Under the General Data Protection Regulation (GDPR) – which comes into force on May 25 – “sending personal data to an incorrect recipient”, would be considered a breach of personal data.
In its latest medication safety report, published last week (May 10), the NPA referred to errors made by delivery drivers for the first time.
Drivers were involved in 5% of dispensing errors reported to the NPA in the first three months of 2018, which the organisation’s chief pharmacist Leyla Hannbeck told C+D yesterday (May 16) was “an increase compared to previous quarters”.
Read some examples of the delivery driver errors reported to the NPA so far in 2018 here.
While the NPA had not highlighted errors by drivers in the past, the fact that the delivery of medicines with a patient's name and address to the wrong person may be classed as a data breach under GDPR meant “it was important to highlight how common such errors are and therefore action that needs to be taken by pharmacy teams to prevent such errors”, Ms Hannbeck explained.
According to the Information Commissioner’s Office (ICO), organisations are required to inform the ICO of any data breach within 72 hours of becoming aware of it.
“Failing to notify a breach when required to do so can result in a significant fine up to €10 million or 2% of your global turnover,” it warned. “So it’s important to make sure you have a robust breach-reporting process in place to ensure you detect and can notify a breach, on time; and to provide the necessary details.”
On Monday, the NPA slammed the GDPR requirement for all pharmacies to appoint a data ‘expert’ by May 25 as “disproportionately impacting” independents. Pharmacy law expert David Reissner also warned that it will be hard for pharmacies to appoint someone for this role in time for the deadline.