Bristol based Billing Pharmacy Limited has agreed to take action to comply with data security requirements and has signed an Undertaking to assure the Information Commissionerâ€™s Office (ICO) that personal data will be kept securely in future.
The ICO has found Billing Pharmacy Limited in breach of the Data Protection Act after the theft of a desktop computer from the companyâ€™s premises. The computer was used to record prescriptions and produce medicine labels and included approximately 1000 peopleâ€™s personal details, including their past and present medications and allergies. Although each member of staff had an individual password to access the database, the computer was not encrypted.
Sally-anne Poole, Head of Enforcement at the ICO, said: â€œIt is vital that sensitive personal information, such as patient information, is handled securely. This is an important principle of the Data Protection Act. Organisations must implement appropriate safeguards to ensure personal details about patients are stored securely. I am pleased that Billing Pharmacy Limited is taking remedial action to improve data security. â€
Billing Pharmacy Limited will ensure that portable and mobile devices, including any laptops and other portable media used to store and transmit personal data are encrypted. Furthermore, Billing Pharmacy Limited has agreed to draft a formal data protection policy, providing guidance for staff on the collection, storage, use and disposal of personal information.
A copy of the Undertaking can be downloaded from http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx.