Layer 1

Xrayser: New EU data regulations don't reflect reality in pharmacies

"If my pharmacy sold patient data to a marketing firm I’d have my contract revoked"

Xrayser is unconvinced by the usefulness of the forthcoming GDPR requirements

“Asking a patient or representative to confirm the address verbally when handing out dispensed prescription items can be deemed a breach of the General Data Protection Regulation (GDPR) if others can hear this.”

And that encapsulates in one sentence the reason why a slim majority in this country voted for Brexit. Instead of evolving with developing need, the GDPR sums up everything about legislation created by a large unaccountable committee that has complete separation from the reality of the implementation of its decision making.

One of the most common dispensing errors is that of handing out a bagged prescription to the wrong patient, and the simplest way to reduce that risk is to ask for confirmation of the address. It’s drummed into pharmacy staff from day one, despite the fact it is a frequent source of confusion and derision by patients who respond with everything from the child-like “27 High Street, Middletown, England, The World…” to the smart alec: “Why, do you want to come home with me?”

OK, I do get that there are some people who do not wish to reveal their address, such as estranged partners from an abusive relationship, celebrities, and perhaps members of the security services. We have a women’s refuge not far from our pharmacy and their prescription address is a P.O. Box, so we ask them to confirm their name and date of birth – a decision we came to without the threat of a punitive fine, such as the 4% of turnover that can accompany a breach of the GDPR.

Of course it’s right that we protect the vulnerable in society, but we shouldn’t make society weak by treating everyone as vulnerable. A greater danger is that available data is not used for our benefit, such as the summary care record, which came with such overt warnings about inappropriate access that we had to be bribed with a ‘quality payment’ to start using it.

So the suggested way around the problem of confirming patient identity is to have a notice displayed that says patients may wish to confirm their identity in a way other than their address, and that this can be done in a private room.

This would not be needed if genuine intentional or negligent breaches were addressed in a way commensurate to the intended gain. I know that if my pharmacy sold patient data to a marketing firm or was unable to dispense scripts for three weeks I’d have my contract revoked.

We should absolutely not be careless with patient data, but will the GDPR stop Pharmacy2U selling patient information to a marketing company again or Cambridge Analytica persuading Facebook users to vote Europe out and Trump in? It’s probably a breach of data for me to answer out loud, so come close and I’ll whisper in your ear.

Read the National Pharmacy Association’s answers to pharmacists’ most commonly asked questions about GDPR here

3 Comments

Daniel McNulty, Superintendent Pharmacist

GDPR?  Easy.

Wait until the morning of Feb 9th 2019 when the Falsified Medicine Directive becomes self aware and we have to use Skynet scanners to read the barcode on patient's forheads before giving them their medications.

Uma Patel, Community pharmacist

Whilst I agree with Xrayser, the unaccountable committee consulted widely with a range of 'experts'. I wonder who they were. Probably none  of them has worked in a pharmacy

A Hussain, Senior Management

I was recently with my Dad as he had a day case surgery in a large hospital.  Patients were lined up in booths and the curtains drawn between them as the nurse or surgeon confirmed all of their details and what they were having done to the whole ward.  At one stage I almost had to shout out 'Benzalkonium Chloride' when they were struggling to get to the bottom of what the man on the other side of the curtain was allergic to!

Job of the week

Pharmacy Store Manager
Darlington, Durham
Competitive