Managing eScripts sent to the wrong phone

Industry
By
Jarrod McMaugh MPS and Peter Guthrey MPS
-

A practical workflow for cancelling tokens, updating profiles and preventing repeat-token errors at every dispense.

Electronic prescriptions are safe, secure and generally convenient for patients and
health practitioners.1

This convenience largely stems from the rapid transfer of prescriptions and their digital tokens without the need for a physical paper prescription. This transfer is so fast there’s often no lag between a dispensing label being printed and the patient receiving a new repeat token on their phone via SMS. So, what happens if that repeat is sent to the wrong number?

What happens if a pharmacy sends a token to the wrong phone number?

The wrong person will receive the token. While the design of tokens (no name, limited information) limits the likelihood of a privacy breach, it provides the recipient with unauthorised access to the prescription (and therefore unauthorised access to the prescribed medicine).

Will correcting the number and reissuing the token ‘fix everything’?

No. Once a token has been issued, it cannot be retrieved. Simply changing the phone number in the patient profile and reissuing the token will send the token to the patient’s preferred mobile number, but will not cancel the incorrectly issued token, which will still be sitting in the SMS inbox of the person who received it.

Then what should I do?

While a token can’t be retrieved, it can be cancelled. In dispensing software cancelling the dispensing event which caused the token to be generated will cancel the repeat token which was issued because of it.

The patient contact details in their profile in the dispensing software should then be updated, including verifying their electronic prescription preferences. The prescription should then be re-dispensed through the dispensing system.2

Do I need to report this to my indemnity insurer?

Yes, especially if the issue is not identified at the time of dispensing. A note should be added to the patient profile documenting the incident. Documentation may also be required in the pharmacy’s incident log.

How can this be avoided?

Check patient mobile phone numbers at every dispense event prior to authorising dispensing and generating the dispensing label. Multiple different workflows can achieve this, such as checking during forward dispensing – or verifying mobile phone numbers at scripts-in.

As one of the approved identifiers, mobile phone number is a good choice of identifier to use as one of the three identifiers at scripts-in, patient selection and/or scripts-out.3,4

References

  1. digitalhealth.gov.au. Electronic prescribing: for dispensers. 2025. At: www.digitalhealth.gov.au/ealthcare-providers/initiatives-and-programs/electronic-prescribing/for-dispensers/
  2. Pharmaceutical Defence Limited. Electronic prescriptions: National Practice Alerts. 22 December 2023. At: www.pdl.org.au/electronicprescriptions-2/
  3. Pharmaceutical Society of Australia. Professional practice standards 2023 Version 6. 2025. At: www.psa.org.au/practice-support-industry/pps
  4. Australian Commission on Safety and Quality in Health Care. Correct identification and procedure matching. 2025. At: www.safetyandquality.gov.au/standards/nsqhs-standards/communicating-safetystandard/correct-identification-and-procedurematching