In today’s world of big data, it seems like every week there is a new scandal telling of how a company or organisation has broken their clients’ trust by mismanaging their information – whether it be intentionally selling personal details, suffering data losses as a result of having inadequate security measures or using data in ways that they have no right to.
It has become more important than ever for companies to be able to show that they use the data they gather fairly, and the incoming General Data Protection Regulations (GDPR) and Data Protection Act 2018 are designed to update the law to ensure that this happens.
Community pharmacies, as well as all other organisations, will have to proactively demonstrate that they are processing data according to protection principles set out in law, or face being held to account by the Information Commissioner’s Office – the information regulator.
There has been, and continues to be, a great deal of scaremongering and misinformation around the GDPR, and it might be a terrifying prospect to comply with the new legal requirements if your practice today is poor.
But for community pharmacies this transition is, for the most part, simply cementing into law what has been good practice for years.
The changes are actually very helpful in making even clearer what is and what is not acceptable to do with client and patient information and highlighting when consent is required.
Pharmacists and their teams have all been looking after sensitive personal data ever since the keeping of records became a requirement many decades ago – and some have been doing this for even longer. A huge amount of information flows through a community pharmacy each day – from the information on prescriptions and that which is picked up in delivering essential healthcare services, to communications with patients, carers, other healthcare professionals and social care providers.
Although a lot of this is captured electronically, teams also have to manage hundreds of paper-based records and verbal exchanges over the course of each day whilst navigating the complexities of data protection legislation and their professional responsibility to put people’s safety and health above all else.
It’s fair to say that in Scotland, this is done very well. A 2017 report by the Information Commissioner’s Office (ICO, the information regulator) looked into data protection in the sector and found that the attitudes and approach to data security by individuals and companies were very good.
Whilst reassuring, this wasn’t news to Community Pharmacy Scotland – we are certain that our members and their teams understand the importance of keeping people’s data safe.
As such we have been more than comfortable campaigning with our colleagues at the Royal Pharmaceutical Society to allow pharmacists role-based read and write access to relevant parts of patient records at a time when public scrutiny of how personal data is handled is at an all-time high.
Safety always comes first when it comes to healthcare, and our members are currently limited in what they know about patients to what is volunteered, which can make providing tailored pharmaceutical care a real challenge, particularly when there are multiple conditions and medications involved.
It often comes as a shock to people that pharmacists are not able to see all of the medication that they are on, nor their diagnoses, which speaks volumes about the trust that is placed in our members.
The vast majority of people and patients that we speak to actually assume that their pharmacist knows about their medical history and is able to update it for other healthcare providers to see what actions have been taken.
This begs the question: Why don’t we? I certainly can’t see why not.
Harry McQuillan is chief executive of Community Pharmacy Scotland.