Could your patient data be at risk? Bunnings and Kmart's owner is getting into the prescriptions business
- Replies 30
Have you ever considered using an online doctor service instead of visiting a general practitioner (GP) in person? It’s a thought that’s becoming increasingly appealing in our busy world. But there is a potential risk to consider: patient data security.
Recently, the Australian retail corporation Wesfarmers—who also owns Bunnings and Kmart—made headlines when it purchased InstantScripts.
The corporation spent $135 million in July to acquire the business, an online doctor service that lets patients generate prescriptions remotely via an online form.
With 300 low-risk medications being either picked up from a pharmacist or delivered directly to an individual’s home, InstantScripts was a convenient option during the pandemic, and the company earned up to $50M in annual revenue previously.
Unsurprisingly, the Medical Board of Australia was not impressed with the lack of a real-time patient-doctor consultation and cited that it’s not a good medical practice to prescribe medications without it.
New telehealth guidelines were implemented this month, which require doctors to undergo an in-person, telephone or video consultation if a prescription is to be provided. If the direct consultation is not provided, the doctor must explain ‘how the prescribing and the management of the patient was appropriate and necessary in the circumstances’.
The move by Wesfarmers is concerning for medical practitioners because of the potential risks to patient data security. With the purchase, the company now has access to medical information, such as medical certificates, blood tests and other GP services, which could be highly valuable in their data collection.
Chris Owen, President of the Queensland Pharmacy Guild, believed that Wesfarmers could get additional value from the data collected on the site. He claimed that even if they protect identifiable patient information, anonymised data could still be useful for online advertising—which is primarily already based on stereotyped 'personality sets'.
‘They’ll still have the ability, if they join it together with their frequent flyer program or their Flybys program…to have access to that data across a variety of different platforms,’ Mr Owen said.
‘We’ve always held health data is pretty sacrosanct,’ he added.
InstantScripts’ General Manager, Richard Skimin, said patient data is stored securely and is only accessible by the company’s doctors.
‘InstantScripts’ secure systems are housed and managed independently, eliminating any risk of a patient’s health data being inadvertently shared with other Wesfarmers businesses,’ Mr Skimin explained.
However, the Vice President of the Royal Australian College of GPs (RACGP), Bruce Willett, said the recent PwC scandal showed that major corporations were not always successful in maintaining a clear boundary between different arms of the business.
‘[InstantScripts’] privacy policy says that they do share information for the purposes of targeted advertising and to their delivery partners,’ he mentioned.
‘It says that they don’t share health information. But the question is: where is that line? And how effective is that [firewall]? We’ve seen examples of where that doesn’t work in other parts of corporate Australia,’ Mr Willett added.
He also noted that regulators had not kept up with the rapid growth of the private sector, especially with the increasing ‘vertically integrated organisations’ such as these.
‘This is probably the most extreme vertically integrated [arrangement]—from pharmaceutical suppliers to providing the prescriptions, providing the scripts, delivering the scripts, plus the other retailing things across to the side, with Kmart and what have you.’
Mr Skimin discussed the ‘missed opportunity’ in the medical board’s revision of the telehealth guidelines.
‘There are certain cases in which asynchronous prescribing [in which doctors don’t consult in real time], when underpinned by robust controls and clinical governance process, works very safely and effectively,’ he said.
‘Regulating such a practice out of existence is a clear example of provider interest taking priority over the interest of patients.’
Elizabeth Deveny, the Chief Executive of Consumers Health Forum of Australia, said that while patients have much to gain from telehealth, she also warned that they should be careful around data collection.
‘We also would call on the government to make better standards here with some plain English requirements so that everyone knows straightforwardly what they’re getting consent for, and equally importantly, how they can change that over time,’ she stated.
‘Sometimes what we see too is that you can only get the service if you agree to the data sharing. So, we think that that clause should always be optional. We think you should have to opt into anything like that,’ she added.
So if you ever find yourself using an online doctor service, make sure you take the time to read the privacy policy carefully—and stay vigilant in protecting your data!
What do you think of this story, members? Do you use InstantScripts? Share your experience in the comments below!
