ICO penalty for Pharmacy2U: statement from EMIS Group

20 Oct 2015

Following a monetary penalty notice to Pharmacy2U from the Information Commissioner’s Office EMIS Group has issued the following statement from CEO Chris Spencer.

“EMIS Group takes today’s ICO decision very seriously indeed. The decision by Pharmacy2U to sell data was made without my personal knowledge or authority as a non-executive Pharmacy2U board member, or that of anyone at EMIS Group PLC.

"The decision to sell data was made by the executive day-to-day management team at Pharmacy2U. It was never discussed by the Pharmacy2U board, nor was that board consulted before the decision was made.

"As the ICO’s report makes clear:

  • Pharmacy2U did not deliberately contravene the Data Protection Act; and
  • when it made the decision to sell data, Pharmacy2U did not have access to the now available information that could lead it to believe that some of the companies receiving the data could be involved in fraudulent activity.

"As a minority shareholder in Pharmacy2U we were extremely concerned when this issue was originally reported.

"As a leading provider of clinical software systems, EMIS Group has always maintained the highest standards of patient confidentiality and data security. We note the ICO’s ruling and that Pharmacy2U is committed to taking comprehensive remedial action. This includes confirming that it will no longer sell customer data and moving to a proactive consent model for its own marketing.”