Location: Ridley Suite, Holiday Inn, Great North Road, Seaton Burn, Newcastle upon Tyne, NE13 6BP
Registration: Registration is now closed
Refreshments: Light refreshments will be available
Gateshead & South Tyneside LPC, Co. Durham and Darlington LPC and North of Tyne LPC have jointly arranged for
the National Pharmacy Association (NPA) to provide an update on some major topics that are going to have an
impact on Pharmacy and Pharmacists.
The meetings will cover:
GDPR - General Data Protection Regulations. What is GDPR and when will it be implemented?
FMD - Falsified Medicines Directives. What is FMD, when will it be implemented and what are pharmacies required to do?
Revalidation - What is the new framework, who is affected and when will it be implemented?
We have arranged 2 venues on 2 different dates. One in the North and one in the South of the area.
You are welcome to attend whichever meeting is most convenient for you. Both meetings will be the same.
As an ACT, am I required to do the four CPDs for the GPhC in addition to the 12 CPDs ACTs are required to submit annually?
The GPhC has confirmed that as a registered technician, each year technicians will be required to submit four CPD records (along with one peer discussion record and one reflective account). In regards to the 12 CPDs, the GPhC has advised that the revalidation requirements only relate to registration as a pharmacist or pharmacy technician and they do not annotate or record ACT qualifications.
The requirements to become and remain an ACT differ depending on the awarding body. Therefore anyone wanting to maintain their ACT status will need to speak to the qualification provider to confirm on going requirements, such as submitting 12 CPDs annually, which are in addition to the GPhC revalidation requirements.
Can an aggregated code be created for one item only, in order to avoid the prescription bag being opened in order to scan the product?
As far as we know with the details available at this stage, this would be a possibility. Linking one item to an aggregate code should not pose any issues and would be a suitable process in order to prevent potential errors or breaches of patient data and confidentiality.
Would a GP surgery sending a patient’s prescription to the wrong pharmacy be classed as a data breach? If so, who is responsible for that data breach?
If a GP surgery sends a prescription to an incorrect pharmacy, personal information of the patient has been shared with an organisation to which the patient has not nominated, and therefore would be viewed as a data breach.
However, the pharmacy has a legal obligation to maintain patient confidentiality and uphold the GPhC premises and professional standards. Therefore, there will not be a risk to the rights and freedoms of the individual, therefore, it is not a data breach which needs to be reported to the ICO.
Additionally, the surgery would be the data controller in this situation and if there is a data breach, it will be their responsibility to take action. The incorrect pharmacy is not a data processor, therefore, they have no responsibility under the GDPR. As a data controller, the surgery would need to investigate and ensure their process of sending prescriptions is corrected. Furthermore, if the surgery gave a prescription to the incorrect patient, again, the surgery is the data controller, hence they would need to assess whether there is a risk to the actual patient’s rights and freedom, therefore, report to the ICO.
Can the pharmacy manager or Superintendent be the Data Protection Officer (DPO)? For example, if the pharmacy manager is involved/causes the data breach, how will they be able to investigate the data breach as the DPO?
The pharmacy organisation is a data controller – all those who work in the pharmacy are also working in-line with data controller obligations. The pharmacy team are not data processors. The DPO needs to work with no conflicts of interests and uphold their obligations under the GDPR, therefore, if they cover up or do not act independently, this is an issue.
However, if the DPO is a pharmacy professional on the GPhC register, they already have to act as a professional, ensuring they act openly, honestly and with integrity (therefore, with no conflict of interest). If the pharmacy manager is not a registrant, and have been assigned a role as DPO, they have to work independently. If they do not, then there could be a fine – a fine up to €10million or 2 per cent of the organisation’s global turnover (whichever is higher) for failure to follow data controller or processor obligations.
In essence, the DPO can be a current employee (such as pharmacy manager or SP), and must be able to define their two separate roles in the organisation and act independently when investigating and dealing with a data breach.