confidentiality Flashcards
what does the GDPR ensure?
•Intended to ensure that data is processed lawfully, fairly and in a transparent manner in relation to individuals across the EU
what was the GDPR linked with in 2018?
GDPR is accompanied by a new Data Protection Act which came into force in May 2018
•The new Act is all about personal information and the way that it is collected, stored and used
who oversees the data protection act 2018?
information commissioner (IC)
what does the data protection act 2018 oversee?
•The Act requires anyone who records and uses personal information to be registered with the IC
define data subject
•An identified or identifiable living ‘natural individual’
define data processor
- Collecting, recording, organising, structuring, storing, retrieval, consulting, use and disclosure of data
- Someone who does any of the above is a data processor
define data controller
•A person with overall responsibility for the processing of information (decides what data to process and how)
who is the informations commission officier?
•the independent authority for the UK which will uphold information rights in the public interest
what is classed as personal information?
Name and address •Telephone number •Email address •Details of medicines dispensed •NHS number •Age •Any information which could potentially be used to identify a person could be classed as PI
how should organizations handle personal information?
- Be transparent in explaining the use of people’s PI
- Provide choices about how PI is used where appropriate to do so
- Keep it secure
- Only collect and retain the minimum amount of PI necessary to carry out their functions
- Only retain data for as long as it is required
- Report any loss of PI promptly
what happens if you do not comply with how PI should be handled?
severe penalties
what is special category data?
personal information that is especially sensitive
what would happen if you disclosed special category data?
•Disclosure of this data could significantly impact the rights and freedoms of data subjects and potentially be used against them for unlawful discrimination.
what are examples of special category data?
- Race and ethnic origin
- Religious or philosophical beliefs
- Political opinions
- Trade union memberships
- Biometric data used to identify an individual
- Genetic data
- Health data
- Data related to sexual preferences, sex life, and/or sexual orientation
when can you process special category data?
- The data subject has given explicit consent to the processing for one or more specified purposes
- Processing is necessary for the purpose of the provision of healthcare or treatment •The processing must be done under the responsibility of a professional
what are the rights of individuals when it comes to PI?
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to data processing
- The right not to be subject to automated decision-making including profiling
what rights of individuals are applied to pharmacy?
1.The right to be informed
2.The right of access
3.The right to rectification
7The right to object to data processing
what is patient confidentiality?
is a professional obligation for all pharmacy professionals
t is a professional requirement to gain consent from the patient for the provision of care or pharmacy services
what type of consent applies to marketing purposes?
GDPR consent
what does consent mean?
Consent means ‘express willingness, give permission, agree’
•GPhC Standards for Pharmacy Professionals: ‘Obtain consent to provide care and pharmacy services’
what are the two types of consent?
•Explicit consent
•Implied consent
-must be active consent- not silent- must not assume
when is a pre-ticked consent box ok?
never
what must be provided to a pateient when giving consent?
Information must be provided on the right to withdraw consent and how to do this
how is explicit consent now the same as service consent?
•Consent or explicit consent is a lawful basis for processing personal data
•This is not the same as consent for service provision (consent to the activity) e.g. in a pharmacy
therefore may have to ask for consent twice
