A practical workflow for cancelling tokens, updating profiles and preventing repeat-token errors at every dispense.
Electronic prescriptions are safe, secure and generally convenient for patients and
health practitioners.1 This convenience largely stems from the rapid transfer of
prescriptions and their digital tokens without the need for a physical paper
prescription.
This transfer is so fast there’s often no lag between a dispensing label being printed
and the patient receiving a new repeat token on their phone via SMS. So what
happens if that repeat is sent to the wrong number?
What happens if a pharmacy sends a token to the wrong phone number?
The wrong person will receive the token. While the design of tokens (no name,
limited information) limits the likelihood of a privacy breach, it provides the recipient
with unauthorised access to the prescription (and therefore unauthorised access to
the prescribed medicine).
What can cause the token to be associated with the wrong phone number?
A person’s phone numbers in dispensing software may be incorrect when:
- imported from details associated with the electronic prescription (e.g. another
pharmacy or medical centre) - patient has a new phone number
- pharmacist has transcribed number incorrectly
- a temporary contact number (e.g. another pharmacy/medical centre) was
previously added to the profile and not removed from this field - number has been entered on incorrect record
- patient or legal guardian no longer wishes person associated with the phone
number to access the prescription (e.g. divorce, phone shared between
multiple adults, child becomes an adult, child custody, intimate partner
violence etc.)
Apart from the last dot point, each example above is a very simple and easy-to-make
error. And an error type which pharmacy workflows need to effectively eliminate
through routine checks during the dispensing process.
Will correcting the number and reissuing the token ‘fix everything’?
No. Once a token has been issued, it cannot be retrieved. Simply changing the phone number in the patient profile and reissuing the token will send the token to the patient’s preferred mobile number, but will not cancel the incorrectly issued token, which will still be sitting in the SMS inbox of the person who received it.
Then what should I do?
While a token can’t be retrieved, it can be cancelled.
In dispensing software cancelling the dispensing event which caused the token to be generated will cancel the repeat token which was issued because of it.
The patient contact details in their profile in the dispensing software should then be
updated, including verifying their electronic prescription preferences. The prescription should then be re-dispensed through the dispensing system.2
Do I need to report this to my indemnity insurer?
Yes, especially if the issue is not identified at the time of dispensing. A note should be added to the patient profile documenting the incident. Documentation may also be required in the pharmacy’s incident log.
How can this be avoided?
Check patient mobile phone numbers at every dispense event prior to authorising
dispensing and generating the dispensing label.
There are multiple different approaches to workflow for achieving this, including at
prescription intake or in forward dispensing – for example, including mobile phone
number in information check at scripts-in.
As one of the approved identifiers, mobile phone number is a good choice of
identifier to use as one of the three identifiers at scripts-in, patient selection and/or
scripts-out.3,4
References
- digitalhealth.gov.au. Electronic prescribing: for dispensers. 2025. At: www.digitalhealth.gov.au/ealthcare-providers/initiatives-and-programs/electronic-prescribing/for-dispensers/
- Pharmaceutical Defence Limited. Electronic prescriptions: National Practice Alerts. 22 December 2023. At: www.pdl.org.au/electronicprescriptions-2/
- Pharmaceutical Society of Australia. Professional practice standards 2023 Version 6. 2025. At: www.psa.org.au/practice-support-industry/pps
- Australian Commission on Safety and Quality in Health Care. Correct identification and procedure matching. 2025. At: www.safetyandquality.gov.au/standards/nsqhs-standards/communicating-safetystandard/correct-identification-and-procedurematching
