NYS Pharmacy:Patient Confidentiality

The New York State Education Department (“SED”) Office of the Professions (“OP”) is alerting everyone to a vishing scam that has been brought to our attention. Phishing—or “vishing”—scams impersonate SED employees or websites attempting to collect licensure and personal information from the licensee. If you receive an inquiry which you believe to be suspicious do not provide any information. To verify if the inquiry was from OP, contact us directly. You may report any suspicious communication received to the Federal Trade Commission.

Expand All

1. Must a pharmacy obtain permission from a patient to enter in or access from a shared database the patient's medical and/or prescription information?

YES.

2. Does such permission have to be documented?

YES. The pharmacist is required to obtain permission that is documented as a patient's express written consent.

3. What if a person refuses to have his/her information entered into a shared database?

A consumer may refuse to have his/her information entered into a shared database. The pharmacy that originally filled the prescription must place a "firewall" around the data. This "firewall" must prevent access to patient-specific information by an unauthorized individual at another location.