Privacy Policy

1.0 Purpose

The intent of this policy is to outline how MLMH will ensure confidentiality and privacy, that is, a customer’s right to have identifiable personal and health information kept private.

2.0 Scope

2.1 This policy applies to all staff at MLMH.

3.0 Responsibility

3.1 It is the responsibility of all staff to uphold the requirements of this confidentiality policy. Any questions shall be directed to the Pharmacist in Charge.

3.2 All staff shall ensure that patient confidentiality is maintained by:

  • Not discussing personal information with persons other than those who are responsible for the individuals’ care.
  • Speaking discreetly when in the pharmacy setting, so as to not be overheard.
  • Ensuring that any printed or electronic information is not left in a public or unsecured area

3.3 It is the responsibility of the owner or in his absence, the Pharmacist in Charge to act on any breaches in the confidentiality policy.

4.0 References

4.1 MLMH is committed to protecting an individual’s confidentiality and is subject to the Privacy Act (1988). The Privacy Act regulates the handling of personal information about individuals, including the collection, use, storage and disclosure of personal information, and access to and collection of that information. Information about the Privacy Act and the Australian Privacy Principles (APPs) can be found at:


4.2 MLMH upholds the rights in the Community Pharmacy Service Charter and its staff are aware where the Charter is displayed publically in the pharmacy. The Charter can be accessed at:


 5.0 Definitions

5.1 Information – Under the Privacy Act 1988 personal information is defined as: 'information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.'

Within this definition there is no distinction as to the source of the information or the forms in which it is held. It is personal information whether it is provided by an individual, an organisation.

5.2 Personal information – Includes information or opinion relating to a customers’ age, health, medicines, disabilities, family status or any other information that can reasonably be taken to be personal or sensitive. It also includes any other information protected by legislation.

5.3 Disclosure – The transfer or release of information, either directly or indirectly.

If we do not let a customer know when collecting their personal information that we may disclose it to someone else or they have not given permission for this to happen, then usually the pharmacy cannot make such a disclosure. The pharmacy may disclose personal information to another person to prevent or lessen a threat of death or injury to themselves or someone else, or if we are required to do so by law. 1

6.0 General Information

6.1 All staff are aware of the requirements of State and Territory privacy and/or health records legislation.

6.2 When information is transferred with the consent of the individual or their carer, they shall be offered copies of the information.

6.3 Copies of any information transferred will be filed in the pharmacy and be available for access by the individual involved, their carers, or other professionals to provide continuity of care.

6.4 Information shall be transferred, stored and handled so that unauthorised persons cannot view it. The information shall only be accessible to staff who have legitimate need to know in order to provide continuing care for the individual. 

6.5 Conversations between staff members within the pharmacy concerning customers’ personal matters must be conducted in such a manner that they cannot easily be overheard by other customers. No conversations regarding customers’ personal information shall be held in any public place.

6.6 Whenever information is transferred, it will always be done in a respectful manner and only such information as is necessary for ensuring quality and continuous care shall be provided.

6.7 Confidential information will not be disclosed unless the individual has given permission or to prevent injury or death as required by law.

6.8 In accordance with sate legislation, destruction of information needs to occur by secure means. This applies to all types of information formats including electronic records.

6.9 Only approved personnel will have access to and be responsible for the maintenance and updating of confidential information.

6.10 In accordance with sate legislation, destruction of information needs to occur by secure means. This applies to all types of information formats including electronic records.

7.0 Exceptions

7.1 This policy does not apply in situations where the safety of the individual or others would be compromised by not disclosing information or in situations where staff have knowledge or criminal activity. In applying these situations, refer to Australian Privacy Principles Guidelines available at Such ”permitted general or permitted health situations” are as follows:

7.2 Permitted general situations:

  • Lessening or preventing a serious threat to life, health or safety of any individual, or to public health or safety.
  • Taking appropriate action in relation to suspected unlawful activity or serious misconduct.
  • Locating a person reported as missing
  • Asserting a legal or equitable claim
  • Conducting an alternative dispute resolution process

7.3 Permitted health situations:

  • The collection of health information to provide a health service.
  • The collection of health information for certain research and other purposes.
  • The use or disclosure of genetic information
  • The disclosure of health information for a secondary purpose to a responsible person for an individual.

8.0 Action when the policy is breached

8.1 Failure to comply with this policy will be individually assessed and action taken by management as required. Such action may include a written waring or termination of employment, depending on the breach. l. If patient confidentiality has been breached, the owner of the pharmacy, or in their absence, the Pharmacist in Charge, shall notify the individual of the breach and review the internal confidential privacy procedures.

8.2 Guidelines about what to do when there is a breach can be found at:


8.3 Complaints about alleged breaches of privacy can be made to the Privacy Commissioner at:


9.0 Caveats

Complying with this policy does not remove obligations to comply with legislation.