January 24, 2020

Is Your Pharmacy GDPR Compliant?

From paper prescriptions, to patient addresses and medical records – pharmacies handle some of the most sensitive personal data. However, ICO statistics show that the healthcare sector reports more data breaches than any other, accounting for 44% of all reported violations [1].

Following numerous high-profile cases, pharmacies have come under increasing scrutiny when it comes to information security – particularly due to the sensitive nature of the data being processed. Did you know medical records carry a value ten times greater than credit cards [2]?

Despite these worrying statistics, it seems as if fines resulting from the breaking of GDPR rules are still on the rise in the healthcare sector. Case in point: the first pharmacy to receive a fine from the ICO, after 500,000 medical documents containing sensitive information were found dumped outside in unlocked containers [3].

The pharmacy – Doorstep Dispensaree Ltd – which supplies medicines to thousands of elderly care home residents, was deemed by the ICO to have demonstrated a “cavalier attitude to data protection” [4]. This resulted in the first GDPR fine issued to a pharmacy, with the sum of £275,000 ordered to be paid by 17 January 2020.

So, with these new GDPR rulings in place, it’s essential pharmacies take precautionary measures to protect more than just the health of patients. Here are some best practices to prevent a data breach at your pharmacy and to ensure compliance, to avoid being the next topic of conversation in the world of healthcare and GDPR news.

Think compliance: Download our whitepaper and familiarise yourself with the official GDPR legislation of the ICO.

Document the data you hold: Start by auditing your internal systems and identifying where personal data is stored in both physical and online files.

Communicating privacy information: Upload an updated privacy policy to your website and circulate the latest policies to staff. Ensure staff are trained in all matters relating to GDPR.

Protect it: Use a document management process so all data is secured from creation to disposal. Remember to think about paper-based documents as well as digital records.  A retention policy should identify which documents must be kept and for how long.

Increase cyber security: Prevention and detection tools are critical. Keep everything up-to-date and password protected. In the case of a data breach, have a response plan in place and be ready to effectively handle a security breach.

Record data breaches: If a data breach occurs, you need to establish the severity of the resulting risk to people’s rights. If there will be a risk, you must notify the ICO. For any more information, please consult the ICO’s guide to Reporting a Data Breach and take the self-assessment to help determine whether your organisation needs to report to the ICO.

Destroy it: Have a formal procedure for the secure destruction of documents containing sensitive information or introduce a Shred-it All Policy so that all documents are securely shredded. Partner with a company that provides a secure chain of custody and a documented process for both paper and hard drives and e-media destruction.

 

Start Protecting Your Pharmacy

We protect what matters and what matters to us is the security of your pharmacy. Our specialty shredding services are tailor-made for the healthcare industry, where we recommend destroying everything from patient information to medical invoices and payments. Our expertise is further reinforced with media and hard drive destruction services to ensure digital information found on USB devices and computers is irretrievable.   

To learn more about how we can protect the confidential information of your patients, contact us for a no obligation Data Security Survey. Our Data Security Survey is a crucial first step to ensuring vulnerable areas of your organisation are identified. Our team can provide efficient, expert recommendations on how to reduce the risk of a data breach and to help keep your pharmacy compliant.

[1] – The Register
[2] – Reuters
[3] – The Telegraph
[4] – The Pharmaceutical Journal