GP Pharmacist Suspended for Three Months After Repeated Unlawful Access of Patient Records

Date of Decision: January 23, 2020

Registrant's Role: Pharmacist

Allegations:

  • Repeatedly accessing the medical records of eight individuals without any clinical justification.
  • Accessing records of colleagues, friends, and their family members purely out of curiosity.
  • Continuing to do so over the course of a year, on seven separate occasions.
  • Abusing privileged access as a pharmacist working in GP settings.

Outcome: Suspension from the GPhC register for three months

GPhC Standards Breached:

  • Standard 6 – Behave in a professional manner
  • Standard 7 – Respect and maintain a person’s confidentiality and privacy
  • Standard 9 – Demonstrate leadership
  • (Also breached pre-2017 Standard 3 – Show respect for others)

Case Summary

The registrant was employed as a Pharmacist Prescribing Advisor, with access to patient medical records across several GP surgeries. Between 2018 and 2019, the registrant accessed the records of:

  • A colleague and three of her family members
  • A former colleague and three of her family members
  • Another staff member with whom the registrant had limited personal contact

The registrant admitted accessing these records without clinical justification, stating it was motivated by “curiosity” and “concern”, and that she never intended to misuse the data.

Findings

The GPhC panel found:

  • The misconduct was repeated, deliberate, and unjustified.
  • The registrant breached the trust patients place in pharmacy professionals by viewing personal information without clinical need.
  • She initially justified her behaviour as “concerned” but later admitted it was simply nosiness.
  • There was no evidence of the data being misused or shared, but the act of accessing the data was itself a serious breach of professional ethics.

A direct quote from the committee stated:

“This was premeditated conduct, which the Registrant always knew was unlawful and wrong. She abused her position of trust as a pharmacist.”

The panel accepted that the registrant had since shown significant remorse, stating:

“She was open about her wrongdoing, accepting that although initially this was due to her concern regarding Patient A’s welfare, the continued access to records was due to her ‘nosiness’.”

GPhC Determination on Impairment

The committee ruled that the registrant’s fitness to practise was impaired, citing:

  • The misconduct brought the profession into disrepute.
  • There had been a breach of confidentiality, a fundamental duty of the profession.
  • Despite her insight and the low risk of repetition, a finding of impairment was required in the public interest.

Sanction

The panel imposed a three-month suspension, explaining that:

  • A warning would not be sufficient given the pattern of behaviour and seriousness of the data breach.
  • Conditions were not suitable because no specific skills or deficiencies needed addressing.
  • A suspension would maintain public confidence and uphold the reputation of the profession.
  • There was no need for a review, as the registrant had demonstrated a high level of insight and remediation.

They chose not to erase the registrant from the register, noting that:

“This would be a disproportionate response where there is a very low risk of repetition, and the Registrant has good insight into her misconduct.”

An interim measure was not imposed, allowing the registrant to work for 28 days before the suspension took effect, considering the demand on pharmacies due to the Covid-19 pandemic.

Key Learning Points for Pharmacy Professionals

  1. Accessing patient records without a clinical reason is a serious breach – Even if well-intentioned, such conduct undermines public trust.
  2. Pharmacy professionals must respect patient privacy at all times – Confidentiality is a non-negotiable part of professional practice.
  3. Nosiness is not an excuse – Viewing data out of curiosity is regarded as misconduct, regardless of intent.
  4. Insight and reflection can support recovery from serious errors – The registrant’s deep reflection and counselling helped avoid erasure.
  5. Sanctions serve public interest, not punishment – Even when harm is not caused, sanctions may be necessary to uphold standards.

Conclusion

This case serves as a stark reminder that unauthorised access to patient information, even without malicious intent, constitutes serious professional misconduct. The registrant’s three-month suspension reflects the gravity of breaching confidentiality, while also recognising the remorse, insight, and remediation shown. It reinforces that pharmacy professionals must always uphold the trust placed in them by patients and the public.

Original Case Document

The full determination transcript is available to logged in users.

Log in or Register for free to access.

Leave a Reply