Are Poorly Trained Pharmacy Staff Breaching Data Protection?

When you collect a prescription from your local pharmacy, the person behind the counter is required to first check your name and address (or date of birth) before giving you the medication.

Checking Identity Before Dispensing Medicine

Checking two pieces of personal data helps to reduce the risk of giving the medication to the wrong person due to a mix-up in the names.  This is a sensible precaution: if the pharmacist gives the medicine to the wrong person, it could harm them, for example if they have an allergic reaction.

But in an era when we are increasingly being warned about keeping our data safe, have you ever stopped to consider the implications of giving out your personal data in a public place?

Risks of Your Name & Address Being Given Out

Identity theft is unlikely to result from your name and address being made public, although those two items of data could be a starting point for someone wishing to build up a profile about you.

A greater risk is posed by those around you in the pharmacy at the time.  They are not entitled to your personal data even if the pharmacist is.

Suppose the person behind you in the queue is the mother who had a go at you after you told her son off for kicking a ball out into the road.  Or perhaps it’s the surly man who was upset with you for colliding with him, even though he was the one who walked into your path at the last minute because he was too busy checking his smartphone.  Do you really want them to know your name and address?  Probably nothing would come of it but why take the risk?

How to Protect Your Data

One way to help prevent this is by writing down your address on a piece of paper and showing this to the pharmacist.   Or take ID with you.   This allows them to check you are the right person without compromising your data security.  In fact I have done this for a while and most pharmacists get why a customer may choose this option.

Staff Duty to Protect Customer Data

Of course, this only works if pharmacists understand the importance of protecting their customers’ data.  Recently, a new lady behind the counter in my local pharmacy breached my data protection by announcing my address out loud within earshot of another customer.

Once the other customer had left, I gently pointed out the breach of data privacy and that she did not need to read the address out loud in order to confirm I was the right person.  After some initial confusion, she got the point and apologised.  It was clear that she did not mean to breach patient confidentiality but it does raise the question just how much training pharmacists get in this area.

General Pharmaceutical Council

The General Pharmaceutical Council, regulator for pharmacists + their technicians & premises, states in their Guidance on Patient Confidentiality:

You must respect and protect people’s dignity and privacy.  Take all reasonable steps to prevent accidental disclosure or  unauthorised access to confidential information. Never disclose confidential information without consent unless required to do so by the law or in exceptional circumstances.
Perhaps it is time for them to instigate a training programme to ensure that all staff working in this profession understand the importance of data privacy.  They may wish to emphasise written confirmation as an alternative to verbal confirmation.