Confidentiality Policy


Policy intent

The intent of this Confidentiality Policy is to outline how Blue Cross Pharmacy will ensure confidentiality and privacy, that is, a customer’s right to have identifiable personal and health information kept private.[1]


Definitions for this policy are:

  1. Information, such as:
  • Personal information – any information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable such as their name, address, age, health, medicines, finance, disability, family status, or any other information that can reasonably be taken to be personal or sensitive. It also includes any other information protected by legislation.
  • Sensitive informationany information or an opinion about an individual’s racial or ethnic origin; political opinion, membership of a political association, religious beliefs or affiliations, Philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record. It is also information that includes personal information, health information about an individual, or genetic information about an individual that is not otherwise health information.
  1. Disclosure – includes access to, talking and/or writing about, communicating or discussing personal and/or sensitive information in any way.

A consumer/patient has a general right of access to information this pharmacy holds about them. Our pharmacy provides the capacity for a consumer/patient to access and, where necessary, correct their own information. The pharmacy provides the capacity for consumers to access and, where necessary, correct their own information.

If we do not let a customer know when collecting their personal information that we may disclose it to someone else or they have not given permission for this disclosure to happen, then usually the pharmacy cannot make such a disclosure. The pharmacy may disclose personal information in accordance with the Australian Privacy Principles – permitted health situations or permitted general situations. 1

Policy statement

Blue Cross Pharmacy is committed to protecting an individual’s confidentiality and is subject to the Privacy Act (1988). The Privacy Act regulates the handling of personal information about individuals, including the collection, use, storage and disclosure of personal information, and access to and correction of that information. Information about the Privacy Act and the Australian Privacy Principles (APPs) can be found at:

Blue Cross Pharmacy upholds the rights in the Community Pharmacy Service Charter and its staff are aware where the Charter is displayed publicly in the pharmacy. The Charter can be accessed at:

Confidentiality practices in Blue Cross Pharmacy include:

  1. All staff are aware of the requirements of State and Territory privacy and/or health records legislation.
  2. When transferring information to a third party, Blue Cross Pharmacy will gain written consent from the person or their carer prior to the information being provided. The pharmacy will make the relevant templates and forms available, e.g. consent form.
  3. Copies of any information transferred will be filed in a confidential manner ensuring customer/patient privacy.
  4. Written or other information will be handled in such a way that unauthorized persons cannot view it, and will only be accessible to staff who have a legitimate need to access the information in order to provide continuing care.
  5. Whenever information is transferred between staff and customers/patients it will always be done in a respectful and discrete manner and only such information as is necessary to ensure continuous care is offered.
  6. Conversations between staff members within the pharmacy concerning individual’s personal matters must be conducted in such a manner that they cannot be overheard by others, and no conversations will be held outside the pharmacy regarding an individual’s personal and sensitive information.
  7. Not disclosing confidential information unless the individual has given permission or to prevent injury or death or as required by law.
  8. The storage and distribution of all confidential and personal information will be conducted in a manner that ensures the utmost privacy from any unauthorized persons.
  9. Only approved personnel will have access to and be responsible for the maintenance and updating of confidential information.
  10. Each State/Territory has privacy and/or health record legislation regarding the retention and disposal of records. This applies to all types of information formats; including electronic records.To protect customers’ privacy rights destruction needs to occur by secure means.[2]
  11. Customers/patients may have access to their own records as described in the Privacy Act. This will be managed by authorized personnel.


This policy does not apply in situations where there is a ‘permitted general or permitted health situation’, such as:

Permitted general situations:

  • Lessening or preventing a serious threat to the life, health or safety of any individual, or to public health or safety.
  • Taking appropriate action in relation to suspected unlawful activity or serious misconduct.
  • Locating a person reported as missing.
  • Asserting a legal or equitable claim.
  • Conducting an alternative dispute resolution process.

Permitted health situations:

  • The collection of health information to provide a health service. The collection of health information for certain research and other purposes.
  • The use or disclosure of genetic information.
  • The disclosure of health information for a secondary purpose to a responsible person for an individual.

In applying these situations, refer to the Australian Privacy Principles Guidelines available at

Responsibility for applying the policy

  1. All employees are responsible for applying this pharmacy’s Confidentiality Policy.
  2. Overall responsibility to answer questions on confidentiality and privacy must reside with the pharmacist-in-charge.

Action when the policy is breached

Breaches of this policy will be individually assessed and action taken by relevant pharmacy management as required. Such action may include a written warning or termination of employment, depending on the circumstances of the breach. Certain circumstances of breach may involve informing customer(s) concerned and/or review of internal confidential privacy procedures. Guidelines about what to do when there is a breach can be found at:

Complaints about alleged breaches of privacy can be made to the Privacy Commissioner at:

[1] Australian Privacy Principles: 16A, 16B.