PSNC, the National Pharmacy Association, the British Dental Association and the Optical Confederation are calling on the Government to exempt NHS primary care providers, including community pharmacies, from a specific section of the Data Protection Bill, due to come into force on 25 May 2018.
The four representative bodies say that the requirements in the Bill go beyond the terms of the General Data Protection Regulation (GDPR) and have written an open letter to the Government outlining their concerns.
The draft Bill currently deems all primary care providers to be “public authorities”, which means they must appoint a Data Protection Officer (DPO). This is despite the GDPR only requiring a DPO if an organisation processes healthcare data “on a large scale”. PSNC says it considers the requirement for a DPO to be inappropriate for smaller pharmacy businesses, where the costs of engaging a DPO are likely to be disproportionate to the benefits.
The letter requests that urgent amendments are made prior to the Bill becoming law to help protect smaller NHS primary care providers from this unreasonable and unnecessary burden.
PSNC director of operations and support, Gordon Hockey, said: “GDPR and the accompanying Data Protection Bill bring a fresh approach to data protection; but we must avoid a quirk of legislation leading to unnecessary expense for community pharmacy.
"It is reasonable to ask those processing health data on a large-scale to have a DPO, but not smaller community pharmacies. This burden would also come at a time when many pharmacy owners are experiencing cost pressures following funding cuts and increases in medicine prices. We will therefore continue to lobby for smaller pharmacies to be able to avoid this requirement, with the support of representatives of other primary care contractors.”
Read the joint letter here.