Pharmacy Technician Warned for Breaching Patient Confidentiality by Accessing Colleagues’ Records

Date of Decision: August 26, 2025

Registrant's Role: Pharmacy technician

Allegations:

• Accessing patient medical records of two individuals who were also colleagues at the medical practice pharmacy
• Sharing this confidential information with two different colleagues
• Doing so without clinical justification or consent

Outcome: Warning issued by the GPhC Investigating Committee, to remain on the public register for 12 months

GPhC Standards Breached:

• Standard 5 – Pharmacy professionals must use their professional judgement
• Standard 6 – Pharmacy professionals must behave in a professional manner
• Standard 7 – Pharmacy professionals must maintain patient confidentiality and privacy
• Standard 9 – Pharmacy professionals must demonstrate leadership

Case Summary

Allegations:

This case revolves around serious concerns regarding patient confidentiality and professional conduct within a pharmacy practice setting. The registrant, a pharmacy technician serving in the capacity of an Accuracy Checking Technician at a medical practice pharmacy, was alleged to have committed a breach of trust and privacy. Specifically, the allegations centre on two separate incidents in August 2024 in which the registrant accessed the confidential medical records of two patients—who were also her colleagues—and subsequently disclosed this sensitive information to other staff members, without any clinical reason or consent.

This kind of conduct strikes at the heart of the professional responsibilities expected of pharmacy professionals. It is universally understood in pharmacy practice that patient records must only be accessed for legitimate, clinical purposes. In this case, the lack of justification and the interpersonal nature of the breach amplified its seriousness.

Findings:

The General Pharmaceutical Council’s Investigating Committee reviewed the case and noted that the registrant admitted to accessing the patient records and sharing the information. Importantly, the records accessed were those of her colleagues, suggesting a potential misuse of position or a breakdown in professional boundaries.

Despite the misconduct, the registrant expressed remorse and issued an apology for her actions. There was no indication of repeated misconduct beyond the two identified incidents, and no evidence was provided to suggest malicious intent. However, even isolated breaches of confidentiality can have wide-ranging implications for trust in pharmacy services.

The Committee concluded that the allegations were substantiated and that the actions taken by the registrant were in direct contravention of multiple professional standards.

GPhC Determination on Impairment:

While the case was not referred for a full Fitness to Practise hearing, the Investigating Committee determined that the registrant’s conduct merited a formal warning due to its potential to undermine public confidence in pharmacy professionals. Their assessment emphasized that pharmacy technicians are held to high standards concerning information governance, and even a single breach can be viewed as a serious lapse.

“Accessing patient medical records and passing this information on with no clinical need breaches patient confidentiality and privacy which should be maintained by pharmacy professionals. Doing so could undermine public trust and confidence in the profession.”

The Committee further reminded the registrant of the need to comply not only with GPhC standards but also with employer policies and information governance protocols.

Sanction:

The GPhC issued a formal warning, to be published on the register for a period of 12 months. This decision balances the gravity of the breach with mitigating factors such as the registrant’s admission and apology.

The warning serves a dual purpose: to caution the registrant against any recurrence and to send a clear message to the broader profession about the expectations surrounding confidentiality and professional behaviour.

Key Learning Points for Pharmacy Professionals:

1. Patient Confidentiality Is Paramount: Accessing and sharing patient records without clinical justification or consent, even if the patient is a colleague, is a clear breach of trust and professional standards.
2. Boundaries in the Workplace: Pharmacy professionals must maintain professional boundaries, particularly when patients are also coworkers. Personal familiarity does not justify breaching confidentiality protocols.
3. Adherence to Information Governance: Pharmacy professionals are expected to be well-versed in data protection laws, GPhC guidance, and internal policies regarding information access and privacy.
4. Consequences Even Without Malicious Intent: Even where there is no malicious intent or patient harm, regulatory bodies will act where professional standards are compromised.
5. Reflective Practice and Remediation: Acknowledging wrongdoing and demonstrating insight, such as through apology and proactive learning, may mitigate regulatory outcomes but do not erase the seriousness of the misconduct.

This case underscores the critical importance of maintaining patient trust through rigorous adherence to confidentiality and professional conduct. Pharmacy professionals must consistently reflect on their access to sensitive information and the potential consequences of misuse.

Original Case Document

The full determination transcript is available to logged in users.

Log in or Register for free to access.