Pharmacy2U (P2U), the UK’s largest NHS-approved online pharmacy, has been fined £130,000 by the government’s Information Commissioner’s Office (ICO) for selling patients’ and customers’ personal data.

Executives at P2U have been found guilty of unlawfully selling the names and addresses of more than 21,000 patients without their consent through a direct marketing company called Alchemy Direct Media.

The information was sold to an Australian lottery company, a US-based healthcare supplement company previously cautioned for its misleading advertising and unauthorised health claims by the Advertising Standards Authority, and a UK charity that used details to ask donations for people with learning difficulties.

At the end of last year, the company advertised more than 100,000 customer details for sale through an online marketing website, with a database that included people suffering from conditions such as asthma, Parkinson’s disease (PD) and erectile dysfunction.

According to reports, the information was sold for as little as £130 per 1,000 records.

"Vulnerable people shouldn’t be exposed to this sort of harm and distress, but what’s doubly appalling is that this was done by the largest NHS-approved online pharmacy in the country."

medConfidential coordinator Phil Booth said: "When medConfidential made a complaint to the Information Commissioner on behalf of patients who were being marketed, we’d no idea the trade in their data was as murky as this.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

"Vulnerable people shouldn’t be exposed to this sort of harm and distress, but what’s doubly appalling is that this was done by the largest NHS-approved online pharmacy in the country, which is part-owned by the company that provides a majority of GPs with their medical records systems.

"The government has to act decisively. Six-figure fines alone won’t stamp out this poisonous trade; not when there’s so much profit to be made. There must now be a blanket, statutory ban on all marketing to patients.

"Those who profiteer from patients’ data are predators and should face prison when they are caught."

Since 2001, Pharmacy2U has been working closely with the NHS, developing an online system of repeat prescriptions, which allows medicine to be posted to patients.

The company is also 20% owned by EMIS, the single largest provider of GP computer systems in the UK.

In response to ICO’s investigation, Pharmacy2U has apologised for this regrettable incident.

Pharmacy2U managing director Daniel Lee said: "As a responsible company, we undertook due diligence to check that the organisations intending to use the data were reputable.

"There was no publicly available information at the time to suggest that the lottery company was suspected of any wrongdoing and we have confirmed with the relevant authorities that they were validly licensed.

"The ICO has recognised in its monetary penalty notice that Pharmacy2U would not have known that there were any questions over the lottery company’s reputation.

"There was no publicly available information at the time that there had been a complaint to the ASA about healthy marketing."

The company said that it stopped the trial selling of customer data and made sure that the information passed on was securely destroyed as soon as the issue was brought to their attention.