We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Electronic Prescription Service (EPS) in England: GDPR information
Summary
Why and how we process your data in the Electronic Prescription Service (EPS) in England, and your rights.
| Controller | NHS England |
| How we use the information (processing activities) | The Electronic Prescription Service (EPS) securely transmits prescription information between prescribing systems (for example GP systems) and dispensing systems (for example pharmacy systems) in England. When a prescription is issued, the prescribing system sends the following information to the NHS Spine:
The electronic prescription is then made available for the dispensing system to download from the NHS Spine. In order to connect to the NHS Spine users of prescribing and dispensing systems need the appropriate NHS Smartcard permissions. Authorised staff at prescribing and dispensing sites, can also check the status and location of a prescription using the EPS Prescription Tracker. The patient’s choice of nominated pharmacy is recorded in the Personal Demographic Service (PDS). At the request of a patient, prescribing and dispensing system users can add, update and remove their nominated pharmacy. The EPS is used across Primary care (for example GP practices and pharmacies) and urgent care settings (such as walk-in centres and minor injury units) in England. Electronic prescription data known as a ‘digital prescription’ will also be available to patients who have the NHS App and have high-level identity verification through NHS login. The digital prescription has a barcode, which can be presented to the dispenser on the patient’s smartphone so that their prescription can be processed. For more information on how we process personal data to provide the Electronic Prescription Service to NHS organisations and services in Wales, see the Electronic Prescriptions Service for Wales Transparency Notice. This data is held on the cloud to enable better integration with health and care organisations and their systems
|
| Does this contain sensitive (special category) data such as health information? | Yes |
| Who are recipients of this data? |
NHS England share EPS data (electronic claims messages) with the NHS Business Services Authority (BSA) so that NHSBSA can reimburse the dispenser and charge the prescriber for the items dispensed. |
| Is data transferred outside the UK? | No |
| How long the data is kept | 12 months maximum after prescriptions dispensed or after prescription prescribed but not dispensed in our live system, then archived for 6 years before secure deletion. |
| Our lawful basis for holding this data | Legal obligation |
| Your rights |
|
| How can you withdraw your consent? |
Consent is not the basis for processing. |
| Is the data subject to decisions made solely by computers? (automated decision making) | No |
| Where does this data come from? | Prescribing systems |
| The legal basis for collecting this data | GDPR:
|
