Pharmacy IT management and access to the National eHealth
record system: pre-access checklist
Action
Yes/No
Ensure this policy is communicated to all staff members including those accessing the
National eHealth record system (pharmacists with a HPI-I which is validated and stored
in the organisation’s computer software program) and those not accessing the system
(e.g. pharmacy assistants)
Provide appropriately complex passwords to all staff requiring access to the National
eHealth record system and ensure all staff are aware of their responsibility to keep
passwords secure
Ensure National eHealth record system users change their passwords on a regular basis
(e.g. monthly)
Ensure the passwords are changed after the departure of staff members as part of the
organisation’s departure process
Ensure the computer is set to change to the screen saver automatically (when in
password protection mode) after each computer is left idle for a short period of time (no
longer than 5 minutes)
Ensure that prior to accessing a consumer’s National eHealth record, the pharmacist
accessing the National eHealth record system is the recorded user in the dispensing
software
Ensure that any computers with remote access (if used to access the National eHealth
record system) include adequate security controls enabling the identification of the user
Position all computer monitors so that data displayed on the monitor cannot be seen by
members of the public
Ensure that no unauthorised software is installed on the organisation’s system
Ensure that adequate and current antivirus software is both installed and maintained on
the organisation’s system
Ensure that current and working system backups are in place and run regularly
Resources







Pharmacy Registration Workbook www.nehta.gov.au/our-work/implementation-and-adoption/ehealth-registrationsupport/pharmacy-registration-workbook
Department of Health eHealth resources
www.ehealth.gov.au/internet/ehealth/publishing.nsf/http://www.ehealth.gov.au/internet/ehealth/publishing.nsf/Content/re
sources-hcpContent/resources-hcp
PSA National eHealth record system guidelines for pharmacy
Healthcare Identifiers Act 2010 www.comlaw.gov.au/Details/C2010C00440
The Personally Controlled Electronic Health Record Act 2012 www.comlaw.gov.au
Personally Controlled Electronic Health Record Rules 2012 http://www.comlaw.gov.au/Details/F2012L01703
National Authentication Service for Health Public Key Infrastructure
www.medicareaustralia.gov.au/provider/vendors/pki/index.jsp
Pharmacy policy for participation in the National eHealth record system DEC I © Pharmaceutical Society of Australia Ltd. I 10
PHARMACEUTICAL SOCIETY
OF AUSTRALIA LTD.
ABN 49 008 532 072
NATIONAL OFFICE
Pharmacy House
44 Thesiger Court
Deakin ACT 2600
PO Box 42
Deakin West ACT 2600
P: 02 6283 4777
F: 02 6285 2869
E: psa.nat@psa.org.au
BRANCH CONTACT
DETAILS
P: 1300 369 772
F: 1300 369 771
AUSTRALIAN
CAPITAL TERRITORY
Pharmacy House
44 Thesiger Court
Deakin ACT 2600
PO Box 42
Deakin West ACT 2600
E: act.branch@psa.org.au
NEW SOUTH WALES
82 Christie Street
St Leonards NSW 2065
PO Box 162
St Leonards NSW 1590
E: nsw.branch@psa.org.au
QUEENSLAND
PACE
Level 3, West Wing
20 Cornwall Street
Dutton Park QLD 4102
PO Box 6120
Buranda QLD 4102
E: qld.branch@psa.org.au
SOUTH AUSTRALIA
Suite 7/102 Greenhill Road
Unley SA 5061
E: sa.branch@psa.org.au
TASMANIA
161 Campbell Street
Hobart TAS 7000
E: tas.branch@psa.org.au
VICTORIA
Level 1, 381 Royal Parade
Parkville VIC 3052
E: vic.branch@psa.org.au
Related documents
eHealth software developer - Internet Based Communication
eHealth software developer - Internet Based Communication
John Matheson, Director of Finance, eHealth and Pharmaceuticals
John Matheson, Director of Finance, eHealth and Pharmaceuticals
Benefits Realisation Management – Leaflet
Benefits Realisation Management – Leaflet
eHealth_KITENPI-2014-01
eHealth_KITENPI-2014-01
Slides
Slides
Bekijk mijn bespreking (ppt)
Bekijk mijn bespreking (ppt)
References
References
Background - e-Health Conference
Background - e-Health Conference
Download
advertisement