Skip to main content

OrderLink security and privacy

What information an OrderLink exposes, what it protects, and how it is kept secure.

Written by Scrypt Support

An OrderLink is a unique, encrypted link that lets a patient submit an order to the pharmacy that created it. This article explains what information it exposes, what it protects, and how it is kept secure.

What the link gives access to

After confirming identity by entering the date of birth attached to the OrderLink patient, the user can see:

  • medicine names

  • prescription repeat information

  • therapeutic directions

  • pharmacy contact details

  • non-prescription pharmacy stock names

  • delivery address details, if saved by the user

What the link does not expose

  • patient name

  • patient date of birth

  • patient gender

  • patient identity documents (Medicare, concession card)

  • eScript tokens (a token can be ordered, but not retrieved by the user)

The link itself is a unique, encrypted, random key that cannot be decrypted to expose any personally identifiable information.

Who can access the information

An OrderLink is a direct connection to the pharmacy that created it, facilitated by their software provider, Scrypt. The information in an OrderLink can only be accessed through that link, and is not available to other healthcare teams or software providers.

How OrderLinks are created

Pharmacy staff generate an OrderLink by sending an OrderLink message via SMS to a patient's mobile number. The link can only be sent to the mobile number attached to the patient profile in the pharmacy's dispensing software.

Reporting a security concern

If you identify a security issue with the OrderLink process, contact the Scrypt support team. You can also raise it with your regular pharmacy, who will contact us on your behalf if needed.

Did this answer your question?