An OrderLink is a unique, encrypted link that lets a patient submit an order to the pharmacy that created it. This article explains what information it exposes, what it protects, and how it is kept secure.
What the link gives access to
After confirming identity by entering the date of birth attached to the OrderLink patient, the user can see:
medicine names
prescription repeat information
therapeutic directions
pharmacy contact details
non-prescription pharmacy stock names
delivery address details, if saved by the user
What the link does not expose
patient name
patient date of birth
patient gender
patient identity documents (Medicare, concession card)
eScript tokens (a token can be ordered, but not retrieved by the user)
The link itself is a unique, encrypted, random key that cannot be decrypted to expose any personally identifiable information.
Who can access the information
An OrderLink is a direct connection to the pharmacy that created it, facilitated by their software provider, Scrypt. The information in an OrderLink can only be accessed through that link, and is not available to other healthcare teams or software providers.
How OrderLinks are created
Pharmacy staff generate an OrderLink by sending an OrderLink message via SMS to a patient's mobile number. The link can only be sent to the mobile number attached to the patient profile in the pharmacy's dispensing software.
Reporting a security concern
If you identify a security issue with the OrderLink process, contact the Scrypt support team. You can also raise it with your regular pharmacy, who will contact us on your behalf if needed.
