Privacy & Access Notice

Pharmassist is a pharmacy support application operated by AVIS Pharmacy Ltd to assist with prescription management, refill requests, and patient reminders. The system is currently operating in BETA.

What Data Is Collected

• Patient identifier (email address and/or phone number)
• Medication and prescription records
• Refill requests and fulfillment status
• Optional patient notes related to refills
• System access and activity logs

Who Can Access Patient Data

• Patients: May view only their own medications and refill history.
• Pharmacists: May access patient prescription and refill records strictly for dispensing and care purposes.
• System Owner: Oversight of system operation and compliance.
• Data Protection Officer (DPO): Read-only access to audit logs, granted only when legally required.

Access Controls

Access to Pharmassist is role-based. Pharmacist access requires authenticated credentials and all pharmacist activity is logged for audit purposes.

Audit Logging

Key actions including medication entry, refill requests, status updates, and administrative access are logged with timestamps and role identifiers.

Data Retention Policy

Effective date: 25 December 2025

System: Pharmassist (Beta)

Purpose

This policy explains how long patient and operational data is retained within Pharmassist in accordance with pharmacy operations and data protection principles.

Data Covered

• Patient identifiers
• Medication and prescription records
• Refill requests and status history
• Pharmacist-to-patient messages
• System audit and access logs

Retention Period

• Patient medication and refill records: Retained for a minimum of three (3) years from the date of last activity.
• Audit and access logs: Retained for a minimum of three (3) years, or longer where required for compliance or regulatory review.
• Temporary access credentials: Automatically expire and are not retained beyond their validity period.

Data Review and Deletion

Data may be reviewed periodically and removed once it no longer meets retention requirements. Deletion may be carried out manually or through scheduled system maintenance.

Access During Retention

• Patients retain access only to their own records
• Pharmacists access data necessary to perform pharmacy services
• The system owner oversees operational compliance
• DPO access is limited to read-only audit review when required

Backups & Business Continuity

Pharmassist data is protected using secure cloud infrastructure. Operational data may be backed up periodically to support service continuity, recovery from system failure, or regulatory review. Backup access is restricted and used only for operational or compliance purposes.

Beta Status

Pharmassist is currently in active BETA use. Security controls, retention processes, and operational safeguards are reviewed and improved on an ongoing basis.

Frequently Asked Questions

Who can see my information?
Only authorized pharmacy staff involved in your care can access your records. System access is logged and monitored.

Is my data shared with third parties?
No. Pharmassist does not sell or share patient data with third parties for marketing purposes.

Who do I contact about my data?
Questions or concerns about your data can be directed to AVIS Pharmacy Ltd. A Data Protection Officer may be engaged where required by law.

Last updated: December 2025