... To think this isn't a data protection issue?

[TenForward82]

First World problems, I'm aware. But just rang my GP to see if my DH's prescription is ready to collect, and was told by receptionist that they can't tell me that information due to data protection. FWIW prior to saying this she asked me for his name, his DOB, and the first line of his (our) address. Then said no as it's a data protection issue, "since always" apparently.

Is this accurate? And how is it any different from me going into the gp and asking for his script, and them giving it to me, which I've done before with no issue?

No I don't think it is either. They aren't giving out personal info

:) in this case "data protection" is short for i'm not altogether certain I can give out this information, there is no-one to quickly ask and I know whatever I find on google will be wrong

Its bloody annoying as you say you're not asking for personal information, your asking for a prescription date for x as his carer giver/spouse - but once the data protection shutter comes down its usually end of conversation!

Hmm

I’m not sure of the legality of data protection etc but I suppose by confirming if a prescription is ready they will be confirming that your DH is being prescribed a medication which I guess is personal information?

That's a bit of a stretch!

I didn't even say what medication it's for... I could maybe understand if I'd said "Is DH's prescription for methadone ready?"

(he's not on methadone, BTW)

Perhaps a person could work out someone's health issues by seeing what they are prescribed? That would be divulging personal health issues and would definitely be covered by data regulations.

But OP didn't ask to see it, just asked if it was ready to collect

I ve always collected dh prescription, although last few years they go straight the chemist, where i pick them up the drugs

I don’t think they can confirm someone is a patient unless you are the parent for example.

You could probably argue either way. But in practical terms, I could for example pick up DH's prescription from the pharmacist, with or without his consent, then open it up and find out what's inside. The only thing they're worried about is whether it gets paid for. So it seems a bit pedantic and pointless not to give you that information.

I phone to order dh's prescription and then go and pick it up too! No questions asked

The surgery would be disclosing personal information, ie that someone has an undisclosed health condition. So it is a breach of data protection.
While it's a nuisance for you, let's say a woman in an abusive relationship was secretly (from her partner) taking the pill. Would it be ok for the partner to be able to call the GP and ask if her prescription was ready, solely for the purpose of determining whether she was actually taking anything, and then possibly going collecting the prescriptionption himself?
I do share your frustration though OP there are similar inconsistencies at my GP's. Next time could you out on a deep voice and pretend to be DH. I once did that when I had a problem with a retailer to sort out, DH whose name was on the receipt was at work and happy for me to call on his behalf. It worked!

She was protecting herself. If your husband had made a complaint about her afterwards about releasing 'personal' information she could quite easily lose her job. It only takes a few tweets or bad feedback online to trash a reputation and people get sacked in the hope of stemming a backlash.

No of course not. She shouldn't have asked you his name, dob & address to look up his records when he wasn't on the phone

She's not disclosing personal information by confirming a prescription is ready for collection, so it's not a breach for DPA for her to provide the info.
I'll bet they've just had training or a breach, so they're being overly cautious.

It might be a breach of patient confidentiality, at a stretch, but it is NOTHING TO DO WITH GDPR! Speaking on the phone is not processing data. GDPR is about how an organisation that processes large amounts of digital data protects the individuals involved whilst processing their data. For example, the practice would not be able to sell all the patients' information in digital form to a drug company for research, without their permission.

Everyone's got their knickers in a such a twist about this, it drives me nuts!

She was confirming a fact about the DH's health - that he requires medication - that is his personal data. There are also confidentiality considerations even with out GDPR.
I

Divulging personal information, whilst it might not be desirable, is nothing to do with GDPR!

It’s a patient confidentiality issue, not a data protection one. Personal data is anything that can identify a unique individual. Asking whether your husband’s prescription is ready (with you having confirmed his personal data) doesn’t breach any personal data obligations but could be a breach of his patient confidentiality eg as per pp example whether he is on prescription medication.

She did ask if he was there to speak to, but because there's no password or anything set up on the system, I could have asked any random bloke to pretend to be him...

As PP have said it is a data protection issue as they would be confirming your DH was registered there, and was taking medication.

I call to see if dh's prescription is ready each month. One or the other of us goes in to collect it. Then I go to the pharmacy with it the next day. So I don't think she was right (unless it varies by area).

We weren't allowed a list of first names for Christmas cards from nursery this time due to data protection. As a consequence we only wrote (& received 4) because dc couldn't remember all the names. Not terrible in itself but with 3 older siblings who did send/receive lots it led to a few tantrums.

Yes it is about GDPR Biscuit - the GDPR and current DPA go beyond the remit of the first DPA in 1984 - the receptionist is disclosing data verbally and is therefore processing it. There may be a legitimate ground for processing in certain circumstances, but the default would be to not give out the info.
Following your logic Biscuit I could phone the GP of any friend, give them the basic details, and it would be ok to receive all their medical information.
This might be a trivial matter in the scheme of things, and the ICO is unlikely to be bothered, but it is a GDPR breach.

Biscuit in the nicest way, I really hope you don't have access to anyone's personal data if you think that divulging it over the phone is not processing data for GDPR purposes.