Our work
Banking & FinanceLegal Issues for Pharmacy Websites
by Nick Austen and Pete KenyonThis article is the first of two features on the legal framework governing pharmacies trading online. This article deals with "brochure sites", ie. the more simple websites advertising the pharmacy's services. The second article in the series will examine some of the key issues facing the more fully integrated e-commerce sites where pharmacies use the internet to sell medicines.
This article is the first of two features on the legal framework governing pharmacies trading online. This article deals with "brochure sites", ie. the more simple websites advertising the pharmacy's services. The second article in the series will examine some of the key issues facing the more fully integrated e-commerce sites where pharmacies use the internet to sell medicines.
Even the most basic pharmacy websites are affected by basic legal issues such as:
• Web accessibility;
• Data protection; and
• Regulatory/compliance legislation.
Web Accessibility: does your pharmacy website assist the disabled?
In addition to sound commercial and ethical reasons to do so, the Disability Discrimination Act 1995 (“DDA”) created a legal requirement on website providers (including pharmacy websites) to provide a more accessible medium to customers. The DDA also set the way for sanctions for non-compliance.
Under the DDA, website operators have a duty to take reasonable steps to ensure that it is not “unreasonably difficult” for disabled persons to use a service which they provide. The Equality and Human Rights Commission published a Code of Practice in 2006 which gives guidance on the DDA and which can be viewed and downloaded on its website:http://www.equalityhumanrights.com/Documents/Disability/Services/Access_code.pdf
What is “reasonable” will depend on the circumstances in each case. A medium or large operator, for instance, is likely to be under a greater duty than a small business.
There are simple things that all website providers can do to create a more accessible site.
For example, ensuring that:
• text and image size can be increased, background colours can be changed and that contrast levels are high enough to assist visually impaired customers
• a website can be fully utilised through a keyboard as well as a mouse for customers with motor or visual impairments or others who may not have good hand-eye co-ordination
• any video/podcasts have captions/sign language versions to assist customers with hearing difficulties
The W3C Web Accessibility Initiative provides some useful further details on web accessibility: http://www.w3.org/WAI/eval/Overview.html
These points should be borne in mind prior to incurring the expense of website development to ensure that they can be dealt with appropriately and efficiently and to minimise the need for further development expense at a later date. Website developers should be familiar with the Web Accessibility Initiative and the DDA and be able to recommend standard compliance features for the website.
Lawyer’s tip: It is important to have a written contract in place when dealing with website developers. Many pharmacists wrongly assume that all intellectual property e.g. copyright and design rights created for them by a developer will be owned by them or their business because they commissioned the work and have paid for it. Unfortunately, unless the developer has signed a written contract transferring all intellectual property rights to you, the developer will own the rights in the pharmacy website and you will only have the right to use the intellectual property.
Data Protection: what is your pharmacy website’s privacy policy?
It is increasingly common for pharmacy “brochure” websites to provide a basic element of customer interaction, e.g. to provide an email address for a customer to request service detail or to use “cookies” to track visitors or to otherwise enhance the use of the website (see below). Pharmacy website providers who collect, store and or use personal information in relation to their website (such as an individual’s name, postal address, e-mail address or even a static IP address) will need to be aware of the obligations imposed on them by the Data Protection Act 1998 (the “DPA”) and associated regulations.
This is a complex area of law and the obligations imposed by it are numerous. Some of the key obligations are as follows:
Fair and lawful processing
All personal information must be processed “fairly and lawfully”. Website providers who collect personal information directly from individuals and who determine its use (“Data Controllers”) must always make sure that individuals visiting the website who provide personal data (“Data Subjects”) are aware of the following in order to assist in making the processing “fair”:
• the identity of the person or organisation that is responsible for maintaining the website; and
• any other relevant information which will ensure that the information is processed fairly (for example, whether the Data Controller intends to disclose the information to any third party).
Specified purposes
All personal information collected must only be processed for specified purposes. As with the ‘fair and lawful’ obligation discussed above, the Data Controller must inform visitors to the website of how their personal information is to be used. For example, is it going to be used for advertising products and services, disclosed to third parties or used in the distribution of newsletters? Some personal information may also constitute “sensitive personal information” – the rules governing the use of which are much more strict.
If information is to be used other than strictly in relation to the purpose for which it was collected, Data Controllers may have to go one stage further and receive express consent to use the data in such a way – often by way of an opt-in consent from the relevant Data Subjects.
Under the data protection legal framework, the use of “cookies” is also specifically dealt with. Cookies are small pieces of code which are distributed by websites and stored on a visitor’s computer when they access the website. Cookies provide some benefits for internet users, for example, not having to re-enter registration details after the first visit to a website. However, cookies can be used by website providers to build up user-profiles by creating a history of what the individual has viewed. Cookies can often provide website owners with very valuable information.
Whilst cookies are undoubtedly useful, the use of them is regulated and such regulation should not be ignored. One requirement is that website providers must make visitors aware of the use of cookies or other tracking systems which collect information and website providers must give visitors to the site information on, and the ability to, disable such cookies when using their website.
Privacy Policy
One of the most effective ways for a pharmacy to deal with the obligations in relation to data protection is by drafting and incorporating an appropriate privacy policy into the pharmacy website ensuring that all of these matters are addressed adequately.
The Information Commissioner, who is responsible for enforcing and overseeing the DPA, has issued useful guidance on notification and the other obligations under the DPA as they relate to the collection and use of personal data on the web and the use of privacy policies:
http://www.ico.gov.uk/upload/documents/library/data_protection/
practical_application/collecting_personal_information_from_websites_v1.0.pdf
Other Legal Regulations
E-Commerce Regulations: even brochure pharmacy websites must comply
Further regulatory requirements are placed on website providers by the Electronic Commerce (EC Directive) Regulations 2002. The regulations provide that the following information should be made available on all websites, including pharmacy ones:
1 the name of the website provider;
2 the postal address at which the website provider is established;
3 the details of the service provider such as his e-mail address; and
4 if the website provider is a company, its company number.
The Companies (Trading Disclosures) Regulations 2008
In addition to this information, these 2008 Regulations as from 1st October 2008 will require companies (including those carrying on pharmacies) to include the following on their website:
1 the name of the company;
2 the company’s place of registration and its registered number;
3 the address of its registered office; and
There are a considerable number of more complex obligations imposed by these and other regulations which we will deal with in more detail in the next article.
Conclusion
In the context of this article it is not possible to cover all of the issues facing pharmacists using websites to promote their pharmacy services, but we hope that this gives you some insight and at least makes clear the fact that there are important legal issues that you need to be aware of when considering commissioning developers to produce or update your pharmacy website.
In the next article we will deal with some of the additional legal issues faced by pharmacies selling products on line.
download article (108.7KB)