Confidentiality and Data Protection

Question 1

What is the key UK Data protection legislation?

Answer 1

• Data Protection Act framework alongside the UK GDPR
• UK GDPR states the key principles, rights and obligations for the processing of personal data

Question 2

What is data protection?

Answer 2

Ensuring people can trust you to use their data fairly and responsible
- Recognising a person’s right to have control over their information
- Recognising that data protection is essential for innovation

Question 3

Define personal data

Answer 3

Information that relates to an identifiable individual
It is sensitive i.e health data

Question 4

Define data controller

Answer 4

Person that decided how and why to collect and use the data
- an organisation or an individual

Question 5

Define data processing

Answer 5

Collecting, recording, storing, using
- E.g. medication history, medical notes etc

Question 6

State the standards for consent

Answer 6

• must be freely given
• obvious and require a positive action to opt in
• must specifically cover the controller’s name, the purposes of the processing and the types of processing activity
• Expressly confirmed in words
• No set time limit for consent
• Opportunities to withdraw
• Clear record keeping

Question 7

What does health data relate to?

Answer 7

Current, past or future physical or mental health

Question 8

State the 8 individual rights

Answer 8

1. the right to be informed
2. the right of access
3. the right of rectification
4. the right to erasure
5. the right to restrict processing - limit the way your data is used
6. the right to data portability - allows people to obtain and reuse their own data for their own purposes
7. the right to object
8. rights in relation to automated decision making including profiling

Question 9

What is a processor responsible for?

Answer 9

For processing personal data on behalf of a controller

Question 10

How might data be processed in a community pharmacy or hospital dispensary?

Answer 10

• when you take in a prescription
• when you use information on a patient’s record to dispense medication
• when you discuss a patient with another healthcare professional
• when you undertake an audit of medication reviews
• you view the Summary Care Record of a patient

Question 11

What is a personal data breach?

Answer 11

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data

Question 12

How to handle data in pharmacy practice?

Answer 12

• Tell people what we will do with their information
• Only use information for the agreed purpose
• Only collect and hold what you need
• Check accuracy
• Organisational and technical controls
• Only keep as long as necessary