In a recently published inquiry, it was found that several pharmacies around the UK have routinely been sharing confidential medical data with law enforcement officers without a warrant.
The UK Information Commissioner’s Office conducted the investigation following a complaint made by the British Medical Journal. The Journal raised the alarm when it discovered that police officers had unlawfully accessed personal medical records at a local pharmacy.
The inquiry revealed that some pharmacies, including Boots and Lloyds Pharmacy, had been sharing patient data with police forces. This had been going on for several years. Initial requests were made in order to assist police with investigations concerning the misuse of controlled drugs, such as opioids.
The report found that the pharmacies had been sharing patient data without a warrant of any kind. In some cases, the data was handed over voluntarily without a compelling legal or public interest reason.
This behaviour is in direct breach of data protection legislation which states that such information must be subject to appropriate privacy protections. In addition, the UK Human Rights Act states that individuals have the right to keep their personal data confidential.
The ICO has since issued an enforcement notice to the stores in question, ordering them to stop their current practice. It has also warned other pharmacies that similar requests should never be complied with until a warrant has been acquired.
This inquiry has highlighted the importance of data privacy and reminded us of our fundamental right to keep our medical details confidential. It is essential that pharmacies and other organisations take steps to ensure their systems and processes are adequate enough to protect sensitive records.
