Pharmacyrepublic Limited has pledged to improve its information governance processes after a PMR system was stolen from premises that were being taken over by another provider.

The Nuneaton-based pharmacy company said it would now ensure its data was securely handled, after reporting the theft of the tower computer system to the Information Commissioner's Office (ICO) in September 2011.

The theft of the PMR system, which recorded the medication handed out to about 2,000 patients, occurred after the owners had vacated the pharmacy premises last year. The ICO said Pharmacyrepublic had failed to secure the PMR system adequately and should have returned it to the wholesaler when the premises became vacant. The pharmacy had been paying the wholesaler a monthly retainer for the software and hardware of the PMR system.

Pharmacyrepublic has pledged to improve its information governance processes after data on 2,000 patients was stolen from a vacated pharmacy

Pharmacists left 'confused' in run up to clinical governance deadline PCTs leak patient data in 'appalling' breaches NHS PS breaches information governance 19 times since CIP

The ICO's investigation found that the system contained "a limited amount of sensitive information" and was password-protected. But it stressed that the incident should act as a warning to other healthcare providers. The ICO said earlier this year that the health sector was a "priority area" for regulation, after C+D revealed that half of the primary care trusts (PCTs) in England had breached information governance controls, with many revealing confidential patient information to members of the public.

"It is important that companies have measures in place to keep personal information secure at all times. If a company is vacating [its] premises then it should ensure that any equipment used to store people's data is handled correctly," said ICO head of enforcement Stephen Eckersley. "In this case the system should have been returned to the wholesaler safely and securely."

Mr Eckersley added: "This incident should act as a warning to all healthcare providers - your data protection obligations do not end while the personal information of your patients remains on site and in your control."

The ICO said Pharmacyrepublic had now updated its procedures to ensure PMR data would be securely handled.

"All staff will also be made aware of the company's procedures for the safe storage and retrieval of personal data and appropriately trained on how to follow these," the ICO reported.

Lindsay McClure, NHS IT Lead at PSNC, advised pharmacies to demonstrate how robust their information governance procedures were through their annual NHS assessments."In the event of a breach of the Data Protection Act, evidence of compliance with the NHS information governance requirements will support a pharmacy in defending that reasonable steps were taken to protect sensitive information," she said.

C+D was unable to obtain comment from Pharmacyrepublic. Read the full ICO report here.