The UK data protection regulator, the Information Commissioner’s Office (ICO), has fined Doorstep Dispensaree Ltd £275,000 for failing to ensure the security of special category data. All pharmacists are reminded of the importance of following the General Data Protection Regulations (GDPR)
Pharmacies like any organisation need to make sure they keep individuals’ data secure and pharmacists should be confident that their employers are keeping both patient data and keeping the pharmacist’s own employee data secure and confidential in accordance with GDPR.
Doorstep Dispensaree Ltd, left some 500,000 documents relating to patients in unlocked containers at the back of its premises in Edgware. The documents included names, addresses, dates of birth, medical information, NHS numbers and prescription information.
The documents that were water damaged, were dated between June 2016 and June 2018. Failing to process data in a manner that ensures appropriate security against unauthorised or unlawful processing and accidental loss, destruction or damage is an infringement of the GDPR, which came into force in the UK in May 2018.
The ICO investigated the pharmacy after it was alerted to the insecurely stored documents by the Medicines and Healthcare Products Regulatory Agency, which was carrying out a separate inquiry. The administrative fine was imposed under S.155 of the Data Protection Act 2018, which implements the GDPR. In setting the fine, the ICO considered the contravention only from 25 May 2018, when the GDPR came into effect.
The full ICO order is available to read and download here.