Recently, the Australian retail corporation Wesfarmers—who also owns Bunnings and Kmart—made headlines when it purchased InstantScripts.
The corporation spent $135 million in July to acquire the business, an online doctor service that lets patients generate prescriptions remotely via an online form.
With 300 low-risk medications being either picked up from a pharmacist or delivered directly to an individual’s home, InstantScripts was a convenient option during the pandemic, and the company earned up to $50M in annual revenue previously.
InstantScripts is an online doctor service that lets patients generate prescriptions remotely via an online form. Credit: InstantScripts
Unsurprisingly, the Medical Board of Australia was not impressed with the lack of a real-time patient-doctor consultation and cited that it’s not a good medical practice to prescribe medications without it.
New telehealth guidelines were implemented this month, which require doctors to undergo an in-person, telephone or video consultation if a prescription is to be provided. If the direct consultation is not provided, the doctor must explain ‘how the prescribing and the management of the patient was appropriate and necessary in the circumstances’.
The move by Wesfarmers is concerning for medical practitioners because of the potential risks to patient data security. With the purchase, the company now has access to medical information, such as medical certificates, blood tests and other GP services, which could be highly valuable in their data collection.
Chris Owen, President of the Queensland Pharmacy Guild, believed that Wesfarmers could get additional value from the data collected on the site. He claimed that even if they protect identifiable patient information, anonymised data could still be useful for online advertising—which is primarily already based on stereotyped 'personality sets'.
‘They’ll still have the ability, if they join it together with their frequent flyer program or their Flybys program…to have access to that data across a variety of different platforms,’ Mr Owen said.
‘We’ve always held health data is pretty sacrosanct,’ he added.
Medical practitioners are concerned about the security risks of InstantScripts’ patient data. Credit: RomanR/Shutterstock
InstantScripts’ General Manager, Richard Skimin, said patient data is stored securely and is only accessible by the company’s doctors.
‘InstantScripts’ secure systems are housed and managed independently, eliminating any risk of a patient’s health data being inadvertently shared with other Wesfarmers businesses,’ Mr Skimin explained.
However, the Vice President of the Royal Australian College of GPs (RACGP), Bruce Willett, said the recent PwC scandal showed that major corporations were not always successful in maintaining a clear boundary between different arms of the business.
‘[InstantScripts’] privacy policy says that they do share information for the purposes of targeted advertising and to their delivery partners,’ he mentioned.
‘It says that they don’t share health information. But the question is: where is that line? And how effective is that [firewall]? We’ve seen examples of where that doesn’t work in other parts of corporate Australia,’ Mr Willett added.
He also noted that regulators had not kept up with the rapid growth of the private sector, especially with the increasing ‘vertically integrated organisations’ such as these.
‘This is probably the most extreme vertically integrated [arrangement]—from pharmaceutical suppliers to providing the prescriptions, providing the scripts, delivering the scripts, plus the other retailing things across to the side, with Kmart and what have you.’
Mr Skimin discussed the ‘missed opportunity’ in the medical board’s revision of the telehealth guidelines.
‘There are certain cases in which asynchronous prescribing [in which doctors don’t consult in real time], when underpinned by robust controls and clinical governance process, works very safely and effectively,’ he said.
‘Regulating such a practice out of existence is a clear example of provider interest taking priority over the interest of patients.’
Elizabeth Deveny, the Chief Executive of Consumers Health Forum of Australia, said that while patients have much to gain from telehealth, she also warned that they should be careful around data collection.
‘We also would call on the government to make better standards here with some plain English requirements so that everyone knows straightforwardly what they’re getting consent for, and equally importantly, how they can change that over time,’ she stated.
‘Sometimes what we see too is that you can only get the service if you agree to the data sharing. So, we think that that clause should always be optional. We think you should have to opt into anything like that,’ she added.
So if you ever find yourself using an online doctor service, make sure you take the time to read the privacy policy carefully—and stay vigilant in protecting your data!
What do you think of this story, members? Do you use InstantScripts? Share your experience in the comments below!
.png){kind=icon}
