eRx Script Exchange Pty Ltd (eRx
) operates a prescription exchange that holds patient prescription information. This information includes personal information relating to a patient such as the patient’s name, address, date of birth, gender and their Medicare or DVA number
eRx is independently audited for privacy to ensure it meets all obligations under the Privacy Act 1988. eRx is also accredited under the Australian Government National eAuthentication Framework around security and is independently verified as compliant with the requirements for information security for a “Medical-in-Confidence” system, as stipulated by the Commonwealth Government.
The security and privacy processes utilised by eRx were accredited by Department of Health and Ageing (DOHA) as part of an IRAP assessment. These measures have also been deemed appropriate for integration to the Commonwealth’s MyHR (My Health Record) through the NPDR (National Prescribe and Dispense Repository) Project.
All prescription information transmitted through eRx is fully encrypted so that it is completely private and secure. Only your doctor and pharmacist can see the electronic copy of your information
eRx acts as an “electronic postman” and we do not open the mail.
All patient and script information is locked with three levels of encryption before it leaves the doctor’s computer and can only be unlocked when it arrives at the pharmacy. The encryption used by eRx includes your HeSA PKI Certificates and Verisign certificates.
eRx can unlock the first level of encryption to reveal the “header” information for the data package. This information is required so that eRx can ensure it sends the correct script to the pharmacy when the barcode is scanned. The “header” information does not include personal or medical information.
We encourage you to check whether other exchanges, ever store your personal information or your prescription records or your dispense records in an unencrypted format.
eRx does not support the scraping of data from any clinical systems and we work closely with our vendor partners to guarantee their technical solution does not collect sensitive clinical information in this way.
In eRx’s opinion, the practice of collecting prescription data using a scraping tool – for example one that interrupts a print command, scrapes the relevant data and puts a barcode on the script – is a highly inappropriate way to generate an electronic script that is later transmitted to a pharmacy for dispensing.
We encourage you to check whether other exchanges use scraping technology to collect and transmit sensitive clinical information such as scripts.
eRx does not collect or monitor prescribing or patient history and we do not sell or pass any clinical information to anyone unless specifically directed by the patient.
eRx is capable of sending script data to third parties to create an electronic health record, however this is only done when requested to by a patient. The electronic script is still held and processed by eRx in an encrypted format. The consent/request for eRx to pass an electronic script to a third party must be obtained by the authorised clinician involved.
An example of an electronic health record that patients may ask us to send scripts to is MyHR. Consent to do this must be obtained from the patient by the doctor or pharmacist involved and flagged in the “header” of the electronic script sent to eRx.