unit 1 - Data protection, GDPR & Confidentiality Flashcards
What is GDPR?
General Data Protection Regulation
When did GDPR and the UK Data Protection Act 2018 come into force?
25th May 2018
What is the EU and UK law that currently governs how data is looked after by both private and public organisations, including charities?
GDPR
Who issues penalties if GDPR law is broken?
Information Commissioner’s Office (ICO)
What was in force before GDPR?
The Data Protection Act 1984 introduced rules on the storage and use of information
When was the Data Protection Act revised?
2003 to include paper-based filing systems data
What are the 6 principles of GDPR?
The GDPR requires you to follow certain data protection principles which, briefly, are:
1) processed lawfully, fairly and in a transparent manner
2) collected for specified, explicit and legitimate purposes
3) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
4) accurate and, where necessary, kept up to date
5) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
6) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage
What are the major (non-exhaustive) changes with GDPR compared to the data protection act?
Increased fines for breach of obligations
Data Breach Notification
Data Protection Officers (DPO)
Greater control for data subjects (Right to be forgotten - erasure)
How does a pharmacist need to be mindful about confidentiality?
Patient interactions - prescription counselling, over the counter (OTC) sales, provision of advice or enhanced services
Professional discussions with peers, members or pharmacy staff, other professionals (interdisciplinary discussion)
Discussion with family members and friends
Seeing a patient “out and about”
Patient queries
Information about pharmacy staff and students
Applies to student placements
What circumstances exist where it may be appropriate to disclose confidential information?
When a pharmacy professional:
has the consent of the person under their care
has to disclose by law
should do so in the public interest and/or
must do so in the vital interests of a person receiving treatment or care, for example, if a patient needs immediate urgent medical attention
When would a patient not need to consent to their confidential information being shared?
When the reason for sharing confidential information is one that the person receiving care would reasonably expect
When should a pharmacy professional contact a patient and obtain their consent?
If a pharmacy professional is unsure whether they have the person’s consent to share their information
Who should a pharmacist contact if they are not sure if they need to obtain consent to disclose information?
GPhC
What conditions should be met before disclosing information without the consent of the person receiving care?
A pharmacy professional should:
be satisfied that the law says they have to disclose the information, or that disclosure can be justified as being in the public interest and also meets the requirements of data protection legislation
ask for clarification from the person making the request, if they are unsure about the basis for the request
ask for the request in writing
Under which circumstances can records be disclosed to individuals indicated in the GDPR?
The police, or another enforcement, prosecuting or regulatory authority
A healthcare regulator, such as the GPhC or GMC
An NHS Counter-fraud investigation officer
A coroner, procurator fiscal, judge or relevant court which orders that the information should be disclosed
