Source Informatics Ltd created a marketing research database comprising information on products prescribed by GPs. The information was passed on to the company by pharmacists, with the cooperation of GPs. Pharmacists were paid £150 a year; in the case of GPs £15 was donated to a charity of the GP’s choice.
Pharmacists routinely entered prescription details into their own databases, including the GP’s name, the patient’s name, the date of prescription, the product prescribed and the quantity prescribed. Source Informatics was not interested in the names of the patients, but the rest of the information was valuable, in particular the GPs’ names and the products they prescribed. When the pharmacists downloaded the information they therefore excluded information which would identify the patients.
The Department of Health issued a policy document stating that schemes such as this were a breach of confidence. Source Informatics last year applied unsuccessfully to the High Court for a declaration that this was wrong. Source Informatics appealed and the Court of Appeal last month agreed with them.
The DoH’s arguments were “not merely unconvincing but wholly unreal”. Although the information passed on by pharmacists was still not in the public domain, the law’s only concern in this situation was to protect personal privacy. It was a distortion of the law of confidence to apply it to anonymised data.
There was no discussion of data protection law in this case, presumably because the anonymised data passed on by pharmacists did not contain “personal data” on patients. Personal data, under both the Data Protection Act 1984 and the 1998 Act which applies from March 2000, means data relating to an identifiable living individual.