How patient privacy is protected

Personal and health Information collected in SafeScript NSW is protected by the Privacy and Personal Information Protection Act 1998 (PPIP Act), the Health Records and Information Privacy Act 2002 (HRIP Act) and the Privacy Act 1988 (Cth.). Interstate practitioners are further bound by the SafeScript NSW terms and conditions which require compliance with privacy legislation. The legislation sets out information protection and health privacy principles that health practitioners and NSW Health must comply with when collecting, storing, accessing, using and disclosing personal and health information.

The Poisons and Therapeutic Goods Regulation 2008 regulates which health practitioners may access SafeScript NSW and how they may use and disclose the information it holds. Only registered medical practitioners, nurse practitioners, pharmacists and dentists are eligible to access SafeScript NSW. Persons acting under the direction of a registered medical practitioner, nurse practitioner, or dentist are also able to access SafeScript NSW for certain purposes.

There are penalties under the Regulation for unauthorised access, use or disclosure of information held in SafeScript NSW.

SafeScript NSW has procedures in place to ensure that access to its databases is appropriately monitored by the NSW Ministry of Health. Health practitioners are subject to professional codes of conduct and legislative requirements to protect privacy. Penalties or disciplinary action may apply in circumstances where a health practitioner breaches patient privacy.

NSW Health may also have mandatory reporting obligations in the event of a data breach to inform affected individuals and to notify the New South Wales Privacy Commissioner. A Privacy Impact Assessment has been undertaken to ensure the implementation of SafeScript NSW is compliant with privacy laws.

Who has access to patient records held in SafeScript NSW

A medical practitioner, nurse practitioner, pharmacist or dentist is permitted to view a patient record in SafeScript NSW in the following circumstances:

• when prescribing or supplying a monitored medicine to the patient
• when reviewing the patient’s monitored medicine history as part of a patient consultation (e.g. when a prescriber takes a patient history or a pharmacist conducts a medication review)
• when discussing the patient’s monitored medicine history with other registered health practitioners who are involved in that patient’s care
• when applying for, reviewing, or cancelling approvals issued by NSW Health to prescribe or supply a medicine (if you are a medical practitioner, nurse practitioner or dentist)
• when reviewing an Opioid Dependence Treatment (ODP) approval issued by NSW Health for the prescribing or supply of a medicine (if you are a pharmacist).

Please note that SafeScript NSW restricts users from being able access the system if they are trying to log in from outside of Australia. This helps to reduce the risk of external data breaches and ensures the security of private patient information.

A person acting under the direction of a medical practitioner, nurse practitioner or dentist, can only access information in SafeScript NSW for the purposes of assisting the medical practitioner, nurse practitioner or dentist in:

• applying for, reviewing, or cancelling an approval issued by NSW Health to prescribe or supply a medicine
• providing treatment to an individual patient by reviewing the prescribing or supply of monitored medicines to the patient; or
• providing advice to another prescriber or a pharmacist on the treatment of an individual patient.

While a prescriber or pharmacist does not need patient consent to view their SafeScript NSW records, it is good clinical practice to talk to the patient about what information is being accessed and how the information is being used to inform decisions about their treatment.

Some Opioid Dependence Treatment (ODT) prescribers may invite eligible NSW Health support staff to have limited access to SafeScript NSW to assist with the administration of ODT to a patient. NSW Health support staff will not have access to patients’ monitored medicine history but may be able to view, update and cancel an approval issued by NSW Health to prescribe or supply a medicine under the direction of a prescriber.

Authorised Ministry of Health officers also access SafeScript NSW as part of their regulatory role in ensuring the safe supply of medicines in the community. Information held in SafeScript NSW may be used or disclosed by the Ministry of Health but only in circumstances that are permitted under law. Examples of where the release of information may be permitted include where:

• the person to whom the information relates consents to the release
• it is for the purposes of legal proceedings (e.g. court order or subpoena)
• it is for health services and authorised parties to help prevent a serious and imminent threat to someone’s life, their health or welfare
• it is for an investigative agency where it is reasonably necessary to the complaint handling or investigation functions of the agency
• It is for researchers for public interest research projects where release of de-identified data has been approved by a Human Research Ethics Committee and where there is a lawful basis to do so. Population health research is usually undertaken using de-identified data. The Centre for Health Record Linkage facilitates access to de-identified data using a data linkage approach that complies with all ethical, legal, privacy and confidentiality requirements.
• the information is necessary to assist in finding a missing person
• law enforcement agencies require information where there are reasonable grounds to believe that an offence may have been or may be committed
• the information is necessary for investigating and reporting wrong conduct
• the information is being disclosed to another State/Territory for use in an interjurisdictional equivalent to SafeScript NSW
• the information is being provided to a regulatory authority (or approval) where reasonably required for the purposes of regulating the prescribing, supply or administration/use of monitored medicines or substances requiring an authority (or approval).

How SafeScript NSW keeps records secure

How a patient can access information held in SafeScript NSW

A person is entitled to request access to personal and health information held about them in SafeScript NSW. An application for access needs to be made in writing. Requests for access to information will be responded to as soon as possible, or in most cases no later than 28 days. Access may be declined in special circumstances, such as where giving access would put a person (e.g. the patient or another person) at risk of mental or physical harm.

If a person believes that their information in SafeScript NSW is incorrect, a request for amendment can be made.

To make a request to access information or for more information about requesting an amendment to information in SafeScript NSW, please email SafeScript NSW.

In many cases an error or omission is likely to be due to an error in the prescriber’s or the pharmacist’s clinical system. A request should be made directly to the prescriber or pharmacist and when a change is made in their clinical system, the change will automatically be updated in SafeScript NSW.

How to make a privacy complaint

If an individual (health practitioner or patient) is concerned their privacy has been breached, they can make a complaint to the Privacy Officer, Ministry of Health about how their personal and/or health information has been handled in SafeScript NSW. Patients and health practitioners also have a right to request a privacy internal review. Complaints must be made in writing to:

Privacy Officer
NSW Ministry of Heath
Locked Bag 2030
St Leonards NSW 1590

For more information about making a complaint, email the Privacy Officer.