Case Studies

Data breach

by msecadm4921

A Warwickshire-based company has committed to taking action to protect personal data, following a breach of the Data Protection Act (DPA). The breach came when a system used by Pharmacyrepublic Limited to record the medication handed out to around 2000 patients was stolen from one of its premises, the Information Commissioner’s Office (ICO) said.

Pharmacyrepublic Limited contacted the ICO in September to report the theft of a Patient Medication Record (PMR) system. The system contained details of the medicine handed out to patients at one of its pharmacies, and was stolen while the pharmacy was being transferred to another provider. The system was supplied by another firm and Pharmacyrepublic failed to ensure that the system was securely returned to the company before leaving the premises.

The ICO’s investigation found that the system – which was password protected – contained a limited amount of sensitive information relating to the medicine being administered to the pharmacies’ patients. The system was used to identify any problems when multiple drugs were administered to the same patient. The data hasn’t been recovered.

Stephen Eckersley, the ICO’s Head of Enforcement said: “It is important that companies have measures in place to keep personal information secure at all times. If a company is vacating premises then they should ensure that any equipment used to store peoples’ data is handled correctly. In this case the system should have been returned to the wholesaler safely and securely. This incident should act as a warning to all healthcare providers – your data protection obligations do not end while the personal information of your patients remains on site and in your control.”

Pharmacyrepublic Limited has now agreed to take action to keep the personal data it handles secure. This includes updating its procedures to ensure that PMR data is securely handled prior to any future transfer of ownership. All staff will also be made aware of the company’s procedures for the safe storage and retrieval of personal data ,and appropriately trained on how to follow these.

Related News

  • Case Studies

    Scots hate law

    by msecadm4921

    The much-disputed Offensive Behaviour at Football and Threatening Communications (Scotland) Act 2012 came into force on March 1. The aim of the…

  • Case Studies

    Yukon charity race

    by Mark Rowe

    Interserve, the support services and construction group, is aiming to beat the target for its Yukon River Quest in aid of the…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing