Layer 1

Delivery driver errors considered 'data breaches' from next week

NPA: Sending medicines with a patient's personal data to the wrong person would be a data breach
NPA: Sending medicines with a patient's personal data to the wrong person would be a data breach

Errors made by delivery drivers could be classed as “data breaches” under EU regulations coming into force next week, the National Pharmacy Association (NPA) has warned.

Under the General Data Protection Regulation (GDPR) – which comes into force on May 25 – “sending personal data to an incorrect recipient”, would be considered a breach of personal data.

In its latest medication safety report, published last week (May 10), the NPA referred to errors made by delivery drivers for the first time.

Drivers were involved in 5% of dispensing errors reported to the NPA in the first three months of 2018, which the organisation’s chief pharmacist Leyla Hannbeck told C+D yesterday (May 16) was “an increase compared to previous quarters”.

Read some examples of the delivery driver errors reported to the NPA so far in 2018 here.

While the NPA had not highlighted errors by drivers in the past, the fact that the delivery of medicines with a patient's name and address to the wrong person may be classed as a data breach under GDPR meant “it was important to highlight how common such errors are and therefore action that needs to be taken by pharmacy teams to prevent such errors”, Ms Hannbeck explained.

According to the Information Commissioner’s Office (ICO), organisations are required to inform the ICO of any data breach within 72 hours of becoming aware of it.

“Failing to notify a breach when required to do so can result in a significant fine up to €10 million or 2% of your global turnover,” it warned. “So it’s important to make sure you have a robust breach-reporting process in place to ensure you detect and can notify a breach, on time; and to provide the necessary details.”

On Monday, the NPA slammed the GDPR requirement for all pharmacies to appoint a data ‘expert’ by May 25 as “disproportionately impacting” independents. Pharmacy law expert David Reissner also warned  that it will be hard for pharmacies to appoint someone for this role in time for the deadline.

5 Comments
Question: 
Are you going to inform your pharmacy's delivery driver about the risk of a 'data breach'?

Brian AUSTEN, Administration & Support

If medication is delivered to the wrong address, patient safety, clinical governance investigation and report should be the immediate focus. I would worry about any delivery driver failing to confirm the address and identify who the medicine was for at the address before handing medication over. Delivery SOPs should cover all this and delivery drivers supervised to make sure they are complying with them.

A Hussain, Senior Management

I'm sure they would. It's a shame that our own regulatory bodies won't do anything about it, but at least this gives me a little hope.

Richard Judge, Manager

Lots of scaremongering around GDPR at the moment. If your delivery driver delivers to the wrong address then an incident report would need to be completed. Unless there is a risk of loss or serious distress then there would be no need to inform ico. The incident report and action plan would be enough. Ico consider fines as a last resort and would usually only be for wilful breach of the regulations or failure to act on their recommendations. Who is recording how many packages from p2u are getting lost or delivered to the wrong address, left with a neighbour by royal mail?

A Hussain, Senior Management

We have a surgery that operates pretty relentless prescription direction.  Can this be reported to the ICO as this is against patient wishes?  Hopefully this is a way of dealing with prescription direction indirectly.

Adam Hall, Community pharmacist

I would think so - but you might need to get one of the patients to complain

Job of the week

Pharmacy Manager
Fareham, Hampshire
Competitive plus benefits